From 1bae9725aec1df69adb5a6f3236aba4960de89c3 Mon Sep 17 00:00:00 2001
From: Eric Kidd <git@randomhacks.net>
Date: Sun, 17 Apr 2016 07:41:55 -0400
Subject: [PATCH] Overhaul extensively and add test script

---
 Dockerfile         | 95 +++++++++++++++++++++++++++-------------------
 Dockerfile.example |  6 +--
 README.md          | 13 +++++--
 cargo-config.toml  |  3 ++
 sudoers            |  2 +
 test-image         | 28 ++++++++++++++
 6 files changed, 101 insertions(+), 46 deletions(-)
 create mode 100644 cargo-config.toml
 create mode 100644 sudoers
 create mode 100755 test-image

diff --git a/Dockerfile b/Dockerfile
index 61f045a..0474758 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,53 +1,37 @@
 # Use Debian 8.0 "Jessie" as the base for our Rust musl toolchain.
 FROM debian:jessie
 
-# Make sure we have basic dev tools for building C libraries, and any
-# shared library dev packages we'll need, and create a `rust` user in
-# whose home directory we'll install the Rust compilers.
-#
-# Our goal here is to support the musl-libc builds and Cargo builds needed
-# for a large selection of the most popular crates.
+# Make sure we have basic dev tools for building C libraries.  Our goal
+# here is to support the musl-libc builds and Cargo builds needed for a
+# large selection of the most popular crates.
 #
 # We also set up a `rust` user by default, in whose account we'll install
 # the Rust toolchain.  This user has sudo privileges if you need to install
 # any more software.
 RUN apt-get update && \
-    apt-get install -y build-essential sudo git curl file xutils-dev cmake && \
+    apt-get install -y \
+        build-essential \
+        cmake \
+        curl \
+        file \
+        git \
+        sudo \
+        xutils-dev \
+        && \
     apt-get clean && rm -rf /var/lib/apt/lists/* && \
-    useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
-    echo "%sudo   ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers
+    useradd rust --user-group --create-home --shell /bin/bash --groups sudo
 
-# Set up our path with all the binary directories we're going to create,
-# including those for the musl-gcc toolchain and for our Rust toolchain.
-ENV PATH=/home/rust/.cargo/bin:/usr/local/musl/bin:/usr/local/bin:/usr/bin:/bin
+# Allow sudo without a password.
+ADD sudoers /etc/sudoers.d/nopasswd
 
-# Build the musl-libc toolchain, which installs itself in /usr/local/musl.
-WORKDIR /musl
-RUN git clone git://git.musl-libc.org/musl && cd musl && \
-    ./configure && make install
-
-# Build a static library version of OpenSSL using musl-libc.  This is
-# needed by the popular Rust `hyper` crate.
-RUN VERS=1.0.2g && \
-    curl -O https://www.openssl.org/source/openssl-$VERS.tar.gz && \
-    tar xvzf openssl-$VERS.tar.gz && cd openssl-$VERS && \
-    env CC=musl-gcc ./config --prefix=/usr/local/musl && \
-    make depend && make && make install
-ENV OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
-    OPENSSL_LIB_DIR=/usr/local/musl/lib/ \
-    OPENSSL_STATIC=1
-
-# (Please feel free to submit pull requests for musl-libc builds of other C
-# libraries needed by the most popular and common Rust crates, to avoid
-# everybody needing to build them manually.)
-
-# Delete our musl-libc build directory.
-RUN rm -rf /musl
-
-# Mount the source code we want to build on /home/rust/src.  We do this as
-# user `rust`, which will be uid 1000, gid 1000 outside the container.
+# Run all further code as user `rust`, and create our working directories
+# as the appropriate user.
 USER rust
-WORKDIR /home/rust/src
+RUN mkdir -p /home/rust/libs /home/rust/src
+
+# Set up our path with all our binary directories, including those for the
+# musl-gcc toolchain and for our Rust toolchain.
+ENV PATH=/home/rust/.cargo/bin:/usr/local/musl/bin:/usr/local/bin:/usr/bin:/bin
 
 # Install our Rust toolchain and the `musl` target.  We patch the
 # command-line we pass to the installer so that it won't attempt to
@@ -56,5 +40,36 @@ WORKDIR /home/rust/src
 # manually.
 RUN curl https://sh.rustup.rs -sSf | sed 's,run "$_file" < /dev/tty,run "$_file" -y,' | sh && \
     rustup default stable && \
-    rustup target add x86_64-unknown-linux-musl && \
-    echo "[build]\ntarget = \"x86_64-unknown-linux-musl\"\n" >> /home/rust/.cargo/config
+    rustup target add x86_64-unknown-linux-musl
+ADD cargo-config.toml /home/rust/.cargo/config
+
+# We'll build our libraries in subdirectories of /home/rust/libs.  Please
+# clean up when you're done.
+WORKDIR /home/rust/libs
+
+# Build the musl-libc toolchain, which installs itself in /usr/local/musl.
+RUN sudo chown rust:rust /home/rust/libs && \
+    git clone git://git.musl-libc.org/musl && cd musl && \
+    ./configure && make && sudo make install && \
+    cd .. && rm -rf musl
+
+# Build a static library version of OpenSSL using musl-libc.  This is
+# needed by the popular Rust `hyper` crate.
+RUN VERS=1.0.2g && \
+    curl -O https://www.openssl.org/source/openssl-$VERS.tar.gz && \
+    tar xvzf openssl-$VERS.tar.gz && cd openssl-$VERS && \
+    env CC=musl-gcc ./config --prefix=/usr/local/musl && \
+    env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
+    make && sudo make install && \
+    cd .. && rm -rf openssl-$VERS.tar.gz openssl-$VERS
+ENV OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
+    OPENSSL_LIB_DIR=/usr/local/musl/lib/ \
+    OPENSSL_STATIC=1
+
+# (Please feel free to submit pull requests for musl-libc builds of other C
+# libraries needed by the most popular and common Rust crates, to avoid
+# everybody needing to build them manually.)
+
+# Expect our source code to live in /home/rust/src.  We'll run the build as
+# user `rust`, which will be uid 1000, gid 1000 outside the container.
+WORKDIR /home/rust/src
diff --git a/Dockerfile.example b/Dockerfile.example
index eb3918a..03dd106 100644
--- a/Dockerfile.example
+++ b/Dockerfile.example
@@ -3,13 +3,13 @@
 # An example Dockerfile showing how to add new static C libraries using
 # musl-gcc.
 
-FROM ekidd/rust-musl-builder:stable
+FROM ekidd/rust-musl-builder
 
 # Build a static copy of zlib.
 RUN VERS=1.2.8 && \
-    mkdir -p /home/rust/libs && cd /home/rust/libs && \
+    cd /home/rust/libs && \
     curl -LO http://zlib.net/zlib-$VERS.tar.gz && \
     tar xzf zlib-$VERS.tar.gz && cd zlib-$VERS && \
     CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
     make && sudo make install && \
-    rm -rf /home/rust/libs/zlib-$VERS.tar.gz /home/rust/libs/zlib-$VERS
+    cd .. && rm -rf zlib-$VERS.tar.gz zlib-$VERS
diff --git a/README.md b/README.md
index f1b30a0..f2a00f7 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # `rust-musl-builder`: Docker container for easily building static Rust binaries
 
+[![Docker Image](https://img.shields.io/docker/pulls/ekidd/rust-musl-builder.svg?maxAge=2592000)](https://hub.docker.com/r/ekidd/rust-musl-builder/)
+
 Do you want to compile a completely static Rust binary with no external
 dependencies?  If so, try:
 
@@ -38,15 +40,15 @@ installed, you can create a Dockerfile based on this one, and use
 `musl-gcc` to compile the libraries you need.  For example:
 
 ```Dockerfile
-FROM ekidd/rust-musl-builder:stable
+FROM ekidd/rust-musl-builder
 
 RUN VERS=1.2.8 && \
-    mkdir -p /home/rust/libs && cd /home/rust/libs && \
+    cd /home/rust/libs && \
     curl -LO http://zlib.net/zlib-$VERS.tar.gz && \
     tar xzf zlib-$VERS.tar.gz && cd zlib-$VERS && \
     CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
     make && sudo make install && \
-    rm -rf /home/rust/libs/zlib-$VERS.tar.gz /home/rust/libs/zlib-$VERS
+    cd .. && rm -rf zlib-$VERS.tar.gz zlib-$VERS
 ```
 
 This usually involves a bit of experimentation for each new library, but it
@@ -56,6 +58,11 @@ If you need an especially common library, please feel free to submit a pull
 request adding it to the main `Dockerfile`!  We'd like to support popular
 Rust crates out of the box.
 
+## Development notes
+
+After modifying the image, run `./test-image` to make sure that everything
+works.
+
 [Alpine Linux container]: https://hub.docker.com/_/alpine/
 [musl-libc]: http://www.musl-libc.org/
 [musl-gcc]: http://www.musl-libc.org/how.html
diff --git a/cargo-config.toml b/cargo-config.toml
new file mode 100644
index 0000000..57fe63a
--- /dev/null
+++ b/cargo-config.toml
@@ -0,0 +1,3 @@
+[build]
+# Target musl-libc by default when running Cargo.
+target = "x86_64-unknown-linux-musl"
diff --git a/sudoers b/sudoers
new file mode 100644
index 0000000..04651d5
--- /dev/null
+++ b/sudoers
@@ -0,0 +1,2 @@
+# Allow group sudo to use `sudo` without a password.
+%sudo   ALL=(ALL:ALL) NOPASSWD:ALL
diff --git a/test-image b/test-image
new file mode 100755
index 0000000..16f079d
--- /dev/null
+++ b/test-image
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Make bash fail much more aggressively on errors.
+set -euo pipefail
+
+# Make sure we can build our main container.
+docker build -t ekidd/rust-musl-builder .
+
+# Make sure we can build our example derived container.
+docker build -t rust-musl-zlib -f Dockerfile.example .
+
+# Make sure we can build a static executable.
+docker run --rm ekidd/rust-musl-builder bash -c "
+set -euo pipefail
+export USER=rust
+cargo new --vcs none --bin test
+cd test
+cargo build
+echo 'Checking to make sure it is not a dynamic executable'
+if ldd target/x86_64-unknown-linux-musl/debug/test; then
+  echo 'Executable is not static!' 1>&2
+  echo 'FAIL.' 1>&2
+  exit 1
+fi
+"
+
+# We're good.
+echo 'OK. Tests passed.' 1>&2