From 75e49d2f8bf6ef9ba46cc54d1ad4dfeb68acc538 Mon Sep 17 00:00:00 2001 From: Eric Kidd Date: Thu, 23 Apr 2020 12:43:04 -0400 Subject: [PATCH] Update all dependencies I've tweaked this so that we can easily update our dependencies in the future. Note that we're still using PostgreSQL 11 and we should probably start testing everything with 12. --- Dockerfile | 28 +++++++++++++++++++--------- hooks/build | 9 ++++++--- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index b80eb78..3024b4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,21 @@ ARG TOOLCHAIN=stable # The OpenSSL version to use. We parameterize this because many Rust # projects will fail to build with 1.1. -ARG OPENSSL_VERSION=1.1.1f +# +# ALSO UPDATE hooks/build! +ARG OPENSSL_VERSION=1.1.1g + +# Versions for other dependencies. Here are the places to check for new +# releases: +# +# - https://github.com/rust-lang/mdBook/releases +# - https://github.com/EmbarkStudios/cargo-deny/releases +# - http://zlib.net/ +# - https://ftp.postgresql.org/pub/source/ +ARG MDBOOK_VERSION=0.3.7 +ARG CARGO_DENY_VERSION=0.6.6 +ARG ZLIB_VERSION=1.2.11 +ARG POSTGRESQL_VERSION=11.7 # Make sure we have basic dev tools for building C libraries. Our goal # here is to support the musl-libc builds and Cargo builds needed for a @@ -38,16 +52,14 @@ RUN apt-get update && \ && \ apt-get clean && rm -rf /var/lib/apt/lists/* && \ useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \ - MDBOOK_VERSION=0.3.6 && \ curl -fLO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \ tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \ mv mdbook /usr/local/bin/ && \ rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \ - DENY_VERSION=0.6.6 && \ - curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$DENY_VERSION/cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ - tar xf cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ - mv cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \ - rm -rf cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz + curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$CARGO_DENY_VERSION/cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ + tar xf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ + mv cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \ + rm -rf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz # Static linking for C++ code RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++" @@ -107,7 +119,6 @@ RUN echo "Building OpenSSL" && \ RUN echo "Building zlib" && \ cd /tmp && \ - ZLIB_VERSION=1.2.11 && \ curl -fLO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \ tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \ CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \ @@ -116,7 +127,6 @@ RUN echo "Building zlib" && \ RUN echo "Building libpq" && \ cd /tmp && \ - POSTGRESQL_VERSION=11.2 && \ curl -fLO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \ tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \ CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \ diff --git a/hooks/build b/hooks/build index 5366af5..c066546 100755 --- a/hooks/build +++ b/hooks/build @@ -8,9 +8,11 @@ set -euo pipefail # Default to using OpenSSL 1.1 now, because 1.0 has stopped receiving security -# updates. 1.1 is incompatible with the crates postgres 0.15 and openssl 0.9, -# so we do offer the option of falling back to 1.0. -OPENSSL_VERSION=1.1.1f +# updates. 1.1 is incompatible with the crates postgres 0.15 and openssl 0.9, so +# we do offer the option of falling back to 1.0. +# +# Find the latest version at https://www.openssl.org/source/ +OPENSSL_VERSION=1.1.1g # Pick an appropriate Docker tag case "$DOCKER_TAG" in @@ -19,6 +21,7 @@ case "$DOCKER_TAG" in ;; *-openssl10) DOCKER_TAG_WITHOUT_OPENSSL="${DOCKER_TAG/-openssl10/}" + # Find the latest version at https://www.openssl.org/source/old/1.0.2/ OPENSSL_VERSION=1.0.2u ;; *)