Merge pull request #73 from emk/experimental
Port to Ubuntu 18.04, add optional OpenSSL 1.1 support
This commit is contained in:
commit
d4fba1d396
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
2
.github/ISSUE_TEMPLATE/bug_report.md
vendored
|
@ -19,8 +19,6 @@ Please include the steps you took, including the commands you ran in your termin
|
||||||
|
|
||||||
**What did you hope to happen?**
|
**What did you hope to happen?**
|
||||||
|
|
||||||
(A clear and concise description of what you expected to happen.)
|
|
||||||
|
|
||||||
**Does `./test-image` work?**
|
**Does `./test-image` work?**
|
||||||
|
|
||||||
If you check out the repository on a Mac or Linux system and run `./build-image`, does it succeed or fail? This will build several known-good examples from the `rust-musl-builder/examples` directory.
|
If you check out the repository on a Mac or Linux system and run `./build-image`, does it succeed or fail? This will build several known-good examples from the `rust-musl-builder/examples` directory.
|
||||||
|
|
12
.github/ISSUE_TEMPLATE/build_request.md
vendored
Normal file
12
.github/ISSUE_TEMPLATE/build_request.md
vendored
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
name: Build request
|
||||||
|
about: Does the image need to be rebuilt?
|
||||||
|
title: ''
|
||||||
|
labels: bug
|
||||||
|
assignees: emk
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
**Rust release:** (stable, X.Y.Z, beta, nightly-YYYY-MM-DD)
|
||||||
|
|
||||||
|
**OpenSSL:** 1.0/1.1 (pick one)
|
4
.github/ISSUE_TEMPLATE/feature_request.md
vendored
4
.github/ISSUE_TEMPLATE/feature_request.md
vendored
|
@ -4,10 +4,10 @@ about: I like hearing suggestions (but I don't always have time to implement the
|
||||||
unfortunatey).
|
unfortunatey).
|
||||||
title: ''
|
title: ''
|
||||||
labels: enhancement
|
labels: enhancement
|
||||||
assignees: ''
|
assignees: emk
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
**How could this project be improved?**
|
**How could this project be improved?**
|
||||||
|
|
||||||
**If you're interested in implementing this feature yourself, would you like input or mentoring?**
|
**If you're interested in implementing this feature yourself, how could I help you?**
|
||||||
|
|
48
Dockerfile
48
Dockerfile
|
@ -1,10 +1,13 @@
|
||||||
# Use Debian 16.04 as the base for our Rust musl toolchain, because of
|
# Use Ubuntu 18.04 LTS as our base image.
|
||||||
# https://github.com/rust-lang/rust/issues/34978 (as of Rust 1.11).
|
FROM ubuntu:18.04
|
||||||
FROM ubuntu:16.04
|
|
||||||
|
|
||||||
# The Rust toolchain to use when building our image. Set by `hooks/build`.
|
# The Rust toolchain to use when building our image. Set by `hooks/build`.
|
||||||
ARG TOOLCHAIN=stable
|
ARG TOOLCHAIN=stable
|
||||||
|
|
||||||
|
# The OpenSSL version to use. We parameterize this because many Rust
|
||||||
|
# projects will fail to build with 1.1.
|
||||||
|
ARG OPENSSL_VERSION=1.0.2r
|
||||||
|
|
||||||
# Make sure we have basic dev tools for building C libraries. Our goal
|
# Make sure we have basic dev tools for building C libraries. Our goal
|
||||||
# here is to support the musl-libc builds and Cargo builds needed for a
|
# here is to support the musl-libc builds and Cargo builds needed for a
|
||||||
# large selection of the most popular crates.
|
# large selection of the most popular crates.
|
||||||
|
@ -26,14 +29,15 @@ RUN apt-get update && \
|
||||||
libpq-dev \
|
libpq-dev \
|
||||||
libsqlite-dev \
|
libsqlite-dev \
|
||||||
libssl-dev \
|
libssl-dev \
|
||||||
|
linux-libc-dev \
|
||||||
pkgconf \
|
pkgconf \
|
||||||
sudo \
|
sudo \
|
||||||
xutils-dev \
|
xutils-dev \
|
||||||
gcc-4.7-multilib-arm-linux-gnueabihf \
|
gcc-multilib-arm-linux-gnueabihf \
|
||||||
&& \
|
&& \
|
||||||
apt-get clean && rm -rf /var/lib/apt/lists/* && \
|
apt-get clean && rm -rf /var/lib/apt/lists/* && \
|
||||||
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
|
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
|
||||||
MDBOOK_VERSION=0.1.5 && \
|
MDBOOK_VERSION=0.2.1 && \
|
||||||
curl -LO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
curl -LO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
||||||
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
||||||
mv mdbook /usr/local/bin/ && \
|
mv mdbook /usr/local/bin/ && \
|
||||||
|
@ -70,34 +74,46 @@ ADD cargo-config.toml /home/rust/.cargo/config
|
||||||
ADD git-credential-ghtoken /usr/local/bin
|
ADD git-credential-ghtoken /usr/local/bin
|
||||||
RUN git config --global credential.https://github.com.helper ghtoken
|
RUN git config --global credential.https://github.com.helper ghtoken
|
||||||
|
|
||||||
# Build a static library version of OpenSSL using musl-libc. This is
|
# Build a static library version of OpenSSL using musl-libc. This is needed by
|
||||||
# needed by the popular Rust `hyper` crate.
|
# the popular Rust `hyper` crate.
|
||||||
|
#
|
||||||
|
# We point /usr/local/musl/include/linux at some Linux kernel headers (not
|
||||||
|
# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine"
|
||||||
|
# component. It's possible that this will cause bizarre and terrible things to
|
||||||
|
# happen. There may be "sanitized" header
|
||||||
RUN echo "Building OpenSSL" && \
|
RUN echo "Building OpenSSL" && \
|
||||||
|
ls /usr/include/linux && \
|
||||||
|
sudo mkdir -p /usr/local/musl/include && \
|
||||||
|
sudo ln -s /usr/include/linux /usr/local/musl/include/linux && \
|
||||||
|
sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm && \
|
||||||
|
sudo ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic && \
|
||||||
cd /tmp && \
|
cd /tmp && \
|
||||||
OPENSSL_VERSION=1.0.2o && \
|
|
||||||
curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
|
curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
|
||||||
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
|
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
|
||||||
env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl linux-x86_64 && \
|
env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
|
||||||
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
|
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
|
||||||
make && sudo make install && \
|
env C_INCLUDE_PATH=/usr/local/musl/include/ make && \
|
||||||
\
|
sudo make install && \
|
||||||
echo "Building zlib" && \
|
sudo rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic && \
|
||||||
|
rm -r /tmp/*
|
||||||
|
|
||||||
|
RUN echo "Building zlib" && \
|
||||||
cd /tmp && \
|
cd /tmp && \
|
||||||
ZLIB_VERSION=1.2.11 && \
|
ZLIB_VERSION=1.2.11 && \
|
||||||
curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
|
curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
|
||||||
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
|
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
|
||||||
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
|
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
|
||||||
make && sudo make install && \
|
make && sudo make install && \
|
||||||
\
|
rm -r /tmp/*
|
||||||
echo "Building libpq" && \
|
|
||||||
|
RUN echo "Building libpq" && \
|
||||||
cd /tmp && \
|
cd /tmp && \
|
||||||
POSTGRESQL_VERSION=9.6.8 && \
|
POSTGRESQL_VERSION=11.2 && \
|
||||||
curl -LO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
|
curl -LO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
|
||||||
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
|
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
|
||||||
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
|
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
|
||||||
cd src/interfaces/libpq && make all-static-lib && sudo make install-lib-static && \
|
cd src/interfaces/libpq && make all-static-lib && sudo make install-lib-static && \
|
||||||
cd ../../bin/pg_config && make && sudo make install && \
|
cd ../../bin/pg_config && make && sudo make install && \
|
||||||
\
|
|
||||||
rm -r /tmp/*
|
rm -r /tmp/*
|
||||||
|
|
||||||
ENV OPENSSL_DIR=/usr/local/musl/ \
|
ENV OPENSSL_DIR=/usr/local/musl/ \
|
||||||
|
|
50
README.md
50
README.md
|
@ -2,6 +2,9 @@
|
||||||
|
|
||||||
[![Docker Image](https://img.shields.io/docker/pulls/ekidd/rust-musl-builder.svg?maxAge=2592000)](https://hub.docker.com/r/ekidd/rust-musl-builder/)
|
[![Docker Image](https://img.shields.io/docker/pulls/ekidd/rust-musl-builder.svg?maxAge=2592000)](https://hub.docker.com/r/ekidd/rust-musl-builder/)
|
||||||
|
|
||||||
|
**NOTE:** The underlying build image is now running Ubuntu 18.04 and newer
|
||||||
|
versions of several libraries. Please report any problems!
|
||||||
|
|
||||||
Do you want to compile a completely static Rust binary with no external dependencies? If so, try:
|
Do you want to compile a completely static Rust binary with no external dependencies? If so, try:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
@ -11,18 +14,37 @@ rust-musl-builder cargo build --release
|
||||||
|
|
||||||
This command assumes that `$(pwd)` is readable and writable by uid 1000, gid 1000. At the moment, it doesn't attempt to cache libraries between builds, so this is best reserved for making final release builds.
|
This command assumes that `$(pwd)` is readable and writable by uid 1000, gid 1000. At the moment, it doesn't attempt to cache libraries between builds, so this is best reserved for making final release builds.
|
||||||
|
|
||||||
To target ARM hard float (Raspberry Pi):
|
For a more realistic example, see the `Dockerfile` for [examples/using-diesel](./examples/using-diesel).
|
||||||
|
|
||||||
```sh
|
|
||||||
rust-musl-builder cargo build --target=armv7-unknown-linux-musleabihf --release
|
|
||||||
```
|
|
||||||
|
|
||||||
Binaries will be written to `target/$TARGET_ARCHITECTURE/release`. By default it targets `x86_64-unknown-linux-musl` unless specified with `--target`.
|
|
||||||
|
|
||||||
## Deploying your Rust application
|
## Deploying your Rust application
|
||||||
|
|
||||||
With a bit of luck, you should be able to just copy your application binary from `target/x86_64-unknown-linux-musl/release`, and install it directly on any reasonably modern x86_64 Linux machine. In particular, you should be able make static release binaries using TravisCI and GitHub, or you can copy your Rust application into an [Alpine Linux container][]. See below for details!
|
With a bit of luck, you should be able to just copy your application binary from `target/x86_64-unknown-linux-musl/release`, and install it directly on any reasonably modern x86_64 Linux machine. In particular, you should be able make static release binaries using TravisCI and GitHub, or you can copy your Rust application into an [Alpine Linux container][]. See below for details!
|
||||||
|
|
||||||
|
## Available tags
|
||||||
|
|
||||||
|
In general, we provide the following tagged Docker images:
|
||||||
|
|
||||||
|
- `latest`, `stable`: Current stable Rust, with OpenSSL 1.0 (for now). We
|
||||||
|
try to update this fairly rapidly after every new stable release, and
|
||||||
|
after most point releases.
|
||||||
|
- `X.Y.Z`: Specific versions of stable Rust.
|
||||||
|
- `beta`: This usually gets updated every six weeks alongside the stable
|
||||||
|
release. It will usually not be updated for beta bugfix releases.
|
||||||
|
- `nightly-YYYY-MM-DD`: Specific nightly releases. These should almost
|
||||||
|
always support `clippy`, `rls` and `rustfmt`, as verified using
|
||||||
|
[rustup components history][comp]. If you need a specific date for
|
||||||
|
compatibility with `tokio` or another popular library using unstable
|
||||||
|
Rust, please file an issue.
|
||||||
|
- `stable-openssl11`: Current stable Rust, with OpenSSL 1.1.
|
||||||
|
- `X.Y.Z-openssl11`: Specific versions of stable Rust, with OpenSSL 1.1.
|
||||||
|
- `nightly-YYYY-MM-DD-openssl11`: Specific nightly releases, with OpenSSL
|
||||||
|
1.1.
|
||||||
|
|
||||||
|
At a minimum, each of these images should be able to
|
||||||
|
compile [examples/using-diesel](./examples/using-diesel).
|
||||||
|
|
||||||
|
[comp]: https://rust-lang.github.io/rustup-components-history/index.html
|
||||||
|
|
||||||
## Caching builds
|
## Caching builds
|
||||||
|
|
||||||
You may be able to speed up build performance by adding the following `-v` commands to the `rust-musl-builder` alias:
|
You may be able to speed up build performance by adding the following `-v` commands to the `rust-musl-builder` alias:
|
||||||
|
@ -46,7 +68,7 @@ rust-musl-builder sudo chown -R rust:rust \
|
||||||
|
|
||||||
- The standard `musl-libc` libraries.
|
- The standard `musl-libc` libraries.
|
||||||
- OpenSSL, which is needed by many Rust applications.
|
- OpenSSL, which is needed by many Rust applications.
|
||||||
- `libpq`, which is needed for applications that use `diesel` with PostgreSQL. Note that this may be broken under Rust 1.21.0 and later (see https://github.com/emk/rust-musl-builder/issues/27).
|
- `libpq`, which is needed for applications that use `diesel` with PostgreSQL.
|
||||||
- `libz`, which is needed by `libpq`.
|
- `libz`, which is needed by `libpq`.
|
||||||
- SQLite3. See [examples/using-diesel](./examples/using-diesel/).
|
- SQLite3. See [examples/using-diesel](./examples/using-diesel/).
|
||||||
|
|
||||||
|
@ -163,6 +185,18 @@ If you're using Docker crates which require specific C libraries to be installed
|
||||||
|
|
||||||
If you need an especially common library, please feel free to submit a pull request adding it to the main `Dockerfile`! We'd like to support popular Rust crates out of the box.
|
If you need an especially common library, please feel free to submit a pull request adding it to the main `Dockerfile`! We'd like to support popular Rust crates out of the box.
|
||||||
|
|
||||||
|
## ARM support (experimental)
|
||||||
|
|
||||||
|
To target ARM hard float (Raspberry Pi):
|
||||||
|
|
||||||
|
```sh
|
||||||
|
rust-musl-builder cargo build --target=armv7-unknown-linux-musleabihf --release
|
||||||
|
```
|
||||||
|
|
||||||
|
Binaries will be written to `target/$TARGET_ARCHITECTURE/release`. By default it targets `x86_64-unknown-linux-musl` unless specified with `--target`.
|
||||||
|
|
||||||
|
This is missing many of the libraries used by the `x86_64` build, and it should probably be split out of the base image and given its own tags.
|
||||||
|
|
||||||
## Development notes
|
## Development notes
|
||||||
|
|
||||||
After modifying the image, run `./test-image` to make sure that everything works.xs
|
After modifying the image, run `./test-image` to make sure that everything works.xs
|
||||||
|
|
|
@ -3,4 +3,4 @@
|
||||||
target = "x86_64-unknown-linux-musl"
|
target = "x86_64-unknown-linux-musl"
|
||||||
|
|
||||||
[target.armv7-unknown-linux-musleabihf]
|
[target.armv7-unknown-linux-musleabihf]
|
||||||
linker = "arm-linux-gnueabihf-gcc-4.7"
|
linker = "arm-linux-gnueabihf-gcc"
|
||||||
|
|
|
@ -3,8 +3,12 @@
|
||||||
# An example Dockerfile showing how to build a Rust executable using this
|
# An example Dockerfile showing how to build a Rust executable using this
|
||||||
# image, and deploy it with a tiny Alpine Linux container.
|
# image, and deploy it with a tiny Alpine Linux container.
|
||||||
|
|
||||||
|
# You can override this `--build-arg BASE_IMAGE=...` to use different
|
||||||
|
# version of Rust or OpenSSL.
|
||||||
|
ARG BASE_IMAGE=ekidd/rust-musl-builder:latest
|
||||||
|
|
||||||
# Our first FROM statement declares the build environment.
|
# Our first FROM statement declares the build environment.
|
||||||
FROM ekidd/rust-musl-builder AS builder
|
FROM ${BASE_IMAGE} AS builder
|
||||||
|
|
||||||
# Add our source code.
|
# Add our source code.
|
||||||
ADD . ./
|
ADD . ./
|
||||||
|
|
45
hooks/build
45
hooks/build
|
@ -1,14 +1,47 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# This script is responsible for calling `docker build` on behalf of GitHub. But
|
||||||
|
# what it _really_ does is translate `DOCKER_TAG` into the builds args `TARGET`
|
||||||
|
# and `OPENSSL_VERSION`.
|
||||||
|
|
||||||
# Abort if anything goes wrong.
|
# Abort if anything goes wrong.
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Always map the Docker tag `latest` to stable Rust.
|
# Default to using OpenSSL 1.0 for a while longer, because 1.1 is
|
||||||
if [ "$DOCKER_TAG" == "latest" ]; then
|
# incompatible with the crates postgres 0.15 and openssl 0.9, which
|
||||||
|
# are still widely used.
|
||||||
|
OPENSSL_VERSION=1.0.2r
|
||||||
|
|
||||||
|
# Pick an appropriate Docker tag
|
||||||
|
case "$DOCKER_TAG" in
|
||||||
|
*-openssl11)
|
||||||
|
DOCKER_TAG_WITHOUT_OPENSSL="${DOCKER_TAG/-openssl11/}"
|
||||||
|
OPENSSL_VERSION=1.1.1b
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
DOCKER_TAG_WITHOUT_OPENSSL="$DOCKER_TAG"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Decide what Rust toolchain to use.
|
||||||
|
case "$DOCKER_TAG_WITHOUT_OPENSSL" in
|
||||||
|
# Always map the Docker tags `latest` and `experimental` to stable Rust.
|
||||||
|
latest)
|
||||||
TOOLCHAIN=stable
|
TOOLCHAIN=stable
|
||||||
else
|
;;
|
||||||
TOOLCHAIN="$DOCKER_TAG"
|
# Strip `experimental-` from other `experimental-*` tags.
|
||||||
fi
|
experimental-*)
|
||||||
|
TOOLCHAIN="${DOCKER_TAG_WITHOUT_OPENSSL/experimental-/}"
|
||||||
|
;;
|
||||||
|
# Pass all other tags through.
|
||||||
|
*)
|
||||||
|
TOOLCHAIN="$DOCKER_TAG_WITHOUT_OPENSSL"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Run the build.
|
# Run the build.
|
||||||
docker build --build-arg TOOLCHAIN="$TOOLCHAIN" -t "$IMAGE_NAME" .
|
docker build \
|
||||||
|
--build-arg TOOLCHAIN="$TOOLCHAIN" \
|
||||||
|
--build-arg OPENSSL_VERSION="$OPENSSL_VERSION" \
|
||||||
|
-t "$IMAGE_NAME" \
|
||||||
|
.
|
||||||
|
|
12
hooks/test
Executable file
12
hooks/test
Executable file
|
@ -0,0 +1,12 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Abort if anything goes wrong.
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Make sure we can build some of our more important test images.
|
||||||
|
for EXAMPLE in using-diesel; do
|
||||||
|
docker build \
|
||||||
|
--build-arg BASE_IMAGE="$IMAGE_NAME" \
|
||||||
|
-t rust-musl-builder-"$EXAMPLE" \
|
||||||
|
examples/"$EXAMPLE"
|
||||||
|
done
|
Loading…
Reference in a new issue