Allow building with OpenSSL 1.0 or 1.1
It turns out that some popular libaries still have problems with OpenSSL 1.1, particularly `postgres` 0.15. So we'll build two sets of images now. We also explain the new image tagging scheme, and fix a bug wher the test script didn't test the newly built image.
This commit is contained in:
parent
388941cd8a
commit
e50cbda169
|
@ -4,6 +4,10 @@ FROM ubuntu:18.04
|
||||||
# The Rust toolchain to use when building our image. Set by `hooks/build`.
|
# The Rust toolchain to use when building our image. Set by `hooks/build`.
|
||||||
ARG TOOLCHAIN=stable
|
ARG TOOLCHAIN=stable
|
||||||
|
|
||||||
|
# The OpenSSL version to use. We parameterize this because many Rust
|
||||||
|
# projects will fail to build with 1.1.
|
||||||
|
ARG OPENSSL_VERSION=1.0.2r
|
||||||
|
|
||||||
# Make sure we have basic dev tools for building C libraries. Our goal
|
# Make sure we have basic dev tools for building C libraries. Our goal
|
||||||
# here is to support the musl-libc builds and Cargo builds needed for a
|
# here is to support the musl-libc builds and Cargo builds needed for a
|
||||||
# large selection of the most popular crates.
|
# large selection of the most popular crates.
|
||||||
|
@ -73,7 +77,6 @@ RUN git config --global credential.https://github.com.helper ghtoken
|
||||||
# needed by the popular Rust `hyper` crate.
|
# needed by the popular Rust `hyper` crate.
|
||||||
RUN echo "Building OpenSSL" && \
|
RUN echo "Building OpenSSL" && \
|
||||||
cd /tmp && \
|
cd /tmp && \
|
||||||
OPENSSL_VERSION=1.1.1b && \
|
|
||||||
curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
|
curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
|
||||||
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
|
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
|
||||||
env CC=musl-gcc ./Configure no-shared no-zlib no-async no-engine -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
|
env CC=musl-gcc ./Configure no-shared no-zlib no-async no-engine -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
|
||||||
|
|
23
README.md
23
README.md
|
@ -23,6 +23,29 @@ Binaries will be written to `target/$TARGET_ARCHITECTURE/release`. By default it
|
||||||
|
|
||||||
With a bit of luck, you should be able to just copy your application binary from `target/x86_64-unknown-linux-musl/release`, and install it directly on any reasonably modern x86_64 Linux machine. In particular, you should be able make static release binaries using TravisCI and GitHub, or you can copy your Rust application into an [Alpine Linux container][]. See below for details!
|
With a bit of luck, you should be able to just copy your application binary from `target/x86_64-unknown-linux-musl/release`, and install it directly on any reasonably modern x86_64 Linux machine. In particular, you should be able make static release binaries using TravisCI and GitHub, or you can copy your Rust application into an [Alpine Linux container][]. See below for details!
|
||||||
|
|
||||||
|
## Available tags
|
||||||
|
|
||||||
|
In general, we provide the following tagged Docker images:
|
||||||
|
|
||||||
|
- `latest`, `stable`: Current stable Rust, with OpenSSL 1.0 (for now). We
|
||||||
|
try to update this fairly rapidly after every new stable release, and
|
||||||
|
after most point releases.
|
||||||
|
- `beta`: This usually gets updated every six weeks alongside the stable
|
||||||
|
release. It will usually not be updated for beta bugfix releases.
|
||||||
|
- `nightly-YYYY-MM-DD`: Specific nightly releases. These should almost
|
||||||
|
always support `clippy`, `rls` and `rustfmt`, as verified using
|
||||||
|
[rustup components history][comp]. If you need a specific date for
|
||||||
|
compatibility with `tokio` or another popular library using unstable
|
||||||
|
Rust, please file an issue.
|
||||||
|
- `stable-openssl11`: Current stable Rust, with OpenSSL 1.1.
|
||||||
|
- `nightly-YYYY-MM-DD-openssl11`: Specific nightly releases with OpenSSL
|
||||||
|
1.1.
|
||||||
|
|
||||||
|
At a minimum, each of these images should be able to
|
||||||
|
compile [examples/using-diesel](./examples/using-diesel).
|
||||||
|
|
||||||
|
[comp]: https://rust-lang.github.io/rustup-components-history/index.html
|
||||||
|
|
||||||
## Caching builds
|
## Caching builds
|
||||||
|
|
||||||
You may be able to speed up build performance by adding the following `-v` commands to the `rust-musl-builder` alias:
|
You may be able to speed up build performance by adding the following `-v` commands to the `rust-musl-builder` alias:
|
||||||
|
|
|
@ -3,8 +3,12 @@
|
||||||
# An example Dockerfile showing how to build a Rust executable using this
|
# An example Dockerfile showing how to build a Rust executable using this
|
||||||
# image, and deploy it with a tiny Alpine Linux container.
|
# image, and deploy it with a tiny Alpine Linux container.
|
||||||
|
|
||||||
|
# You can override this `--build-arg BASE_IMAGE=...` to use different
|
||||||
|
# version of Rust or OpenSSL.
|
||||||
|
ARG BASE_IMAGE=ekidd/rust-musl-builder:latest
|
||||||
|
|
||||||
# Our first FROM statement declares the build environment.
|
# Our first FROM statement declares the build environment.
|
||||||
FROM ekidd/rust-musl-builder AS builder
|
FROM ${BASE_IMAGE} AS builder
|
||||||
|
|
||||||
# Add our source code.
|
# Add our source code.
|
||||||
ADD . ./
|
ADD . ./
|
||||||
|
|
36
hooks/build
36
hooks/build
|
@ -1,23 +1,47 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# This script is responsible for calling `docker build` on behalf of GitHub. But
|
||||||
|
# what it _really_ does is translate `DOCKER_TAG` into the builds args `TARGET`
|
||||||
|
# and `OPENSSL_VERSION`.
|
||||||
|
|
||||||
# Abort if anything goes wrong.
|
# Abort if anything goes wrong.
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Decide what Rust toolchain to use.
|
# Default to using OpenSSL 1.0 for a while longer, because 1.1 is
|
||||||
|
# incompatible with the crates postgres 0.15 and openssl 0.9, which
|
||||||
|
# are still widely used.
|
||||||
|
OPENSSL_VERSION=1.0.2r
|
||||||
|
|
||||||
|
# Pick an appropriate Docker tag
|
||||||
case "$DOCKER_TAG" in
|
case "$DOCKER_TAG" in
|
||||||
|
*-openssl11)
|
||||||
|
DOCKER_TAG_WITHOUT_OPENSSL="${DOCKER_TAG/-openssl11/}"
|
||||||
|
OPENSSL_VERSION=1.1.1b
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
DOCKER_TAG_WITHOUT_OPENSSL="$DOCKER_TAG"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Decide what Rust toolchain to use.
|
||||||
|
case "$DOCKER_TAG_WITHOUT_OPENSSL" in
|
||||||
# Always map the Docker tags `latest` and `experimental` to stable Rust.
|
# Always map the Docker tags `latest` and `experimental` to stable Rust.
|
||||||
latest|experimental)
|
latest)
|
||||||
TOOLCHAIN=stable
|
TOOLCHAIN=stable
|
||||||
;;
|
;;
|
||||||
# Strip `experimental-` from other `experimental-*` tags.
|
# Strip `experimental-` from other `experimental-*` tags.
|
||||||
experimental-*)
|
experimental-*)
|
||||||
TOOLCHAIN="${DOCKER_TAG/experimental-/}"
|
TOOLCHAIN="${DOCKER_TAG_WITHOUT_OPENSSL/experimental-/}"
|
||||||
;;
|
;;
|
||||||
# Pass all our tags
|
# Pass all other tags through.
|
||||||
*)
|
*)
|
||||||
TOOLCHAIN="$DOCKER_TAG"
|
TOOLCHAIN="$DOCKER_TAG_WITHOUT_OPENSSL"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Run the build.
|
# Run the build.
|
||||||
docker build --build-arg TOOLCHAIN="$TOOLCHAIN" -t "$IMAGE_NAME" .
|
docker build \
|
||||||
|
--build-arg TOOLCHAIN="$TOOLCHAIN" \
|
||||||
|
--build-arg OPENSSL_VERSION="$OPENSSL_VERSION" \
|
||||||
|
-t "$IMAGE_NAME" \
|
||||||
|
.
|
||||||
|
|
|
@ -5,5 +5,8 @@ set -euo pipefail
|
||||||
|
|
||||||
# Make sure we can build some of our more important test images.
|
# Make sure we can build some of our more important test images.
|
||||||
for EXAMPLE in using-diesel; do
|
for EXAMPLE in using-diesel; do
|
||||||
docker build -t rust-musl-builder-"$EXAMPLE" examples/"$EXAMPLE"
|
docker build \
|
||||||
|
--build-arg BASE_IMAGE="$IMAGE_NAME" \
|
||||||
|
-t rust-musl-builder-"$EXAMPLE" \
|
||||||
|
examples/"$EXAMPLE"
|
||||||
done
|
done
|
||||||
|
|
Loading…
Reference in a new issue