75e49d2f8b
I've tweaked this so that we can easily update our dependencies in the future. Note that we're still using PostgreSQL 11 and we should probably start testing everything with 12.
165 lines
7.2 KiB
Docker
165 lines
7.2 KiB
Docker
# Use Ubuntu 18.04 LTS as our base image.
|
|
FROM ubuntu:18.04
|
|
|
|
# The Rust toolchain to use when building our image. Set by `hooks/build`.
|
|
ARG TOOLCHAIN=stable
|
|
|
|
# The OpenSSL version to use. We parameterize this because many Rust
|
|
# projects will fail to build with 1.1.
|
|
#
|
|
# ALSO UPDATE hooks/build!
|
|
ARG OPENSSL_VERSION=1.1.1g
|
|
|
|
# Versions for other dependencies. Here are the places to check for new
|
|
# releases:
|
|
#
|
|
# - https://github.com/rust-lang/mdBook/releases
|
|
# - https://github.com/EmbarkStudios/cargo-deny/releases
|
|
# - http://zlib.net/
|
|
# - https://ftp.postgresql.org/pub/source/
|
|
ARG MDBOOK_VERSION=0.3.7
|
|
ARG CARGO_DENY_VERSION=0.6.6
|
|
ARG ZLIB_VERSION=1.2.11
|
|
ARG POSTGRESQL_VERSION=11.7
|
|
|
|
# Make sure we have basic dev tools for building C libraries. Our goal
|
|
# here is to support the musl-libc builds and Cargo builds needed for a
|
|
# large selection of the most popular crates.
|
|
#
|
|
# We also set up a `rust` user by default, in whose account we'll install
|
|
# the Rust toolchain. This user has sudo privileges if you need to install
|
|
# any more software.
|
|
#
|
|
# `mdbook` is the standard Rust tool for making searchable HTML manuals.
|
|
RUN apt-get update && \
|
|
apt-get install -y \
|
|
build-essential \
|
|
cmake \
|
|
curl \
|
|
file \
|
|
git \
|
|
graphviz \
|
|
musl-dev \
|
|
musl-tools \
|
|
libpq-dev \
|
|
libsqlite-dev \
|
|
libssl-dev \
|
|
linux-libc-dev \
|
|
pkgconf \
|
|
sudo \
|
|
xutils-dev \
|
|
gcc-multilib-arm-linux-gnueabihf \
|
|
&& \
|
|
apt-get clean && rm -rf /var/lib/apt/lists/* && \
|
|
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
|
|
curl -fLO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
|
|
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
|
|
mv mdbook /usr/local/bin/ && \
|
|
rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \
|
|
curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$CARGO_DENY_VERSION/cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
tar xf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
mv cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \
|
|
rm -rf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz
|
|
|
|
# Static linking for C++ code
|
|
RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
|
|
|
|
# Allow sudo without a password.
|
|
ADD sudoers /etc/sudoers.d/nopasswd
|
|
|
|
# Run all further code as user `rust`, and create our working directories
|
|
# as the appropriate user.
|
|
USER rust
|
|
RUN mkdir -p /home/rust/libs /home/rust/src
|
|
|
|
# Set up our path with all our binary directories, including those for the
|
|
# musl-gcc toolchain and for our Rust toolchain.
|
|
ENV PATH=/home/rust/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
# Install our Rust toolchain and the `musl` target. We patch the
|
|
# command-line we pass to the installer so that it won't attempt to
|
|
# interact with the user or fool around with TTYs. We also set the default
|
|
# `--target` to musl so that our users don't need to keep overriding it
|
|
# manually.
|
|
RUN curl https://sh.rustup.rs -sSf | \
|
|
sh -s -- -y --default-toolchain $TOOLCHAIN && \
|
|
rustup target add x86_64-unknown-linux-musl && \
|
|
rustup target add armv7-unknown-linux-musleabihf
|
|
ADD cargo-config.toml /home/rust/.cargo/config
|
|
|
|
# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access
|
|
# private repositories if desired.
|
|
ADD git-credential-ghtoken /usr/local/bin/ghtoken
|
|
RUN git config --global credential.https://github.com.helper ghtoken
|
|
|
|
# Build a static library version of OpenSSL using musl-libc. This is needed by
|
|
# the popular Rust `hyper` crate.
|
|
#
|
|
# We point /usr/local/musl/include/linux at some Linux kernel headers (not
|
|
# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine"
|
|
# component. It's possible that this will cause bizarre and terrible things to
|
|
# happen. There may be "sanitized" header
|
|
RUN echo "Building OpenSSL" && \
|
|
ls /usr/include/linux && \
|
|
sudo mkdir -p /usr/local/musl/include && \
|
|
sudo ln -s /usr/include/linux /usr/local/musl/include/linux && \
|
|
sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm && \
|
|
sudo ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic && \
|
|
cd /tmp && \
|
|
short_version="$(echo "$OPENSSL_VERSION" | sed s'/[a-z]$//' )" && \
|
|
curl -fLO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" || \
|
|
curl -fLO "https://www.openssl.org/source/old/$short_version/openssl-$OPENSSL_VERSION.tar.gz" && \
|
|
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
|
|
env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
|
|
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
|
|
env C_INCLUDE_PATH=/usr/local/musl/include/ make && \
|
|
sudo make install && \
|
|
sudo rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic && \
|
|
rm -r /tmp/*
|
|
|
|
RUN echo "Building zlib" && \
|
|
cd /tmp && \
|
|
curl -fLO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
|
|
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
|
|
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
|
|
make && sudo make install && \
|
|
rm -r /tmp/*
|
|
|
|
RUN echo "Building libpq" && \
|
|
cd /tmp && \
|
|
curl -fLO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
|
|
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
|
|
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
|
|
cd src/interfaces/libpq && make all-static-lib && sudo make install-lib-static && \
|
|
cd ../../bin/pg_config && make && sudo make install && \
|
|
rm -r /tmp/*
|
|
|
|
ENV OPENSSL_DIR=/usr/local/musl/ \
|
|
OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
|
|
DEP_OPENSSL_INCLUDE=/usr/local/musl/include/ \
|
|
OPENSSL_LIB_DIR=/usr/local/musl/lib/ \
|
|
OPENSSL_STATIC=1 \
|
|
PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
|
|
PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
|
|
PKG_CONFIG_ALLOW_CROSS=true \
|
|
PKG_CONFIG_ALL_STATIC=true \
|
|
LIBZ_SYS_STATIC=1 \
|
|
TARGET=musl
|
|
|
|
# (Please feel free to submit pull requests for musl-libc builds of other C
|
|
# libraries needed by the most popular and common Rust crates, to avoid
|
|
# everybody needing to build them manually.)
|
|
|
|
# Install some useful Rust tools from source. This will use the static linking
|
|
# toolchain, but that should be OK.
|
|
#
|
|
# We include cargo-audit for compatibility with earlier versions of this image,
|
|
# but cargo-deny provides a super-set of cargo-audit's features.
|
|
RUN cargo install -f cargo-audit && \
|
|
cargo install -f mdbook-graphviz && \
|
|
rm -rf /home/rust/.cargo/registry/
|
|
|
|
# Expect our source code to live in /home/rust/src. We'll run the build as
|
|
# user `rust`, which will be uid 1000, gid 1000 outside the container.
|
|
WORKDIR /home/rust/src
|