e50cbda169
It turns out that some popular libaries still have problems with OpenSSL 1.1, particularly `postgres` 0.15. So we'll build two sets of images now. We also explain the new image tagging scheme, and fix a bug wher the test script didn't test the newly built image.
130 lines
5.3 KiB
Docker
130 lines
5.3 KiB
Docker
# Use Ubuntu 18.04 LTS as our base image.
|
|
FROM ubuntu:18.04
|
|
|
|
# The Rust toolchain to use when building our image. Set by `hooks/build`.
|
|
ARG TOOLCHAIN=stable
|
|
|
|
# The OpenSSL version to use. We parameterize this because many Rust
|
|
# projects will fail to build with 1.1.
|
|
ARG OPENSSL_VERSION=1.0.2r
|
|
|
|
# Make sure we have basic dev tools for building C libraries. Our goal
|
|
# here is to support the musl-libc builds and Cargo builds needed for a
|
|
# large selection of the most popular crates.
|
|
#
|
|
# We also set up a `rust` user by default, in whose account we'll install
|
|
# the Rust toolchain. This user has sudo privileges if you need to install
|
|
# any more software.
|
|
#
|
|
# `mdbook` is the standard Rust tool for making searchable HTML manuals.
|
|
RUN apt-get update && \
|
|
apt-get install -y \
|
|
build-essential \
|
|
cmake \
|
|
curl \
|
|
file \
|
|
git \
|
|
musl-dev \
|
|
musl-tools \
|
|
libpq-dev \
|
|
libsqlite-dev \
|
|
libssl-dev \
|
|
pkgconf \
|
|
sudo \
|
|
xutils-dev \
|
|
gcc-multilib-arm-linux-gnueabihf \
|
|
&& \
|
|
apt-get clean && rm -rf /var/lib/apt/lists/* && \
|
|
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
|
|
MDBOOK_VERSION=0.2.1 && \
|
|
curl -LO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
|
|
mv mdbook /usr/local/bin/ && \
|
|
rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz
|
|
|
|
# Static linking for C++ code
|
|
RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
|
|
|
|
# Allow sudo without a password.
|
|
ADD sudoers /etc/sudoers.d/nopasswd
|
|
|
|
# Run all further code as user `rust`, and create our working directories
|
|
# as the appropriate user.
|
|
USER rust
|
|
RUN mkdir -p /home/rust/libs /home/rust/src
|
|
|
|
# Set up our path with all our binary directories, including those for the
|
|
# musl-gcc toolchain and for our Rust toolchain.
|
|
ENV PATH=/home/rust/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
# Install our Rust toolchain and the `musl` target. We patch the
|
|
# command-line we pass to the installer so that it won't attempt to
|
|
# interact with the user or fool around with TTYs. We also set the default
|
|
# `--target` to musl so that our users don't need to keep overriding it
|
|
# manually.
|
|
RUN curl https://sh.rustup.rs -sSf | \
|
|
sh -s -- -y --default-toolchain $TOOLCHAIN && \
|
|
rustup target add x86_64-unknown-linux-musl && \
|
|
rustup target add armv7-unknown-linux-musleabihf
|
|
ADD cargo-config.toml /home/rust/.cargo/config
|
|
|
|
# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access
|
|
# private repositories if desired.
|
|
ADD git-credential-ghtoken /usr/local/bin
|
|
RUN git config --global credential.https://github.com.helper ghtoken
|
|
|
|
# Build a static library version of OpenSSL using musl-libc. This is
|
|
# needed by the popular Rust `hyper` crate.
|
|
RUN echo "Building OpenSSL" && \
|
|
cd /tmp && \
|
|
curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
|
|
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
|
|
env CC=musl-gcc ./Configure no-shared no-zlib no-async no-engine -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
|
|
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
|
|
make && sudo make install && \
|
|
rm -r /tmp/*
|
|
|
|
RUN echo "Building zlib" && \
|
|
cd /tmp && \
|
|
ZLIB_VERSION=1.2.11 && \
|
|
curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
|
|
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
|
|
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
|
|
make && sudo make install && \
|
|
rm -r /tmp/*
|
|
|
|
RUN echo "Building libpq" && \
|
|
cd /tmp && \
|
|
POSTGRESQL_VERSION=11.2 && \
|
|
curl -LO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
|
|
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
|
|
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
|
|
cd src/interfaces/libpq && make all-static-lib && sudo make install-lib-static && \
|
|
cd ../../bin/pg_config && make && sudo make install && \
|
|
rm -r /tmp/*
|
|
|
|
ENV OPENSSL_DIR=/usr/local/musl/ \
|
|
OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
|
|
DEP_OPENSSL_INCLUDE=/usr/local/musl/include/ \
|
|
OPENSSL_LIB_DIR=/usr/local/musl/lib/ \
|
|
OPENSSL_STATIC=1 \
|
|
PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
|
|
PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
|
|
PKG_CONFIG_ALLOW_CROSS=true \
|
|
PKG_CONFIG_ALL_STATIC=true \
|
|
LIBZ_SYS_STATIC=1 \
|
|
TARGET=musl
|
|
|
|
# (Please feel free to submit pull requests for musl-libc builds of other C
|
|
# libraries needed by the most popular and common Rust crates, to avoid
|
|
# everybody needing to build them manually.)
|
|
|
|
# Install some useful Rust tools from source. This will use the static linking
|
|
# toolchain, but that should be OK.
|
|
RUN cargo install -f cargo-audit && \
|
|
rm -rf /home/rust/.cargo/registry/
|
|
|
|
# Expect our source code to live in /home/rust/src. We'll run the build as
|
|
# user `rust`, which will be uid 1000, gid 1000 outside the container.
|
|
WORKDIR /home/rust/src
|