rust-musl-builder/Dockerfile
Eric Kidd e50cbda169 Allow building with OpenSSL 1.0 or 1.1
It turns out that some popular libaries still have problems with OpenSSL
1.1, particularly `postgres` 0.15. So we'll build two sets of images
now.

We also explain the new image tagging scheme, and fix a bug wher the
test script didn't test the newly built image.
2019-04-27 09:21:32 -04:00

130 lines
5.3 KiB
Docker

# Use Ubuntu 18.04 LTS as our base image.
FROM ubuntu:18.04
# The Rust toolchain to use when building our image. Set by `hooks/build`.
ARG TOOLCHAIN=stable
# The OpenSSL version to use. We parameterize this because many Rust
# projects will fail to build with 1.1.
ARG OPENSSL_VERSION=1.0.2r
# Make sure we have basic dev tools for building C libraries. Our goal
# here is to support the musl-libc builds and Cargo builds needed for a
# large selection of the most popular crates.
#
# We also set up a `rust` user by default, in whose account we'll install
# the Rust toolchain. This user has sudo privileges if you need to install
# any more software.
#
# `mdbook` is the standard Rust tool for making searchable HTML manuals.
RUN apt-get update && \
apt-get install -y \
build-essential \
cmake \
curl \
file \
git \
musl-dev \
musl-tools \
libpq-dev \
libsqlite-dev \
libssl-dev \
pkgconf \
sudo \
xutils-dev \
gcc-multilib-arm-linux-gnueabihf \
&& \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
MDBOOK_VERSION=0.2.1 && \
curl -LO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
mv mdbook /usr/local/bin/ && \
rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz
# Static linking for C++ code
RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
# Allow sudo without a password.
ADD sudoers /etc/sudoers.d/nopasswd
# Run all further code as user `rust`, and create our working directories
# as the appropriate user.
USER rust
RUN mkdir -p /home/rust/libs /home/rust/src
# Set up our path with all our binary directories, including those for the
# musl-gcc toolchain and for our Rust toolchain.
ENV PATH=/home/rust/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Install our Rust toolchain and the `musl` target. We patch the
# command-line we pass to the installer so that it won't attempt to
# interact with the user or fool around with TTYs. We also set the default
# `--target` to musl so that our users don't need to keep overriding it
# manually.
RUN curl https://sh.rustup.rs -sSf | \
sh -s -- -y --default-toolchain $TOOLCHAIN && \
rustup target add x86_64-unknown-linux-musl && \
rustup target add armv7-unknown-linux-musleabihf
ADD cargo-config.toml /home/rust/.cargo/config
# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access
# private repositories if desired.
ADD git-credential-ghtoken /usr/local/bin
RUN git config --global credential.https://github.com.helper ghtoken
# Build a static library version of OpenSSL using musl-libc. This is
# needed by the popular Rust `hyper` crate.
RUN echo "Building OpenSSL" && \
cd /tmp && \
curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
env CC=musl-gcc ./Configure no-shared no-zlib no-async no-engine -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
make && sudo make install && \
rm -r /tmp/*
RUN echo "Building zlib" && \
cd /tmp && \
ZLIB_VERSION=1.2.11 && \
curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
make && sudo make install && \
rm -r /tmp/*
RUN echo "Building libpq" && \
cd /tmp && \
POSTGRESQL_VERSION=11.2 && \
curl -LO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
cd src/interfaces/libpq && make all-static-lib && sudo make install-lib-static && \
cd ../../bin/pg_config && make && sudo make install && \
rm -r /tmp/*
ENV OPENSSL_DIR=/usr/local/musl/ \
OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
DEP_OPENSSL_INCLUDE=/usr/local/musl/include/ \
OPENSSL_LIB_DIR=/usr/local/musl/lib/ \
OPENSSL_STATIC=1 \
PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
PKG_CONFIG_ALLOW_CROSS=true \
PKG_CONFIG_ALL_STATIC=true \
LIBZ_SYS_STATIC=1 \
TARGET=musl
# (Please feel free to submit pull requests for musl-libc builds of other C
# libraries needed by the most popular and common Rust crates, to avoid
# everybody needing to build them manually.)
# Install some useful Rust tools from source. This will use the static linking
# toolchain, but that should be OK.
RUN cargo install -f cargo-audit && \
rm -rf /home/rust/.cargo/registry/
# Expect our source code to live in /home/rust/src. We'll run the build as
# user `rust`, which will be uid 1000, gid 1000 outside the container.
WORKDIR /home/rust/src