forked from emk/rust-musl-builder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
142 lines (126 loc) · 6.01 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# Use Ubuntu 18.04 LTS as our base image.
FROM ubuntu:18.04
# The Rust toolchain to use when building our image. Set by `hooks/build`.
ARG TOOLCHAIN=stable
# The OpenSSL version to use. We parameterize this because many Rust
# projects will fail to build with 1.1.
ARG OPENSSL_VERSION=1.0.2r
# Make sure we have basic dev tools for building C libraries. Our goal
# here is to support the musl-libc builds and Cargo builds needed for a
# large selection of the most popular crates.
#
# We also set up a `rust` user by default, in whose account we'll install
# the Rust toolchain. This user has sudo privileges if you need to install
# any more software.
#
# `mdbook` is the standard Rust tool for making searchable HTML manuals.
RUN apt-get update && \
apt-get install -y \
build-essential \
cmake \
curl \
file \
git \
musl-dev \
musl-tools \
libpq-dev \
libsqlite-dev \
libssl-dev \
linux-libc-dev \
pkgconf \
sudo \
xutils-dev \
gcc-multilib-arm-linux-gnueabihf \
&& \
apt-get clean && rm -rf /var/lib/apt/lists/* && \
useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
MDBOOK_VERSION=0.2.1 && \
curl -LO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
mv mdbook /usr/local/bin/ && \
rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz
# Static linking for C++ code
RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
# Allow sudo without a password.
ADD sudoers /etc/sudoers.d/nopasswd
# Run all further code as user `rust`, and create our working directories
# as the appropriate user.
USER rust
RUN mkdir -p /home/rust/libs /home/rust/src
# Set up our path with all our binary directories, including those for the
# musl-gcc toolchain and for our Rust toolchain.
ENV PATH=/home/rust/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Install our Rust toolchain and the `musl` target. We patch the
# command-line we pass to the installer so that it won't attempt to
# interact with the user or fool around with TTYs. We also set the default
# `--target` to musl so that our users don't need to keep overriding it
# manually.
RUN curl https://sh.rustup.rs -sSf | \
sh -s -- -y --default-toolchain $TOOLCHAIN && \
rustup target add x86_64-unknown-linux-musl && \
rustup target add armv7-unknown-linux-musleabihf
ADD cargo-config.toml /home/rust/.cargo/config
# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access
# private repositories if desired.
ADD git-credential-ghtoken /usr/local/bin
RUN git config --global credential.https://github.com.helper ghtoken
# Build a static library version of OpenSSL using musl-libc. This is needed by
# the popular Rust `hyper` crate.
#
# We point /usr/local/musl/include/linux at some Linux kernel headers (not
# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine"
# component. It's possible that this will cause bizarre and terrible things to
# happen. There may be "sanitized" header
RUN echo "Building OpenSSL" && \
ls /usr/include/linux && \
sudo mkdir -p /usr/local/musl/include && \
sudo ln -s /usr/include/linux /usr/local/musl/include/linux && \
sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm && \
sudo ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic && \
cd /tmp && \
curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
env C_INCLUDE_PATH=/usr/local/musl/include/ make && \
sudo make install && \
sudo rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic && \
rm -r /tmp/*
RUN echo "Building zlib" && \
cd /tmp && \
ZLIB_VERSION=1.2.11 && \
curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
make && sudo make install && \
rm -r /tmp/*
RUN echo "Building libpq" && \
cd /tmp && \
POSTGRESQL_VERSION=11.2 && \
curl -LO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
cd src/interfaces/libpq && make all-static-lib && sudo make install-lib-static && \
cd ../../bin/pg_config && make && sudo make install && \
rm -r /tmp/*
ENV OPENSSL_DIR=/usr/local/musl/ \
OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
DEP_OPENSSL_INCLUDE=/usr/local/musl/include/ \
OPENSSL_LIB_DIR=/usr/local/musl/lib/ \
OPENSSL_STATIC=1 \
PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
PKG_CONFIG_ALLOW_CROSS=true \
PKG_CONFIG_ALL_STATIC=true \
LIBZ_SYS_STATIC=1 \
TARGET=musl
# (Please feel free to submit pull requests for musl-libc builds of other C
# libraries needed by the most popular and common Rust crates, to avoid
# everybody needing to build them manually.)
# Install some useful Rust tools from source. This will use the static linking
# toolchain, but that should be OK.
RUN cargo install -f cargo-audit && \
rm -rf /home/rust/.cargo/registry/
# Expect our source code to live in /home/rust/src. We'll run the build as
# user `rust`, which will be uid 1000, gid 1000 outside the container.
WORKDIR /home/rust/src