-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.debian-static-libs
168 lines (153 loc) · 6.79 KB
/
Dockerfile.debian-static-libs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# A Rust docker image which can also be used to cross-compile to MUSL for static libs
#
# Inspired by and derived from https://github.com/emk/rust-musl-builder/blob/master/Dockerfile
#
# Postgres client support removed since we don't currently need it
#
# This is the Debian bullseye-based official image, modified heavily so that it also includes
# musl libs and headers, the Rust `x86_64-linux-unknown-musl` target, and OpenSSL and zlib compiled
# from source and linked to musl.
FROM rust:1.54-bullseye
# The OpenSSL version to use. Here is the place to check for new releases:
#
# - https://www.openssl.org/source/
ARG OPENSSL_VERSION=1.1.1i
# Versions for other dependencies. Here are the places to check for new
# releases:
#
# - http://zlib.net/
# - https://ftp.postgresql.org/pub/source/
# - https://github.com/illiliti/libudev-zero/
#
# We're stuck on PostgreSQL 11 until we figure out
# https://github.com/emk/rust-musl-builder/issues.
ARG ZLIB_VERSION=1.2.11
ARG POSTGRESQL_VERSION=11.11
ARG LIBUDEV_ZERO_VERSION=1.0.0
# Make sure we have basic dev tools for building C libraries. Our goal here is
# to support the musl-libc builds and Cargo builds needed for a large selection
# of the most popular crates.
#
# Some of these are Elastio-specific deps
RUN apt-get update && apt-get install -yq \
bash \
build-essential \
python3 pip \
clang \
cmake \
meson \
curl \
e2fsprogs libext2fs-dev \
file \
gcc g++ \
gdb \
gperf \
git \
graphviz \
libcap-dev \
libpq-dev \
libprotoc-dev protoc-gen-go \
libsqlite3-dev \
libssl-dev \
libudev-dev \
linux-libc-dev \
musl-dev musl-tools \
llvm llvm-dev \
make \
nodejs npm \
perl \
pkgconf \
sudo \
xfsprogs xfslibs-dev \
xutils-dev \
&& \
apt-get clean && rm -rf /var/lib/apt/lists/*
# Static linking for C++ code
RUN ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
# Install the sabotage LTS linux kernel headers tweaked specifically for use compiling userland and to support musl
RUN git clone https://github.com/sabotage-linux/kernel-headers.git --branch v4.19.88-1 /tmp/kernel-headers && \
cd /tmp/kernel-headers && \
make ARCH=x86_64 prefix=/usr/local/sabotage install && \
cd / && rm -rf /tmp/kernel-headers
# The real `libudev` is part of the systemd code repo, and it's a horrid mess to get it to build.
# Thankfully there exists libudev-zero (https://github.com/illiliti/libudev-zero/) which is much simpler
# and overall less absurd
RUN echo "Building libudev" && \
mkdir -p /tmp/libudev-zero && \
cd /tmp/libudev-zero && \
curl -L https://github.com/illiliti/libudev-zero/archive/refs/tags/1.0.0.tar.gz | tar xvz --strip-components=1 && \
env CC=musl-gcc C_INCLUDE_PATH=/usr/include/x86_64-linux-musl:/usr/local/sabotage/include make PREFIX=/opt/musl install && \
rm -r /tmp/libudev-zero
# Build a static library version of OpenSSL using musl-libc. This is needed by
# the popular Rust `hyper` crate and many others.
#
# We point /opt/musl/include/linux at some Linux kernel headers (not
# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine"
# component. It's possible that this will cause bizarre and terrible things to
# happen. There may be "sanitized" header
RUN echo "Building OpenSSL" && \
ls /usr/include/linux && \
mkdir -p /opt/musl/include && \
ln -s /usr/include/linux /opt/musl/include/linux && \
ln -s /usr/include/x86_64-linux-gnu/asm /opt/musl/include/asm && \
ln -s /usr/include/asm-generic /opt/musl/include/asm-generic && \
cd /tmp && \
short_version="$(echo "$OPENSSL_VERSION" | sed s'/[a-z]$//' )" && \
curl -fLO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" || \
curl -fLO "https://www.openssl.org/source/old/$short_version/openssl-$OPENSSL_VERSION.tar.gz" && \
tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/opt/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
env C_INCLUDE_PATH=/opt/musl/include/ make depend && \
env C_INCLUDE_PATH=/opt/musl/include/ make && \
make install && \
rm /opt/musl/include/linux /opt/musl/include/asm /opt/musl/include/asm-generic && \
rm -r /tmp/*
RUN echo "Building zlib" && \
cd /tmp && \
curl -fLO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
CC=musl-gcc ./configure --static --prefix=/opt/musl && \
make && make install && \
rm -r /tmp/*
RUN echo "Building libpq" && \
cd /tmp && \
curl -fLO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
CC=musl-gcc CPPFLAGS=-I/opt/musl/include LDFLAGS=-L/opt/musl/lib ./configure --with-openssl --without-readline --prefix=/opt/musl && \
cd src/interfaces/libpq && make all-static-lib && make install-lib-static && \
cd ../../bin/pg_config && make && make install && \
rm -r /tmp/*
# The offical Rust image we're basing on ships with the `-gnu` target by default. Add
# the musl target as well
RUN rustup component add rustfmt && \
rustup component add clippy && \
rustup target add x86_64-unknown-linux-musl
# (Please feel free to submit pull requests for musl-libc builds of other C
# libraries needed by the most popular and common Rust crates, to avoid
# everybody needing to build them manually.)
# Install a `git credentials` helper for using GH_USER and GH_TOKEN to access
# private repositories if desired. We make sure this is configured for root
ADD git-credential-ghtoken /usr/local/bin/ghtoken
RUN git config --global credential.https://github.com.helper ghtoken
# Set up our path with all our binary directories, including those for the
# musl-gcc toolchain and for our Rust toolchain.
#
# We use the instructions at https://github.com/rust-lang/rustup/issues/2383
# to install the rustup toolchain as root.
# ENV RUSTUP_HOME=/opt/rust/rustup \
# PATH=/home/rust/.cargo/bin:/opt/rust/cargo/bin:/opt/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Set up our environment variables so that when cross compiling to musl
# the correct paths are used.
ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/opt/musl/ \
X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 \
X86_64_UNKNOWN_LINUX_MUSL_LIBUDEV_DIR=/opt/musl/ \
X86_64_UNKNOWN_LINUX_MUSL_LIBUDEV_STATIC=1 \
PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
PKG_CONFIG_LIBDIR=/opt/musl/lib/pkgconfig \
PKG_CONFIG_ALLOW_CROSS=true \
PKG_CONFIG_ALL_STATIC=true \
LIBZ_SYS_STATIC=1
# Expect the Rust project to be built to mount at `/build`
RUN mkdir /build
WORKDIR /build