vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 31bcd1bf7cbe3e1b7c2dee20faa465c0e74f6905
parent 59e50b03bd0990a31c3be9b6c760ec41770cf1b1
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sun,  5 Jan 2020 22:42:43 +0100

Merge pull request #784 from ypid/docker/use-debian-base

Use Debian base image for all steps of the build process
Diffstat:
Adocker/Dockerfile.j2 | 322+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Adocker/Makefile | 9+++++++++
Mdocker/aarch64/mysql/Dockerfile | 80+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------
Mdocker/aarch64/sqlite/Dockerfile | 75+++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------
Mdocker/amd64/mysql/Dockerfile | 31++++++++++++++++++++++++-------
Mdocker/amd64/mysql/Dockerfile.alpine | 37++++++++++++++++++++++++++++++-------
Mdocker/amd64/postgresql/Dockerfile | 42++++++++++++++++++++++++++----------------
Mdocker/amd64/postgresql/Dockerfile.alpine | 38++++++++++++++++++++++++++++++--------
Mdocker/amd64/sqlite/Dockerfile | 33+++++++++++++++++++++++++--------
Mdocker/amd64/sqlite/Dockerfile.alpine | 36+++++++++++++++++++++++++++++-------
Mdocker/armv6/mysql/Dockerfile | 78+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------
Mdocker/armv6/sqlite/Dockerfile | 73++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------
Mdocker/armv7/mysql/Dockerfile | 78++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------
Mdocker/armv7/sqlite/Dockerfile | 72+++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------
Adocker/render_template | 17+++++++++++++++++
15 files changed, 851 insertions(+), 170 deletions(-)

diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -0,0 +1,322 @@ +{{ "# This file was generated using a Jinja2 template." }} +{{ "# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's." }} + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### +{% set build_stage_base_image = "rust:1.40" %} +{% set vault_stage_base_image = build_stage_base_image %} +{% if "alpine" in target_file %} +{% set build_stage_base_image = "clux/muslrust:nightly-2019-12-19" %} +{% set runtime_stage_base_image = "alpine:3.11" %} +{% set vault_stage_base_image = runtime_stage_base_image %} +{% set package_arch_name = "" %} +{% elif "amd64" in target_file %} +{% set runtime_stage_base_image = "debian:buster-slim" %} +{% set package_arch_name = "" %} +{% elif "aarch64" in target_file %} +{% set runtime_stage_base_image = "balenalib/aarch64-debian:buster" %} +{% set package_arch_name = "arm64" %} +{% elif "armv6" in target_file %} +{% set runtime_stage_base_image = "balenalib/rpi-debian:buster" %} +{% set package_arch_name = "armel" %} +{% elif "armv7" in target_file %} +{% set runtime_stage_base_image = "balenalib/armv7hf-debian:buster" %} +{% set package_arch_name = "armhf" %} +{% endif %} +{% set package_arch_prefix = ":" + package_arch_name %} +{% if package_arch_name == "" %} +{% set package_arch_prefix = "" %} +{% endif %} +FROM {{ vault_stage_base_image }} as vault + +ENV VAULT_VERSION "v2.12.0b" + +ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" + +{% if "alpine" in vault_stage_base_image %} +RUN apk add --no-cache --upgrade \ + curl \ + tar +{% else %} +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar +{% endif %} + +RUN mkdir /web-vault +WORKDIR /web-vault + +{% if "alpine" in vault_stage_base_image %} +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] +{% else %} +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] +{% endif %} + +RUN curl -L $URL | tar xz +RUN ls + +########################## BUILD IMAGE ########################## +{% if "musl" in build_stage_base_image %} +# Musl build image for statically compiled binary +{% else %} +# We need to use the Rust build image, because +# we need the Rust compiler and Cargo tooling +{% endif %} +FROM {{ build_stage_base_image }} as build + +{% if "sqlite" in target_file %} +# set sqlite as default for DB ARG for backward compatibility +ARG DB=sqlite + +{% elif "mysql" in target_file %} +# set mysql backend +ARG DB=mysql + +{% elif "postgresql" in target_file %} +# set postgresql backend +ARG DB=postgresql + +{% endif %} +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +# Don't download rust docs +RUN rustup set profile minimal + +{% if "alpine" in target_file %} +ENV USER "root" + +{% elif "aarch64" in target_file or "armv" in target_file %} +# Install required build libs for {{ package_arch_name }} architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture {{ package_arch_name }} \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev{{ package_arch_prefix }} \ + libc6-dev{{ package_arch_prefix }} + +{% endif -%} +{% if "aarch64" in target_file %} +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-aarch64-linux-gnu \ + && mkdir -p ~/.cargo \ + && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \ + && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +{% elif "armv6" in target_file %} +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-arm-linux-gnueabi \ + && mkdir -p ~/.cargo \ + && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \ + && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +{% elif "armv6" in target_file %} +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-arm-linux-gnueabihf \ + && mkdir -p ~/.cargo \ + && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ + && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +{% elif "armv7" in target_file %} +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-arm-linux-gnueabihf \ + && mkdir -p ~/.cargo \ + && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ + && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +{% endif %} +{% if "mysql" in target_file %} +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ +{% if "musl" in build_stage_base_image %} + libmysqlclient-dev{{ package_arch_prefix }} \ +{% else %} + libmariadb-dev{{ package_arch_prefix }} \ +{% endif %} + && rm -rf /var/lib/apt/lists/* + +{% elif "postgresql" in target_file %} +# Install PostgreSQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libpq-dev{{ package_arch_prefix }} \ + && rm -rf /var/lib/apt/lists/* + +{% endif %} +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +{% if "aarch64" in target_file %} +ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" +ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +{% elif "armv6" in target_file %} +ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" +ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +{% elif "armv7" in target_file %} +ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" +ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +{% endif -%} + +{% if "alpine" in target_file %} +RUN rustup target add x86_64-unknown-linux-musl + +{% elif "aarch64" in target_file %} +RUN rustup target add aarch64-unknown-linux-gnu + +{% elif "armv6" in target_file %} +RUN rustup target add arm-unknown-linux-gnueabi + +{% elif "armv7" in target_file %} +RUN rustup target add armv7-unknown-linux-gnueabihf +{% endif %} +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +{% if "amd64" in target_file %} +RUN cargo build --features ${DB} --release +{% elif "aarch64" in target_file %} +RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu +{% elif "armv6" in target_file %} +RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi +{% elif "armv7" in target_file %} +RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf +{% endif %} + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM {{ runtime_stage_base_image }} + +ENV ROCKET_ENV "staging" +ENV ROCKET_PORT=80 +ENV ROCKET_WORKERS=10 +{% if "alpine" in runtime_stage_base_image %} +ENV SSL_CERT_DIR=/etc/ssl/certs +{% endif %} + +{% if "amd64" not in target_file %} +RUN [ "cross-build-start" ] + +{% endif %} +# Install needed libraries +{% if "alpine" in runtime_stage_base_image %} +RUN apk add --no-cache \ + openssl \ + curl \ +{% if "sqlite" in target_file %} + sqlite \ +{% elif "mysql" in target_file %} + mariadb-connector-c \ +{% elif "postgresql" in target_file %} + postgresql-libs \ +{% endif %} + ca-certificates +{% else %} +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + openssl \ + ca-certificates \ + curl \ +{% if "sqlite" in target_file %} + sqlite3 \ +{% elif "mysql" in target_file %} + libmariadbclient-dev \ +{% elif "postgresql" in target_file %} + libpq5 \ +{% endif %} + && rm -rf /var/lib/apt/lists/* +{% endif %} + +RUN mkdir /data +{% if "amd64" not in target_file %} + +RUN [ "cross-build-end" ] + +{% endif %} +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +{% if "alpine" in target_file %} +COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . +{% elif "aarch64" in target_file %} +COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs . +{% elif "armv6" in target_file %} +COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs . +{% elif "armv7" in target_file %} +COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs . +{% else %} +COPY --from=build app/target/release/bitwarden_rs . +{% endif %} + +COPY docker/healthcheck.sh ./healthcheck.sh + +HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1 + +# Configures the startup! +WORKDIR / +CMD ["/bitwarden_rs"] diff --git a/docker/Makefile b/docker/Makefile @@ -0,0 +1,9 @@ +OBJECTS := $(shell find -mindepth 2 -name 'Dockerfile*') + +all: $(OBJECTS) + +%/Dockerfile: Dockerfile.j2 render_template + ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" + +%/Dockerfile.alpine: Dockerfile.j2 render_template + ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" diff --git a/docker/aarch64/mysql/Dockerfile b/docker/aarch64/mysql/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -28,9 +39,25 @@ FROM rust:1.40 as build # set mysql backend ARG DB=mysql +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal +# Install required build libs for arm64 architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture arm64 \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:arm64 \ + libc6-dev:arm64 + RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ @@ -42,30 +69,42 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev:arm64 \ + && rm -rf /var/lib/apt/lists/* + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app -# Prepare openssl arm64 libs -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:arm64 \ - libc6-dev:arm64 \ - libmariadb-dev:arm64 +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +RUN rustup target add aarch64-unknown-linux-gnu + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add aarch64-unknown-linux-gnu +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu ######################## RUNTIME IMAGE ######################## @@ -86,14 +125,15 @@ RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/aarch64/sqlite/Dockerfile b/docker/aarch64/sqlite/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,12 +36,28 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal +# Install required build libs for arm64 architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture arm64 \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:arm64 \ + libc6-dev:arm64 + RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ @@ -42,29 +69,36 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app -# Prepare openssl arm64 libs -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:arm64 \ - libc6-dev:arm64 +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +RUN rustup target add aarch64-unknown-linux-gnu + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add aarch64-unknown-linux-gnu +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu ######################## RUNTIME IMAGE ######################## @@ -85,14 +119,15 @@ RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ sqlite3 \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/amd64/mysql/Dockerfile b/docker/amd64/mysql/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -28,6 +39,12 @@ FROM rust:1.40 as build # set mysql backend ARG DB=mysql +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal @@ -38,7 +55,7 @@ RUN apt-get update && apt-get install -y \ && rm -rf /var/lib/apt/lists/* # Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin app +RUN USER=root cargo new --bin /app WORKDIR /app # Copies over *only* your manifests and build files diff --git a/docker/amd64/mysql/Dockerfile.alpine b/docker/amd64/mysql/Dockerfile.alpine @@ -1,4 +1,7 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### @@ -15,7 +18,7 @@ RUN apk add --no-cache --upgrade \ RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -27,29 +30,49 @@ FROM clux/muslrust:nightly-2019-12-19 as build # set mysql backend ARG DB=mysql +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal ENV USER "root" -# Install needed libraries +# Install MySQL package RUN apt-get update && apt-get install -y \ --no-install-recommends \ libmysqlclient-dev \ && rm -rf /var/lib/apt/lists/* +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN rustup target add x86_64-unknown-linux-musl + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -RUN rustup target add x86_64-unknown-linux-musl - # Make sure that we actually build the project RUN touch src/main.rs -# Build +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -65,8 +88,8 @@ ENV SSL_CERT_DIR=/etc/ssl/certs # Install needed libraries RUN apk add --no-cache \ openssl \ - mariadb-connector-c \ curl \ + mariadb-connector-c \ ca-certificates RUN mkdir /data diff --git a/docker/amd64/postgresql/Dockerfile b/docker/amd64/postgresql/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,26 +36,26 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set mysql backend +# set postgresql backend ARG DB=postgresql +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal -# Using bundled SQLite, no need to install it -# RUN apt-get update && apt-get install -y\ -# --no-install-recommends \ -# sqlite3\ -# && rm -rf /var/lib/apt/lists/* - -# Install MySQL package +# Install PostgreSQL package RUN apt-get update && apt-get install -y \ --no-install-recommends \ libpq-dev \ && rm -rf /var/lib/apt/lists/* # Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin app +RUN USER=root cargo new --bin /app WORKDIR /app # Copies over *only* your manifests and build files @@ -84,7 +95,6 @@ RUN apt-get update && apt-get install -y \ openssl \ ca-certificates \ curl \ - sqlite3 \ libpq5 \ && rm -rf /var/lib/apt/lists/* diff --git a/docker/amd64/postgresql/Dockerfile.alpine b/docker/amd64/postgresql/Dockerfile.alpine @@ -1,4 +1,7 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### @@ -15,7 +18,7 @@ RUN apk add --no-cache --upgrade \ RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -27,29 +30,49 @@ FROM clux/muslrust:nightly-2019-12-19 as build # set postgresql backend ARG DB=postgresql +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal ENV USER "root" -# Install needed libraries +# Install PostgreSQL package RUN apt-get update && apt-get install -y \ --no-install-recommends \ libpq-dev \ && rm -rf /var/lib/apt/lists/* +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN rustup target add x86_64-unknown-linux-musl + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -RUN rustup target add x86_64-unknown-linux-musl - # Make sure that we actually build the project RUN touch src/main.rs -# Build +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -65,9 +88,8 @@ ENV SSL_CERT_DIR=/etc/ssl/certs # Install needed libraries RUN apk add --no-cache \ openssl \ - postgresql-libs \ curl \ - sqlite \ + postgresql-libs \ ca-certificates RUN mkdir /data diff --git a/docker/amd64/sqlite/Dockerfile b/docker/amd64/sqlite/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,14 +36,20 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal # Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin app +RUN USER=root cargo new --bin /app WORKDIR /app # Copies over *only* your manifests and build files diff --git a/docker/amd64/sqlite/Dockerfile.alpine b/docker/amd64/sqlite/Dockerfile.alpine @@ -1,4 +1,7 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### @@ -15,7 +18,7 @@ RUN apk add --no-cache --upgrade \ RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -24,26 +27,46 @@ RUN ls # Musl build image for statically compiled binary FROM clux/muslrust:nightly-2019-12-19 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal ENV USER "root" +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN rustup target add x86_64-unknown-linux-musl + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -RUN rustup target add x86_64-unknown-linux-musl - # Make sure that we actually build the project RUN touch src/main.rs -# Build +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -78,7 +101,6 @@ COPY docker/healthcheck.sh ./healthcheck.sh HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1 - # Configures the startup! WORKDIR / CMD ["/bitwarden_rs"] diff --git a/docker/armv6/mysql/Dockerfile b/docker/armv6/mysql/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -28,9 +39,25 @@ FROM rust:1.40 as build # set mysql backend ARG DB=mysql +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal +# Install required build libs for armel architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture armel \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:armel \ + libc6-dev:armel + RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ @@ -42,30 +69,42 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev:armel \ + && rm -rf /var/lib/apt/lists/* + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app -# Prepare openssl armel libs -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armel \ - libc6-dev:armel \ - libmariadb-dev:armel +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +RUN rustup target add arm-unknown-linux-gnueabi + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add arm-unknown-linux-gnueabi +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi ######################## RUNTIME IMAGE ######################## @@ -90,10 +129,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/armv6/sqlite/Dockerfile b/docker/armv6/sqlite/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,12 +36,28 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal +# Install required build libs for armel architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture armel \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:armel \ + libc6-dev:armel + RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ @@ -42,29 +69,36 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app -# Prepare openssl armel libs -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armel \ - libc6-dev:armel +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +RUN rustup target add arm-unknown-linux-gnueabi + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add arm-unknown-linux-gnueabi +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi ######################## RUNTIME IMAGE ######################## @@ -89,10 +123,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/armv7/mysql/Dockerfile b/docker/armv7/mysql/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -28,9 +39,25 @@ FROM rust:1.40 as build # set mysql backend ARG DB=mysql +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal +# Install required build libs for armhf architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture armhf \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:armhf \ + libc6-dev:armhf + RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ @@ -42,31 +69,41 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" -WORKDIR /app +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev:armhf \ + && rm -rf /var/lib/apt/lists/* -# Prepare openssl armhf libs -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armhf \ - libc6-dev:armhf \ - libmariadb-dev:armhf +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +RUN rustup target add armv7-unknown-linux-gnueabihf +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add armv7-unknown-linux-gnueabihf +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf ######################## RUNTIME IMAGE ######################## @@ -91,10 +128,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/armv7/sqlite/Dockerfile b/docker/armv7/sqlite/Dockerfile @@ -1,21 +1,32 @@ -# Using multistage build: +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM rust:1.40 as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,12 +36,28 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite +# Build time options to avoid dpkg warnings and help with reproducible builds. +ARG DEBIAN_FRONTEND=noninteractive +ARG LANG=C.UTF-8 +ARG TZ=UTC +ARG TERM=xterm-256color + # Don't download rust docs RUN rustup set profile minimal +# Install required build libs for armhf architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture armhf \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:armhf \ + libc6-dev:armhf + RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ @@ -42,29 +69,35 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app WORKDIR /app -# Prepare openssl armhf libs -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armhf \ - libc6-dev:armhf +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +RUN rustup target add armv7-unknown-linux-gnueabihf +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add armv7-unknown-linux-gnueabihf +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf ######################## RUNTIME IMAGE ######################## @@ -89,10 +122,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/render_template b/docker/render_template @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 + +import os, argparse, json + +import jinja2 + +args_parser = argparse.ArgumentParser() +args_parser.add_argument('template_file', help='Jinja2 template file to render.') +args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.') +cli_args = args_parser.parse_args() + +render_vars = json.loads(cli_args.render_vars) +environment = jinja2.Environment( + loader=jinja2.FileSystemLoader(os.getcwd()), + trim_blocks=True, +) +print(environment.get_template(cli_args.template_file).render(render_vars))