vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 8280d200ea6c39757783f02756eb45141d3e50fe
parent f250c5481302280360a89c25a5fd02607b91c53f
Author: Robin Schneider <ypid@riseup.net>
Date:   Sat, 28 Dec 2019 22:52:01 +0100

Generate Dockerfiles from one source for maintainability. Closes #785.

Diffstat:
Adocker/Dockerfile.j2 | 276+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Adocker/Makefile | 9+++++++++
Mdocker/aarch64/mysql/Dockerfile | 52++++++++++++++++++++++++++++++++++++++++------------
Mdocker/aarch64/sqlite/Dockerfile | 45++++++++++++++++++++++++++++++++++-----------
Mdocker/amd64/mysql/Dockerfile | 19+++++++++++++------
Mdocker/amd64/mysql/Dockerfile.alpine | 31+++++++++++++++++++++++--------
Mdocker/amd64/postgresql/Dockerfile | 30+++++++++++++++---------------
Mdocker/amd64/postgresql/Dockerfile.alpine | 30++++++++++++++++++++++--------
Mdocker/amd64/sqlite/Dockerfile | 5+++--
Mdocker/amd64/sqlite/Dockerfile.alpine | 28+++++++++++++++++++++-------
Mdocker/armv6/mysql/Dockerfile | 52+++++++++++++++++++++++++++++++++++++++-------------
Mdocker/armv6/sqlite/Dockerfile | 45+++++++++++++++++++++++++++++++++------------
Mdocker/armv7/mysql/Dockerfile | 64+++++++++++++++++++++++++++++++++++++---------------------------
Mdocker/armv7/sqlite/Dockerfile | 60+++++++++++++++++++++++++++++++++---------------------------
Adocker/render_template | 17+++++++++++++++++
15 files changed, 615 insertions(+), 148 deletions(-)

diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -0,0 +1,276 @@ +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### +{% if "alpine" in target_file %} +{% set preferred_base_image = "alpine:3.11" %} +{% set package_arch_name = "" %} +{% elif "amd64" in target_file %} +{% set preferred_base_image = "debian:buster-slim" %} +{% set package_arch_name = "" %} +{% elif "aarch64" in target_file %} +{% set preferred_base_image = "balenalib/aarch64-debian:buster" %} +{% set package_arch_name = "arm64" %} +{% elif "armv6" in target_file %} +{% set preferred_base_image = "balenalib/rpi-debian:buster" %} +{% set package_arch_name = "armel" %} +{% elif "armv7" in target_file %} +{% set preferred_base_image = "balenalib/armv7hf-debian:buster" %} +{% set package_arch_name = "armhf" %} +{% endif %} +{% set package_arch_prefix = ":" + package_arch_name %} +{% if package_arch_name == "" %} +{% set package_arch_prefix = "" %} +{% endif %} +FROM {{ preferred_base_image }} as vault + +ENV VAULT_VERSION "v2.12.0b" + +ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" + +{% if "alpine" in target_file %} +RUN apk add --no-cache --upgrade \ + curl \ + tar +{% else %} +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar +{% endif %} + +RUN mkdir /web-vault +WORKDIR /web-vault + +{% if "alpine" in target_file %} +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] +{% else %} +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] +{% endif %} + +RUN curl -L $URL | tar xz +RUN ls + +########################## BUILD IMAGE ########################## +{% if "alpine" in target_file %} +# Musl build image for statically compiled binary +FROM clux/muslrust:nightly-2019-12-19 as build +{% else %} +# We need to use the Rust build image, because +# we need the Rust compiler and Cargo tooling +FROM rust:1.40 as build +{% endif %} + +{% if "sqlite" in target_file %} +# set sqlite as default for DB ARG for backward compatibility +ARG DB=sqlite +{% elif "mysql" in target_file %} +# set mysql backend +ARG DB=mysql +{% elif "postgresql" in target_file %} +# set postgresql backend +ARG DB=postgresql +{% endif %} + +# Don't download rust docs +RUN rustup set profile minimal + +{% if "alpine" in target_file %} +ENV USER "root" + +{% endif %} +{% if "aarch64" in target_file %} +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-aarch64-linux-gnu \ + && mkdir -p ~/.cargo \ + && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \ + && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +{% elif "armv6" in target_file %} +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-arm-linux-gnueabi \ + && mkdir -p ~/.cargo \ + && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \ + && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +{% elif "armv6" in target_file %} +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-arm-linux-gnueabihf \ + && mkdir -p ~/.cargo \ + && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ + && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +{% endif %} +{% if "mysql" in target_file %} +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev{{ package_arch_prefix }} \ + && rm -rf /var/lib/apt/lists/* + +{% elif "postgresql" in target_file %} +# Install PostgreSQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libpq-dev{{ package_arch_prefix }} \ + && rm -rf /var/lib/apt/lists/* + +{% endif %} +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app +WORKDIR /app + +{% if "aarch64" in target_file or "armv" in target_file %} +# Install required build libs for {{ package_arch_name }} architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture {{ package_arch_name }} \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev{{ package_arch_prefix }} \ + libc6-dev{{ package_arch_prefix }} + +{% endif -%} + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +{% if "aarch64" in target_file %} +ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" +ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +{% elif "armv6" in target_file %} +ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" +ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +{% endif -%} + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +{% if "alpine" in target_file %} +RUN rustup target add x86_64-unknown-linux-musl + +{% endif %} +# Builds again, this time it'll just be +# your actual source files being built +{% if "amd64" in target_file %} +RUN cargo build --features ${DB} --release +{% elif "aarch64" in target_file %} +RUN rustup target add aarch64-unknown-linux-gnu +RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu +{% endif %} + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM {{ preferred_base_image }} + +ENV ROCKET_ENV "staging" +ENV ROCKET_PORT=80 +ENV ROCKET_WORKERS=10 +{% if "alpine" in target_file %} +ENV SSL_CERT_DIR=/etc/ssl/certs +{% endif %} + +{% if "amd64" not in target_file %} +RUN [ "cross-build-start" ] +{% endif %} + +# Install needed libraries +{% if "alpine" in target_file %} +RUN apk add --no-cache \ + openssl \ + curl \ +{% if "sqlite" in target_file %} + sqlite \ +{% elif "mysql" in target_file %} + mariadb-connector-c \ +{% elif "postgresql" in target_file %} + postgresql-libs \ +{% endif %} + ca-certificates +{% else %} +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + openssl \ + ca-certificates \ + curl \ +{% if "sqlite" in target_file %} + sqlite3 \ +{% elif "mysql" in target_file %} + libmariadbclient-dev \ +{% elif "postgresql" in target_file %} + libpq5 \ +{% endif %} + && rm -rf /var/lib/apt/lists/* +{% endif %} + +RUN mkdir /data +{% if "amd64" not in target_file %} + +RUN [ "cross-build-end" ] + +{% endif %} +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +{% if "alpine" in target_file %} +COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . +{% elif "aarch64" in target_file %} +COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs . +{% elif "armv6" in target_file %} +COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs . +{% elif "armv7" in target_file %} +COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs . +{% else %} +COPY --from=build app/target/release/bitwarden_rs . +{% endif %} + +COPY docker/healthcheck.sh ./healthcheck.sh + +HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1 + +# Configures the startup! +WORKDIR / +CMD ["/bitwarden_rs"] diff --git a/docker/Makefile b/docker/Makefile @@ -0,0 +1,9 @@ +OBJECTS := $(shell find -mindepth 2 -name 'Dockerfile*') + +all: $(OBJECTS) + +%/Dockerfile: Dockerfile.j2 render_template + ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" + +%/Dockerfile.alpine: Dockerfile.j2 render_template + ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" diff --git a/docker/aarch64/mysql/Dockerfile b/docker/aarch64/mysql/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM balenalib/aarch64-debian:buster as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -42,9 +48,17 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev:arm64 \ + && rm -rf /var/lib/apt/lists/* + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app -# Prepare openssl arm64 libs +# Install required build libs for arm64 architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ && dpkg --add-architecture arm64 \ @@ -52,19 +66,32 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ && apt-get install -y \ --no-install-recommends \ libssl-dev:arm64 \ - libc6-dev:arm64 \ - libmariadb-dev:arm64 + libc6-dev:arm64 + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN rustup target add aarch64-unknown-linux-gnu RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu @@ -86,14 +113,15 @@ RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/aarch64/sqlite/Dockerfile b/docker/aarch64/sqlite/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM balenalib/aarch64-debian:buster as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,7 +31,7 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite # Don't download rust docs @@ -42,9 +48,11 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app -# Prepare openssl arm64 libs +# Install required build libs for arm64 architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ && dpkg --add-architecture arm64 \ @@ -54,16 +62,30 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ libssl-dev:arm64 \ libc6-dev:arm64 +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built RUN rustup target add aarch64-unknown-linux-gnu RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu @@ -85,14 +107,15 @@ RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ sqlite3 \ - && rm -rf /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/amd64/mysql/Dockerfile b/docker/amd64/mysql/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM debian:buster-slim as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -72,6 +78,7 @@ ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 + # Install needed libraries RUN apt-get update && apt-get install -y \ --no-install-recommends \ diff --git a/docker/amd64/mysql/Dockerfile.alpine b/docker/amd64/mysql/Dockerfile.alpine @@ -1,4 +1,4 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### @@ -15,7 +15,7 @@ RUN apk add --no-cache --upgrade \ RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -32,24 +32,38 @@ RUN rustup set profile minimal ENV USER "root" -# Install needed libraries +# Install MySQL package RUN apt-get update && apt-get install -y \ --no-install-recommends \ - libmysqlclient-dev \ + libmariadb-dev \ && rm -rf /var/lib/apt/lists/* +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -RUN rustup target add x86_64-unknown-linux-musl - # Make sure that we actually build the project RUN touch src/main.rs -# Build +RUN rustup target add x86_64-unknown-linux-musl + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -62,11 +76,12 @@ ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 ENV SSL_CERT_DIR=/etc/ssl/certs + # Install needed libraries RUN apk add --no-cache \ openssl \ - mariadb-connector-c \ curl \ + mariadb-connector-c \ ca-certificates RUN mkdir /data diff --git a/docker/amd64/postgresql/Dockerfile b/docker/amd64/postgresql/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM debian:buster-slim as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,19 +31,13 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set mysql backend +# set postgresql backend ARG DB=postgresql # Don't download rust docs RUN rustup set profile minimal -# Using bundled SQLite, no need to install it -# RUN apt-get update && apt-get install -y\ -# --no-install-recommends \ -# sqlite3\ -# && rm -rf /var/lib/apt/lists/* - -# Install MySQL package +# Install PostgreSQL package RUN apt-get update && apt-get install -y \ --no-install-recommends \ libpq-dev \ @@ -78,13 +78,13 @@ ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 + # Install needed libraries RUN apt-get update && apt-get install -y \ --no-install-recommends \ openssl \ ca-certificates \ curl \ - sqlite3 \ libpq5 \ && rm -rf /var/lib/apt/lists/* diff --git a/docker/amd64/postgresql/Dockerfile.alpine b/docker/amd64/postgresql/Dockerfile.alpine @@ -1,4 +1,4 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### @@ -15,7 +15,7 @@ RUN apk add --no-cache --upgrade \ RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -32,24 +32,38 @@ RUN rustup set profile minimal ENV USER "root" -# Install needed libraries +# Install PostgreSQL package RUN apt-get update && apt-get install -y \ --no-install-recommends \ libpq-dev \ && rm -rf /var/lib/apt/lists/* +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -RUN rustup target add x86_64-unknown-linux-musl - # Make sure that we actually build the project RUN touch src/main.rs -# Build +RUN rustup target add x86_64-unknown-linux-musl + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -62,12 +76,12 @@ ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 ENV SSL_CERT_DIR=/etc/ssl/certs + # Install needed libraries RUN apk add --no-cache \ openssl \ - postgresql-libs \ curl \ - sqlite \ + postgresql-libs \ ca-certificates RUN mkdir /data diff --git a/docker/amd64/sqlite/Dockerfile b/docker/amd64/sqlite/Dockerfile @@ -1,4 +1,4 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### @@ -31,7 +31,7 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite # Don't download rust docs @@ -72,6 +72,7 @@ ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 + # Install needed libraries RUN apt-get update && apt-get install -y \ --no-install-recommends \ diff --git a/docker/amd64/sqlite/Dockerfile.alpine b/docker/amd64/sqlite/Dockerfile.alpine @@ -1,4 +1,4 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### @@ -15,7 +15,7 @@ RUN apk add --no-cache --upgrade \ RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -24,7 +24,7 @@ RUN ls # Musl build image for statically compiled binary FROM clux/muslrust:nightly-2019-12-19 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite # Don't download rust docs @@ -32,18 +32,32 @@ RUN rustup set profile minimal ENV USER "root" +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -RUN rustup target add x86_64-unknown-linux-musl - # Make sure that we actually build the project RUN touch src/main.rs -# Build +RUN rustup target add x86_64-unknown-linux-musl + +# Builds again, this time it'll just be +# your actual source files being built RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -56,6 +70,7 @@ ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 ENV SSL_CERT_DIR=/etc/ssl/certs + # Install needed libraries RUN apk add --no-cache \ openssl \ @@ -78,7 +93,6 @@ COPY docker/healthcheck.sh ./healthcheck.sh HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1 - # Configures the startup! WORKDIR / CMD ["/bitwarden_rs"] diff --git a/docker/armv6/mysql/Dockerfile b/docker/armv6/mysql/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM balenalib/rpi-debian:buster as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -42,9 +48,17 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev:armel \ + && rm -rf /var/lib/apt/lists/* + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app -# Prepare openssl armel libs +# Install required build libs for armel architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ && dpkg --add-architecture armel \ @@ -52,21 +66,32 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ && apt-get install -y \ --no-install-recommends \ libssl-dev:armel \ - libc6-dev:armel \ - libmariadb-dev:armel + libc6-dev:armel + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add arm-unknown-linux-gnueabi -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image @@ -90,10 +115,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/armv6/sqlite/Dockerfile b/docker/armv6/sqlite/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM balenalib/rpi-debian:buster as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,7 +31,7 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite # Don't download rust docs @@ -42,9 +48,11 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app -# Prepare openssl armel libs +# Install required build libs for armel architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ && dpkg --add-architecture armel \ @@ -54,18 +62,30 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ libssl-dev:armel \ libc6-dev:armel +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add arm-unknown-linux-gnueabi -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image @@ -89,10 +109,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/armv7/mysql/Dockerfile b/docker/armv7/mysql/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM balenalib/armv7hf-debian:buster as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -31,20 +37,17 @@ ARG DB=mysql # Don't download rust docs RUN rustup set profile minimal -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - && mkdir -p ~/.cargo \ - && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" +# Install MySQL package +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev:armhf \ + && rm -rf /var/lib/apt/lists/* +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app -# Prepare openssl armhf libs +# Install required build libs for armhf architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ && dpkg --add-architecture armhf \ @@ -52,22 +55,28 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ && apt-get install -y \ --no-install-recommends \ libssl-dev:armhf \ - libc6-dev:armhf \ - libmariadb-dev:armhf + libc6-dev:armhf +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add armv7-unknown-linux-gnueabihf -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image @@ -91,10 +100,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/armv7/sqlite/Dockerfile b/docker/armv7/sqlite/Dockerfile @@ -1,21 +1,27 @@ -# Using multistage build: +# Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -FROM alpine:3.11 as vault +FROM balenalib/armv7hf-debian:buster as vault ENV VAULT_VERSION "v2.12.0b" ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz" -RUN apk add --no-cache --upgrade \ - curl \ - tar +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color + +RUN apt update -y \ + && apt install -y \ + curl \ + tar RUN mkdir /web-vault WORKDIR /web-vault -SHELL ["/bin/ash", "-eo", "pipefail", "-c"] +SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"] RUN curl -L $URL | tar xz RUN ls @@ -25,26 +31,17 @@ RUN ls # we need the Rust compiler and Cargo tooling FROM rust:1.40 as build -# set sqlite as default for DB ARG for backward comaptibility +# set sqlite as default for DB ARG for backward compatibility ARG DB=sqlite # Don't download rust docs RUN rustup set profile minimal -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - && mkdir -p ~/.cargo \ - && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin app WORKDIR /app -# Prepare openssl armhf libs +# Install required build libs for armhf architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ && dpkg --add-architecture armhf \ @@ -54,18 +51,26 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ libssl-dev:armhf \ libc6-dev:armhf -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Build -RUN rustup target add armv7-unknown-linux-gnueabihf -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image @@ -89,10 +94,11 @@ RUN apt-get update && apt-get install -y \ RUN mkdir /data -RUN [ "cross-build-end" ] +RUN [ "cross-build-end" ] VOLUME /data EXPOSE 80 +EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage diff --git a/docker/render_template b/docker/render_template @@ -0,0 +1,17 @@ +#!/usr/bin/env python3 + +import os, argparse, json + +import jinja2 + +args_parser = argparse.ArgumentParser() +args_parser.add_argument('template_file', help='Jinja2 template file to render.') +args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.') +cli_args = args_parser.parse_args() + +render_vars = json.loads(cli_args.render_vars) +environment = jinja2.Environment( + loader=jinja2.FileSystemLoader(os.getcwd()), + trim_blocks=True, +) +print(environment.get_template(cli_args.template_file).render(render_vars))