-
Notifications
You must be signed in to change notification settings - Fork 336
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Docker: Mount rust from image at build time instead of downloading it
This ensures that rust is not left behind in the image
- Loading branch information
1 parent
706b994
commit 8e1f00d
Showing
21 changed files
with
406 additions
and
524 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
FROM rust:1.83.0-bookworm AS build | ||
|
||
RUN set -ex \ | ||
&& savedAptMark="$(apt-mark showmanual)" \ | ||
&& apt-get update \ | ||
&& apt-get install --no-install-recommends --no-install-suggests -y \ | ||
ca-certificates git build-essential libssl-dev libpcre2-dev curl pkg-config libclang-dev cmake \ | ||
&& mkdir -p /usr/src/unit \ | ||
&& cd /usr/src/unit \ | ||
&& git clone --depth 1 -b 1.34.0-1 https://github.com/nginx/unit \ | ||
&& cd unit \ | ||
&& NCPU="$(getconf _NPROCESSORS_ONLN)" \ | ||
&& DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ | ||
&& CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ | ||
&& LD_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_LDFLAGS_MAINT_APPEND="-Wl,--as-needed -pie" dpkg-buildflags --get LDFLAGS)" \ | ||
&& CONFIGURE_ARGS_MODULES="--prefix=/usr \ | ||
--statedir=/var/lib/unit \ | ||
--control=unix:/var/run/control.unit.sock \ | ||
--runstatedir=/var/run \ | ||
--pid=/var/run/unit.pid \ | ||
--logdir=/var/log \ | ||
--log=/var/log/unit.log \ | ||
--tmpdir=/var/tmp \ | ||
--user=unit \ | ||
--group=unit \ | ||
--openssl \ | ||
--libdir=/usr/lib/$DEB_HOST_MULTIARCH" \ | ||
&& CONFIGURE_ARGS="$CONFIGURE_ARGS_MODULES \ | ||
--njs \ | ||
--otel" \ | ||
&& make -j $NCPU -C pkg/contrib .njs \ | ||
&& export PKG_CONFIG_PATH=$(pwd)/pkg/contrib/njs/build \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/debug-modules --debug \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd-debug \ | ||
&& make clean \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/modules \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd \ | ||
&& install -pm644 build/lib/libnxt.a /usr/lib/libnxt.a \ | ||
&& make clean \ | ||
&& cd \ | ||
&& rm -rf /usr/src/unit \ | ||
&& apt-mark showmanual | xargs apt-mark auto > /dev/null \ | ||
&& { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } | ||
|
||
FROM debian:bookworm-slim | ||
|
||
LABEL org.opencontainers.image.title="Unit (base)" | ||
LABEL org.opencontainers.image.description="Official build of Unit for Docker." | ||
LABEL org.opencontainers.image.url="https://unit.nginx.org" | ||
LABEL org.opencontainers.image.source="https://github.com/nginx/unit" | ||
LABEL org.opencontainers.image.documentation="https://unit.nginx.org/installation/#docker-images" | ||
LABEL org.opencontainers.image.vendor="NGINX Docker Maintainers <[email protected]>" | ||
LABEL org.opencontainers.image.version="1.34.0" | ||
|
||
RUN set -ex \ | ||
&& mkdir -p /var/lib/unit/ \ | ||
&& mkdir -p /docker-entrypoint.d/ \ | ||
&& groupadd --gid 999 unit \ | ||
&& useradd \ | ||
--uid 999 \ | ||
--gid unit \ | ||
--no-create-home \ | ||
--home /nonexistent \ | ||
--comment "unit user" \ | ||
--shell /bin/false \ | ||
unit \ | ||
&& ln -sf /dev/stderr /var/log/unit.log | ||
|
||
COPY --from=build /usr/sbin/unitd* /usr/sbin/ | ||
COPY --from=build /usr/lib/libnxt.a /usr/lib/libnxt.a | ||
|
||
RUN set -ex \ | ||
&& for f in /usr/sbin/unitd /usr/lib/unit/modules/*.unit.so; do \ | ||
ldd $f | awk '/=>/{print $(NF-1)}' | while read n; do dpkg-query -S $n; done | sed 's/^\([^:]\+\):.*$/\1/' | sort | uniq >> /requirements.apt; \ | ||
done \ | ||
&& apt-get update \ | ||
&& apt-get --no-install-recommends --no-install-suggests -y install curl $(cat /requirements.apt) \ | ||
&& apt-get purge -y --auto-remove build-essential \ | ||
&& rm -rf /var/lib/apt/lists/* \ | ||
&& rm -f /requirements.apt | ||
|
||
COPY docker-entrypoint.sh /usr/local/bin/ | ||
COPY welcome.* /usr/share/unit/welcome/ | ||
|
||
STOPSIGNAL SIGTERM | ||
|
||
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] | ||
EXPOSE 80 | ||
CMD ["unitd", "--no-daemon", "--control", "unix:/var/run/control.unit.sock"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
FROM rust:1.83.0-bookworm AS rust-build | ||
|
||
FROM golang:1.22-bookworm | ||
|
||
LABEL org.opencontainers.image.title="Unit (go1.22)" | ||
|
@@ -8,30 +10,18 @@ LABEL org.opencontainers.image.documentation="https://unit.nginx.org/installatio | |
LABEL org.opencontainers.image.vendor="NGINX Docker Maintainers <[email protected]>" | ||
LABEL org.opencontainers.image.version="1.34.0" | ||
|
||
RUN set -ex \ | ||
COPY --from=unit:1.34.0-base /usr/sbin/unitd* /usr/sbin/ | ||
COPY --from=unit:1.34.0-base /usr/lib/libnxt.a /usr/lib/libnxt.a | ||
|
||
RUN --mount=type=bind,target=/rust,from=rust-build,rw \ | ||
set -ex \ | ||
&& savedAptMark="$(apt-mark showmanual)" \ | ||
&& apt-get update \ | ||
&& apt-get install --no-install-recommends --no-install-suggests -y \ | ||
ca-certificates git build-essential libssl-dev libpcre2-dev curl pkg-config libclang-dev cmake \ | ||
&& export RUST_VERSION=1.83.0 \ | ||
&& export RUSTUP_HOME=/usr/src/unit/rustup \ | ||
&& export CARGO_HOME=/usr/src/unit/cargo \ | ||
&& export PATH=/usr/src/unit/cargo/bin:$PATH \ | ||
&& dpkgArch="$(dpkg --print-architecture)" \ | ||
&& case "${dpkgArch##*-}" in \ | ||
amd64) rustArch="x86_64-unknown-linux-gnu"; rustupSha256="6aeece6993e902708983b209d04c0d1dbb14ebb405ddb87def578d41f920f56d" ;; \ | ||
arm64) rustArch="aarch64-unknown-linux-gnu"; rustupSha256="1cffbf51e63e634c746f741de50649bbbcbd9dbe1de363c9ecef64e278dba2b2" ;; \ | ||
*) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \ | ||
esac \ | ||
&& url="https://static.rust-lang.org/rustup/archive/1.27.1/${rustArch}/rustup-init" \ | ||
&& curl -L -O "$url" \ | ||
&& echo "${rustupSha256} *rustup-init" | sha256sum -c - \ | ||
&& chmod +x rustup-init \ | ||
&& ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION --default-host ${rustArch} \ | ||
&& rm rustup-init \ | ||
&& rustup --version \ | ||
&& cargo --version \ | ||
&& rustc --version \ | ||
&& export RUSTUP_HOME=/rust/usr/src/unit/rustup \ | ||
&& export CARGO_HOME=/rust/usr/src/unit/cargo \ | ||
&& export PATH=/rust/usr/local/cargo/bin/:$PATH \ | ||
&& mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ | ||
&& mkdir -p /usr/src/unit \ | ||
&& cd /usr/src/unit \ | ||
|
@@ -58,14 +48,6 @@ RUN set -ex \ | |
--otel" \ | ||
&& make -j $NCPU -C pkg/contrib .njs \ | ||
&& export PKG_CONFIG_PATH=$(pwd)/pkg/contrib/njs/build \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/debug-modules --debug \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd-debug \ | ||
&& make clean \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/modules \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd \ | ||
&& make clean \ | ||
&& /bin/true \ | ||
&& ./configure $CONFIGURE_ARGS_MODULES --cc-opt="$CC_OPT" --modulesdir=/usr/lib/unit/debug-modules --debug \ | ||
&& ./configure go --go-path=$GOPATH \ | ||
|
@@ -74,6 +56,7 @@ RUN set -ex \ | |
&& ./configure $CONFIGURE_ARGS_MODULES --cc-opt="$CC_OPT" --modulesdir=/usr/lib/unit/modules \ | ||
&& ./configure go --go-path=$GOPATH \ | ||
&& make -j $NCPU go-install-src libunit-install \ | ||
&& install build/lib/libunit.a /usr/lib/ \ | ||
&& cd \ | ||
&& rm -rf /usr/src/unit \ | ||
&& for f in /usr/sbin/unitd /usr/lib/unit/modules/*.unit.so; do \ | ||
|
@@ -95,7 +78,7 @@ RUN set -ex \ | |
unit \ | ||
&& apt-get update \ | ||
&& apt-get --no-install-recommends --no-install-suggests -y install curl $(cat /requirements.apt) \ | ||
&& apt-get purge -y --auto-remove build-essential \ | ||
&& apt-get purge -y --auto-remove git build-essential libssl-dev libpcre2-dev libclang-dev cmake \ | ||
&& rm -rf /var/lib/apt/lists/* \ | ||
&& rm -f /requirements.apt \ | ||
&& ln -sf /dev/stderr /var/log/unit.log | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
FROM rust:1.83.0-bookworm AS rust-build | ||
|
||
FROM golang:1.23-bookworm | ||
|
||
LABEL org.opencontainers.image.title="Unit (go1.23)" | ||
|
@@ -8,30 +10,18 @@ LABEL org.opencontainers.image.documentation="https://unit.nginx.org/installatio | |
LABEL org.opencontainers.image.vendor="NGINX Docker Maintainers <[email protected]>" | ||
LABEL org.opencontainers.image.version="1.34.0" | ||
|
||
RUN set -ex \ | ||
COPY --from=unit:1.34.0-base /usr/sbin/unitd* /usr/sbin/ | ||
COPY --from=unit:1.34.0-base /usr/lib/libnxt.a /usr/lib/libnxt.a | ||
|
||
RUN --mount=type=bind,target=/rust,from=rust-build,rw \ | ||
set -ex \ | ||
&& savedAptMark="$(apt-mark showmanual)" \ | ||
&& apt-get update \ | ||
&& apt-get install --no-install-recommends --no-install-suggests -y \ | ||
ca-certificates git build-essential libssl-dev libpcre2-dev curl pkg-config libclang-dev cmake \ | ||
&& export RUST_VERSION=1.83.0 \ | ||
&& export RUSTUP_HOME=/usr/src/unit/rustup \ | ||
&& export CARGO_HOME=/usr/src/unit/cargo \ | ||
&& export PATH=/usr/src/unit/cargo/bin:$PATH \ | ||
&& dpkgArch="$(dpkg --print-architecture)" \ | ||
&& case "${dpkgArch##*-}" in \ | ||
amd64) rustArch="x86_64-unknown-linux-gnu"; rustupSha256="6aeece6993e902708983b209d04c0d1dbb14ebb405ddb87def578d41f920f56d" ;; \ | ||
arm64) rustArch="aarch64-unknown-linux-gnu"; rustupSha256="1cffbf51e63e634c746f741de50649bbbcbd9dbe1de363c9ecef64e278dba2b2" ;; \ | ||
*) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \ | ||
esac \ | ||
&& url="https://static.rust-lang.org/rustup/archive/1.27.1/${rustArch}/rustup-init" \ | ||
&& curl -L -O "$url" \ | ||
&& echo "${rustupSha256} *rustup-init" | sha256sum -c - \ | ||
&& chmod +x rustup-init \ | ||
&& ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION --default-host ${rustArch} \ | ||
&& rm rustup-init \ | ||
&& rustup --version \ | ||
&& cargo --version \ | ||
&& rustc --version \ | ||
&& export RUSTUP_HOME=/rust/usr/src/unit/rustup \ | ||
&& export CARGO_HOME=/rust/usr/src/unit/cargo \ | ||
&& export PATH=/rust/usr/local/cargo/bin/:$PATH \ | ||
&& mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ | ||
&& mkdir -p /usr/src/unit \ | ||
&& cd /usr/src/unit \ | ||
|
@@ -58,14 +48,6 @@ RUN set -ex \ | |
--otel" \ | ||
&& make -j $NCPU -C pkg/contrib .njs \ | ||
&& export PKG_CONFIG_PATH=$(pwd)/pkg/contrib/njs/build \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/debug-modules --debug \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd-debug \ | ||
&& make clean \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/modules \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd \ | ||
&& make clean \ | ||
&& /bin/true \ | ||
&& ./configure $CONFIGURE_ARGS_MODULES --cc-opt="$CC_OPT" --modulesdir=/usr/lib/unit/debug-modules --debug \ | ||
&& ./configure go --go-path=$GOPATH \ | ||
|
@@ -74,6 +56,7 @@ RUN set -ex \ | |
&& ./configure $CONFIGURE_ARGS_MODULES --cc-opt="$CC_OPT" --modulesdir=/usr/lib/unit/modules \ | ||
&& ./configure go --go-path=$GOPATH \ | ||
&& make -j $NCPU go-install-src libunit-install \ | ||
&& install build/lib/libunit.a /usr/lib/ \ | ||
&& cd \ | ||
&& rm -rf /usr/src/unit \ | ||
&& for f in /usr/sbin/unitd /usr/lib/unit/modules/*.unit.so; do \ | ||
|
@@ -95,7 +78,7 @@ RUN set -ex \ | |
unit \ | ||
&& apt-get update \ | ||
&& apt-get --no-install-recommends --no-install-suggests -y install curl $(cat /requirements.apt) \ | ||
&& apt-get purge -y --auto-remove build-essential \ | ||
&& apt-get purge -y --auto-remove git build-essential libssl-dev libpcre2-dev libclang-dev cmake \ | ||
&& rm -rf /var/lib/apt/lists/* \ | ||
&& rm -f /requirements.apt \ | ||
&& ln -sf /dev/stderr /var/log/unit.log | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
FROM rust:1.83.0-bookworm AS rust-build | ||
|
||
FROM eclipse-temurin:11-jdk-jammy | ||
|
||
LABEL org.opencontainers.image.title="Unit (jsc11)" | ||
|
@@ -8,30 +10,18 @@ LABEL org.opencontainers.image.documentation="https://unit.nginx.org/installatio | |
LABEL org.opencontainers.image.vendor="NGINX Docker Maintainers <[email protected]>" | ||
LABEL org.opencontainers.image.version="1.34.0" | ||
|
||
RUN set -ex \ | ||
COPY --from=unit:1.34.0-base /usr/sbin/unitd* /usr/sbin/ | ||
COPY --from=unit:1.34.0-base /usr/lib/libnxt.a /usr/lib/libnxt.a | ||
|
||
RUN --mount=type=bind,target=/rust,from=rust-build,rw \ | ||
set -ex \ | ||
&& savedAptMark="$(apt-mark showmanual)" \ | ||
&& apt-get update \ | ||
&& apt-get install --no-install-recommends --no-install-suggests -y \ | ||
ca-certificates git build-essential libssl-dev libpcre2-dev curl pkg-config libclang-dev cmake \ | ||
&& export RUST_VERSION=1.83.0 \ | ||
&& export RUSTUP_HOME=/usr/src/unit/rustup \ | ||
&& export CARGO_HOME=/usr/src/unit/cargo \ | ||
&& export PATH=/usr/src/unit/cargo/bin:$PATH \ | ||
&& dpkgArch="$(dpkg --print-architecture)" \ | ||
&& case "${dpkgArch##*-}" in \ | ||
amd64) rustArch="x86_64-unknown-linux-gnu"; rustupSha256="6aeece6993e902708983b209d04c0d1dbb14ebb405ddb87def578d41f920f56d" ;; \ | ||
arm64) rustArch="aarch64-unknown-linux-gnu"; rustupSha256="1cffbf51e63e634c746f741de50649bbbcbd9dbe1de363c9ecef64e278dba2b2" ;; \ | ||
*) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \ | ||
esac \ | ||
&& url="https://static.rust-lang.org/rustup/archive/1.27.1/${rustArch}/rustup-init" \ | ||
&& curl -L -O "$url" \ | ||
&& echo "${rustupSha256} *rustup-init" | sha256sum -c - \ | ||
&& chmod +x rustup-init \ | ||
&& ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION --default-host ${rustArch} \ | ||
&& rm rustup-init \ | ||
&& rustup --version \ | ||
&& cargo --version \ | ||
&& rustc --version \ | ||
&& export RUSTUP_HOME=/rust/usr/src/unit/rustup \ | ||
&& export CARGO_HOME=/rust/usr/src/unit/cargo \ | ||
&& export PATH=/rust/usr/local/cargo/bin/:$PATH \ | ||
&& mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ | ||
&& mkdir -p /usr/src/unit \ | ||
&& cd /usr/src/unit \ | ||
|
@@ -58,14 +48,6 @@ RUN set -ex \ | |
--otel" \ | ||
&& make -j $NCPU -C pkg/contrib .njs \ | ||
&& export PKG_CONFIG_PATH=$(pwd)/pkg/contrib/njs/build \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/debug-modules --debug \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd-debug \ | ||
&& make clean \ | ||
&& ./configure $CONFIGURE_ARGS --cc-opt="$CC_OPT" --ld-opt="$LD_OPT" --modulesdir=/usr/lib/unit/modules \ | ||
&& make -j $NCPU unitd \ | ||
&& install -pm755 build/sbin/unitd /usr/sbin/unitd \ | ||
&& make clean \ | ||
&& /bin/true \ | ||
&& ./configure $CONFIGURE_ARGS_MODULES --cc-opt="$CC_OPT" --modulesdir=/usr/lib/unit/debug-modules --debug \ | ||
&& ./configure java --jars=/usr/share/unit-jsc-common/ \ | ||
|
@@ -74,6 +56,7 @@ RUN set -ex \ | |
&& ./configure $CONFIGURE_ARGS_MODULES --cc-opt="$CC_OPT" --modulesdir=/usr/lib/unit/modules \ | ||
&& ./configure java --jars=/usr/share/unit-jsc-common/ \ | ||
&& make -j $NCPU java-shared-install java-install \ | ||
&& install build/lib/libunit.a /usr/lib/ \ | ||
&& cd \ | ||
&& rm -rf /usr/src/unit \ | ||
&& for f in /usr/sbin/unitd /usr/lib/unit/modules/*.unit.so; do \ | ||
|
@@ -95,7 +78,7 @@ RUN set -ex \ | |
unit \ | ||
&& apt-get update \ | ||
&& apt-get --no-install-recommends --no-install-suggests -y install curl $(cat /requirements.apt) \ | ||
&& apt-get purge -y --auto-remove build-essential \ | ||
&& apt-get purge -y --auto-remove git build-essential libssl-dev libpcre2-dev libclang-dev cmake \ | ||
&& rm -rf /var/lib/apt/lists/* \ | ||
&& rm -f /requirements.apt \ | ||
&& ln -sf /dev/stderr /var/log/unit.log | ||
|
Oops, something went wrong.