From 5b430f22bc9b829fdb5543c4a227a31ff8fb2cfe Mon Sep 17 00:00:00 2001 From: BlackDex Date: Sun, 26 Dec 2021 12:40:12 +0100 Subject: [PATCH] Support all DB's for Alpine and Debian - Using my own rust-musl build containers we now support all database types for both Debian and Alpine. - Added new Alpine containers for armv6 and arm64/aarch64 - The Debian builds can also be done wihout dpkg magic stuff, probably some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in any case, it works now without hacking dpkg and apt. - Updated toolchain and crates --- Cargo.lock | 235 +++++++++++++------------- Cargo.toml | 14 +- docker/Dockerfile.j2 | 91 ++++------ docker/amd64/Dockerfile | 15 +- docker/amd64/Dockerfile.alpine | 21 ++- docker/amd64/Dockerfile.buildx | 15 +- docker/amd64/Dockerfile.buildx.alpine | 21 ++- docker/arm64/Dockerfile | 50 ++---- docker/arm64/Dockerfile.alpine | 125 ++++++++++++++ docker/arm64/Dockerfile.buildx | 50 ++---- docker/arm64/Dockerfile.buildx.alpine | 125 ++++++++++++++ docker/armv6/Dockerfile | 50 ++---- docker/armv6/Dockerfile.alpine | 125 ++++++++++++++ docker/armv6/Dockerfile.buildx | 50 ++---- docker/armv6/Dockerfile.buildx.alpine | 125 ++++++++++++++ docker/armv7/Dockerfile | 50 ++---- docker/armv7/Dockerfile.alpine | 21 ++- docker/armv7/Dockerfile.buildx | 50 ++---- docker/armv7/Dockerfile.buildx.alpine | 21 ++- hooks/arches.sh | 5 - rust-toolchain | 2 +- src/error.rs | 2 + 22 files changed, 830 insertions(+), 433 deletions(-) create mode 100644 docker/arm64/Dockerfile.alpine create mode 100644 docker/arm64/Dockerfile.buildx.alpine create mode 100644 docker/armv6/Dockerfile.alpine create mode 100644 docker/armv6/Dockerfile.buildx.alpine diff --git a/Cargo.lock b/Cargo.lock index df139857..243f6b98 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -57,13 +57,13 @@ dependencies = [ [[package]] name = "async-trait" -version = "0.1.51" +version = "0.1.52" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44318e776df68115a881de9a8fd1b9e53368d7a4a5ce4cc48517da3393233a5e" +checksum = "061a7acccaa286c011ddc30970520b98fa40e00c9d644633fb26b5fc63a265e3" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -283,13 +283,13 @@ dependencies = [ [[package]] name = "chrono-tz" -version = "0.6.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64c01c1c607d25c71bbaa67c113d6c6b36c434744b4fd66691d711b5b1bc0c8b" +checksum = "58549f1842da3080ce63002102d5bc954c7bc843d4f47818e642abdc36253552" dependencies = [ "chrono", "chrono-tz-build", - "phf 0.10.0", + "phf 0.10.1", ] [[package]] @@ -299,7 +299,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "db058d493fb2f65f41861bfed7e3fe6335264a9f0f92710cab5bdf01fef09069" dependencies = [ "parse-zoneinfo", - "phf 0.10.0", + "phf 0.10.1", "phf_codegen 0.10.0", ] @@ -451,9 +451,9 @@ version = "0.3.0" source = "git+https://github.com/SergioBenitez/Devise.git?rev=e58b3ac9a#e58b3ac9afc3b6ff10a8aaf02a3e768a8f530089" dependencies = [ "bitflags", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -479,9 +479,9 @@ version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45f5098f628d02a7a0f68ddba586fb61e80edec3bdc1be3b921f4ceec60858d3" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -532,9 +532,9 @@ checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" [[package]] name = "encoding_rs" -version = "0.8.29" +version = "0.8.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a74ea89a0a1b98f6332de42c95baff457ada66d1cb4030f9ff151b2041a1c746" +checksum = "7896dc8abb250ffdda33912550faa54c88ec8b998dec0b2c55ab224921ce11df" dependencies = [ "cfg-if 1.0.0", ] @@ -546,9 +546,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c5f0096a91d210159eceb2ff5e1c4da18388a170e1e3ce948aac9c8fdbbf595" dependencies = [ "heck", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -568,9 +568,9 @@ checksum = "e88a8acf291dafb59c2d96e8f59828f3838bb1a70398823ade51a84de6a6deed" [[package]] name = "fastrand" -version = "1.5.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b394ed3d285a429378d3b384b9eb1285267e7df4b166df24b7a6939a04dc392e" +checksum = "779d043b6a0b90cc4c0ed7ee380a6504394cee7efd7db050e3774eee387324b2" dependencies = [ "instant", ] @@ -662,9 +662,9 @@ dependencies = [ [[package]] name = "futures" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cd0210d8c325c245ff06fd95a3b13689a1a276ac8cfa8e8720cb840bfb84b9e" +checksum = "28560757fe2bb34e79f907794bb6b22ae8b0e5c669b638a1132f2592b19035b4" dependencies = [ "futures-channel", "futures-core", @@ -677,9 +677,9 @@ dependencies = [ [[package]] name = "futures-channel" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fc8cd39e3dbf865f7340dce6a2d401d24fd37c6fe6c4f0ee0de8bfca2252d27" +checksum = "ba3dda0b6588335f360afc675d0564c17a77a2bda81ca178a4b6081bd86c7f0b" dependencies = [ "futures-core", "futures-sink", @@ -687,15 +687,15 @@ dependencies = [ [[package]] name = "futures-core" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "629316e42fe7c2a0b9a65b47d159ceaa5453ab14e8f0a3c5eedbb8cd55b4a445" +checksum = "d0c8ff0461b82559810cdccfde3215c3f373807f5e5232b71479bff7bb2583d7" [[package]] name = "futures-executor" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b808bf53348a36cab739d7e04755909b9fcaaa69b7d7e588b37b6ec62704c97" +checksum = "29d6d2ff5bb10fb95c85b8ce46538a2e5f5e7fdc755623a7d4529ab8a4ed9d2a" dependencies = [ "futures-core", "futures-task", @@ -704,38 +704,38 @@ dependencies = [ [[package]] name = "futures-io" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e481354db6b5c353246ccf6a728b0c5511d752c08da7260546fc0933869daa11" +checksum = "b1f9d34af5a1aac6fb380f735fe510746c38067c5bf16c7fd250280503c971b2" [[package]] name = "futures-macro" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a89f17b21645bc4ed773c69af9c9a0effd4a3f1a3876eadd453469f8854e7fdd" +checksum = "6dbd947adfffb0efc70599b3ddcf7b5597bb5fa9e245eb99f62b3a5f7bb8bd3c" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] name = "futures-sink" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "996c6442437b62d21a32cd9906f9c41e7dc1e19a9579843fad948696769305af" +checksum = "e3055baccb68d74ff6480350f8d6eb8fcfa3aa11bdc1a1ae3afdd0514617d508" [[package]] name = "futures-task" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dabf1872aaab32c886832f2276d2f5399887e2bd613698a02359e4ea83f8de12" +checksum = "6ee7c6485c30167ce4dfb83ac568a849fe53274c831081476ee13e0dce1aad72" [[package]] name = "futures-util" -version = "0.3.18" +version = "0.3.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d22213122356472061ac0f1ab2cee28d2bac8491410fd68c2af53d1cedb83e" +checksum = "d9b5cf40b47a271f77a8b1bec03ca09044d99d2372c0de244e66430761127164" dependencies = [ "futures-channel", "futures-core", @@ -804,9 +804,9 @@ checksum = "9b919933a397b79c37e33b77bb2aa3dc8eb6e165ad809e58ff75bc7db2e34574" [[package]] name = "h2" -version = "0.3.7" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fd819562fcebdac5afc5c113c3ec36f902840b70fd4fc458799c8ce4607ae55" +checksum = "8f072413d126e57991455e0a922b31e4c8ba7c2ffbebf6b78b4f8521397d65cd" dependencies = [ "bytes 1.1.0", "fnv", @@ -829,9 +829,9 @@ checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" [[package]] name = "handlebars" -version = "4.1.5" +version = "4.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ad84da8f63da982543fc85fcabaee2ad1fdd809d99d64a48887e2e942ddfe46" +checksum = "167fa173496c9eadd8749cca6f8339ac88e248f3ad2442791d0b743318a94fc0" dependencies = [ "log 0.4.14", "pest", @@ -906,9 +906,9 @@ dependencies = [ "log 0.4.14", "mac", "markup5ever", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -919,7 +919,7 @@ checksum = "1323096b05d41827dadeaee54c9981958c0f94e670bc94ed80037d1a7b8b186b" dependencies = [ "bytes 1.1.0", "fnv", - "itoa", + "itoa 0.4.8", ] [[package]] @@ -966,9 +966,9 @@ dependencies = [ [[package]] name = "hyper" -version = "0.14.15" +version = "0.14.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "436ec0091e4f20e655156a30a0df3770fe2900aa301e548e08446ec794b6953c" +checksum = "b7ec3e62bdc98a2f0393a5048e4c30ef659440ea6e0e572965103e72bd836f55" dependencies = [ "bytes 1.1.0", "futures-channel", @@ -979,7 +979,7 @@ dependencies = [ "http-body", "httparse", "httpdate", - "itoa", + "itoa 0.4.8", "pin-project-lite", "socket2 0.4.2", "tokio", @@ -1007,7 +1007,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" dependencies = [ "bytes 1.1.0", - "hyper 0.14.15", + "hyper 0.14.16", "native-tls", "tokio", "tokio-native-tls", @@ -1087,6 +1087,12 @@ version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" +[[package]] +name = "itoa" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" + [[package]] name = "job_scheduler" version = "1.2.1" @@ -1171,9 +1177,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.108" +version = "0.2.112" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8521a1b57e76b1ec69af7599e75e38e7b7fad6610f037db8c79b127201b5d119" +checksum = "1b03d17f364a3a042d5e5d46b053bbbf82c92c9430c592dd4c064dc6ee997125" [[package]] name = "libsqlite3-sys" @@ -1306,9 +1312,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9753f12909fd8d923f75ae5c3258cae1ed3c8ec052e1b38c93c21a6d157f789c" dependencies = [ "migrations_internals", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -1526,9 +1532,9 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -1552,9 +1558,9 @@ dependencies = [ [[package]] name = "num_cpus" -version = "1.13.0" +version = "1.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3" +checksum = "19e64526ebdee182341572e50e9ad03965aa510cd94427a4549448f285e957a1" dependencies = [ "hermit-abi", "libc", @@ -1571,9 +1577,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692fcb63b64b1758029e0a96ee63e049ce8c5948587f2f7208df04625e5f6b56" +checksum = "da32515d9f6e6e489d7bc9d84c71b060db7247dc035bbe44eac88cf87486d8d5" [[package]] name = "opaque-debug" @@ -1609,18 +1615,18 @@ checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a" [[package]] name = "openssl-src" -version = "300.0.2+3.0.0" +version = "111.17.0+1.1.1m" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14a760a11390b1a5daf72074d4f6ff1a6e772534ae191f999f57e9ee8146d1fb" +checksum = "05d6a336abd10814198f66e2a91ccd7336611f30334119ca8ce300536666fcf4" dependencies = [ "cc", ] [[package]] name = "openssl-sys" -version = "0.9.71" +version = "0.9.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7df13d165e607909b363a4757a6f133f8a818a74e9d3a98d09c6128e15fa4c73" +checksum = "7e46109c383602735fa0a2e48dd2b7c892b048e1bf69e5c3b1d804b7d9c203cb" dependencies = [ "autocfg", "cc", @@ -1791,9 +1797,9 @@ checksum = "99b8db626e31e5b81787b9783425769681b347011cc59471e33ea46d2ea0cf55" dependencies = [ "pest", "pest_meta", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -1818,9 +1824,9 @@ dependencies = [ [[package]] name = "phf" -version = "0.10.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9fc3db1018c4b59d7d582a739436478b6035138b6aecbce989fc91c3e98409f" +checksum = "fabbf1ead8a5bcbc20f5f8b939ee3f5b0f6f281b6ad3468b84656b658b455259" dependencies = [ "phf_shared 0.10.0", ] @@ -1904,9 +1910,9 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.22" +version = "0.3.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f" +checksum = "58893f751c9b0412871a09abd62ecd2a00298c6c83befa223ef98c52aef40cbe" [[package]] name = "ppv-lite86" @@ -1946,18 +1952,18 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.32" +version = "1.0.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" +checksum = "2f84e92c0f7c9d58328b85a78557813e4bd845130db68d7184635344399423b1" dependencies = [ "unicode-xid 0.2.2", ] [[package]] name = "psl-types" -version = "2.0.9" +version = "2.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4af8f675df9e68626b5059f8909ae261b8f5c3e8ab14813ad7f6cc7a134dcafb" +checksum = "e8eda7c62d9ecaafdf8b62374c006de0adf61666ae96a96ba74a37134aa4e470" [[package]] name = "publicsuffix" @@ -1998,7 +2004,7 @@ version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "38bc8cc6a5f2e3655e0899c1b848643b2562f853f114bfec7be120678e3ace05" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", ] [[package]] @@ -2183,9 +2189,9 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.7" +version = "0.11.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07bea77bc708afa10e59905c3d4af7c8fd43c9214251673095ff8b14345fcbc5" +checksum = "7c4e0a76dc12a116108933f6301b95e83634e0c47b0afbed6abbaa0601e99258" dependencies = [ "async-compression", "base64 0.13.0", @@ -2197,7 +2203,7 @@ dependencies = [ "futures-util", "http", "http-body", - "hyper 0.14.15", + "hyper 0.14.16", "hyper-tls", "ipnet", "js-sys", @@ -2361,9 +2367,9 @@ dependencies = [ [[package]] name = "ryu" -version = "1.0.6" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c9613b5a66ab9ba26415184cfc41156594925a9cf3a2057e57f31ff145f6568" +checksum = "73b4b750c782965c211b42f022f59af1fbceabdd026623714f104152f1ec149f" [[package]] name = "safemem" @@ -2455,9 +2461,9 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913" +checksum = "8b9875c23cf305cd1fd7eb77234cbb705f21ea6a72c637a5c6db5fe4b8e7f008" dependencies = [ "serde_derive", ] @@ -2483,22 +2489,22 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.130" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b" +checksum = "ecc0db5cb2556c0e558887d9bbdcf6ac4471e83ff66cf696e5419024d1606276" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] name = "serde_json" -version = "1.0.72" +version = "1.0.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0ffa0837f2dfa6fb90868c2b5468cad482e175f7dad97e7421951e663f2b527" +checksum = "bcbd0344bc6533bc7ec56df11d42fb70f1b912351c0825ccb7211b59d8af7cf5" dependencies = [ - "itoa", + "itoa 1.0.1", "ryu", "serde", ] @@ -2510,7 +2516,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "edfa57a7f8d9c1d260a549e7224100f6c43d43f9103e06dd8b4095a9b2b43ce9" dependencies = [ "form_urlencoded", - "itoa", + "itoa 0.4.8", "ryu", "serde", ] @@ -2665,11 +2671,11 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c87a60a40fccc84bef0652345bbbbbe20a605bf5d0ce81719fc476f5c03b50ef" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", "serde", "serde_derive", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -2679,13 +2685,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "58fa5ff6ad0d98d1ffa8cb115892b6e69d67799f6763e162a1c9db421dc22e11" dependencies = [ "base-x", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", "serde", "serde_derive", "serde_json", "sha1", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -2716,7 +2722,7 @@ checksum = "f24c8e5e19d22a726626f1a5e16fe15b132dcf21d10177fa5a45ce7962996b97" dependencies = [ "phf_generator 0.8.0", "phf_shared 0.8.0", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", ] @@ -2739,11 +2745,11 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.82" +version = "1.0.84" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8daf5dd0bb60cbd4137b1b587d2fc0ae729bc07cf01cd70b36a1ed5ade3b9d59" +checksum = "ecb2e6da8ee5eb9a61068762a32fa9619cc591ceb055b3687f4cd4051ec2e06b" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", "unicode-xid 0.2.2", ] @@ -2800,9 +2806,9 @@ version = "1.0.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa32fd3f627f367fe16f893e2597ae3c05020f8bba2666a4e6ea73d377e5714b" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -2857,10 +2863,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd3c141a1b43194f3f56a1411225df8646c55781d5f26db825b3d98507eb482f" dependencies = [ "proc-macro-hack", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", "standback", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -2880,11 +2886,10 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.14.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70e992e41e0d2fb9f755b37446f20900f64446ef54874f40a60c78f021ac6144" +checksum = "fbbf1c778ec206785635ce8ad57fe52b3009ae9e0c9f574a728f3049d3e55838" dependencies = [ - "autocfg", "bytes 1.1.0", "libc", "memchr", @@ -2976,9 +2981,9 @@ version = "0.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f4f480b8f81512e825f337ad51e94c1eb5d3bbdf2b363dcd01e2b19a9ffe3f8e" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", ] [[package]] @@ -3064,9 +3069,9 @@ checksum = "1410f6f91f21d1612654e7cc69193b0334f909dcf2c790c4826254fbb86f8887" [[package]] name = "typenum" -version = "1.14.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b63708a265f51345575b27fe43f9500ad611579e764c79edbc2037b1121959ec" +checksum = "dcf81ac59edc17cc8697ff311e8f5ef2d99fcbd9817b34cec66f90b6c3dfd987" [[package]] name = "u2f" @@ -3321,9 +3326,9 @@ dependencies = [ "bumpalo", "lazy_static", "log 0.4.14", - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", "wasm-bindgen-shared", ] @@ -3355,9 +3360,9 @@ version = "0.2.78" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7803e0eea25835f8abdc585cd3021b3deb11543c6fe226dcd30b228857c5c5ab" dependencies = [ - "proc-macro2 1.0.32", + "proc-macro2 1.0.34", "quote 1.0.10", - "syn 1.0.82", + "syn 1.0.84", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3380,12 +3385,11 @@ dependencies = [ [[package]] name = "webauthn-rs" -version = "0.3.0" +version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5275a4ed4cd88814475b5ec51b84886eb17691fd3171f565581eca91d3489a10" +checksum = "261310333d5941ec47038eed295ee0ed6f5cee36b7575dc6c4b63ee8e7fe590c" dependencies = [ "base64 0.13.0", - "log 0.4.14", "nom 4.1.1", "openssl", "rand 0.8.4", @@ -3395,6 +3399,7 @@ dependencies = [ "serde_derive", "serde_json", "thiserror", + "tracing", "url 2.2.2", ] diff --git a/Cargo.toml b/Cargo.toml index 5d4617ce..f0615fc2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,7 +34,7 @@ rocket = { version = "=0.5.0-dev", features = ["tls"], default-features = false rocket_contrib = "=0.5.0-dev" # HTTP client -reqwest = { version = "0.11.7", features = ["blocking", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] } +reqwest = { version = "0.11.8", features = ["blocking", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] } # Used for custom short lived cookie jar cookie = "0.15.1" @@ -55,8 +55,8 @@ rmpv = "1.0.0" chashmap = "2.2.2" # A generic serialization/deserialization framework -serde = { version = "1.0.130", features = ["derive"] } -serde_json = "1.0.72" +serde = { version = "1.0.132", features = ["derive"] } +serde_json = "1.0.73" # Logging log = "0.4.14" @@ -78,7 +78,7 @@ uuid = { version = "0.8.2", features = ["v4"] } # Date and time libraries chrono = { version = "0.4.19", features = ["serde"] } -chrono-tz = "0.6.0" +chrono-tz = "0.6.1" time = "0.2.27" # Job scheduler @@ -95,7 +95,7 @@ jsonwebtoken = "7.2.0" # U2F library u2f = "0.2.0" -webauthn-rs = "0.3.0" +webauthn-rs = "0.3.1" # Yubico Library yubico = { version = "0.10.0", features = ["online-tokio"], default-features = false } @@ -104,7 +104,7 @@ yubico = { version = "0.10.0", features = ["online-tokio"], default-features = f dotenv = { version = "0.15.0", default-features = false } # Lazy initialization -once_cell = "1.8.0" +once_cell = "1.9.0" # Numerical libraries num-traits = "0.2.14" @@ -115,7 +115,7 @@ tracing = { version = "0.1.29", features = ["log"] } # Needed to have lettre tra lettre = { version = "0.10.0-rc.4", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname", "tracing"], default-features = false } # Template library -handlebars = { version = "4.1.5", features = ["dir_source"] } +handlebars = { version = "4.1.6", features = ["dir_source"] } # For favicon extraction from main website html5ever = "0.25.1" diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index 6039e06f..792d660f 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -3,16 +3,24 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -{% set build_stage_base_image = "rust:1.55-buster" %} +{% set build_stage_base_image = "rust:1.57-buster" %} {% if "alpine" in target_file %} {% if "amd64" in target_file %} -{% set build_stage_base_image = "clux/muslrust:nightly-2021-10-23" %} -{% set runtime_stage_base_image = "alpine:3.14" %} +{% set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-nightly-2021-12-25" %} +{% set runtime_stage_base_image = "alpine:3.15" %} {% set package_arch_target = "x86_64-unknown-linux-musl" %} {% elif "armv7" in target_file %} -{% set build_stage_base_image = "messense/rust-musl-cross:armv7-musleabihf" %} -{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.14" %} +{% set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-nightly-2021-12-25" %} +{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.15" %} {% set package_arch_target = "armv7-unknown-linux-musleabihf" %} +{% elif "armv6" in target_file %} +{% set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-nightly-2021-12-25" %} +{% set runtime_stage_base_image = "balenalib/rpi-alpine:3.15" %} +{% set package_arch_target = "arm-unknown-linux-musleabi" %} +{% elif "arm64" in target_file %} +{% set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-nightly-2021-12-25" %} +{% set runtime_stage_base_image = "balenalib/aarch64-alpine:3.15" %} +{% set package_arch_target = "aarch64-unknown-linux-musl" %} {% endif %} {% elif "amd64" in target_file %} {% set runtime_stage_base_image = "debian:buster-slim" %} @@ -75,22 +83,7 @@ FROM vaultwarden/web-vault@{{ vault_image_digest }} as vault ########################## BUILD IMAGE ########################## FROM {{ build_stage_base_image }} as build -{% if "alpine" in target_file %} -{% if "amd64" in target_file %} -# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time. -ARG DB=sqlite,postgresql -{% set features = "sqlite,postgresql" %} -{% else %} -# Alpine-based ARM (musl) only supports sqlite during compile time. -# We now also need to add vendored_openssl, because the current base image we use to build has OpenSSL removed. -ARG DB=sqlite,vendored_openssl -{% set features = "sqlite" %} -{% endif %} -{% else %} -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql -{% set features = "sqlite,mysql,postgresql" %} -{% endif %} + # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -118,51 +111,32 @@ ENV RUSTFLAGS='-C link-arg=-s' ENV CFLAGS_armv7_unknown_linux_musleabihf="-mfpu=vfpv3-d16" {% endif %} {% elif "arm" in target_file %} -# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies. -# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic. -# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) -# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the {{ package_arch_prefix }} version. -# What we can do is a force install, because nothing important is overlapping each other. # # Install required build libs for {{ package_arch_name }} architecture. -# To compile both mysql and postgresql we need some extra packages for both host arch and target arch -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture {{ package_arch_name }} \ +# hadolint ignore=DL3059 +RUN dpkg --add-architecture {{ package_arch_name }} \ && apt-get update \ && apt-get install -y \ --no-install-recommends \ libssl-dev{{ package_arch_prefix }} \ libc6-dev{{ package_arch_prefix }} \ libpq5{{ package_arch_prefix }} \ - libpq-dev \ - libmariadb3:amd64 \ + libpq-dev{{ package_arch_prefix }} \ + libmariadb3{{ package_arch_prefix }} \ libmariadb-dev{{ package_arch_prefix }} \ libmariadb-dev-compat{{ package_arch_prefix }} \ gcc-{{ package_cross_compiler }} \ # - # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt ) - && apt-get download libmariadb-dev-compat:amd64 \ - && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ - && rm -rvf ./libmariadb-dev-compat*.deb \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # - # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. - # The libpq5{{ package_arch_prefix }} package seems to not provide a symlink to libpq.so.5 with the name libpq.so. - # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. - # Without this specific file the ld command will fail and compilation fails with it. - && ln -sfnr /usr/lib/{{ package_cross_compiler }}/libpq.so.5 /usr/lib/{{ package_cross_compiler }}/libpq.so \ - # # Make sure cargo has the right target config && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \ && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \ && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config" # Set arm specific environment values -ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" -ENV OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}" +ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \ + CROSS_COMPILE="1" \ + OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \ + OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}" {% elif "amd64" in target_file %} # Install DB packages @@ -188,6 +162,9 @@ COPY ./build.rs ./build.rs RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }} {% endif %} +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -203,6 +180,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} {% if "alpine" in target_file %} {% if "armv7" in target_file %} @@ -216,13 +194,14 @@ RUN musl-strip target/{{ package_arch_target }}/release/vaultwarden # because we already have a binary built FROM {{ runtime_stage_base_image }} -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -{% if "alpine" in runtime_stage_base_image %} -ENV SSL_CERT_DIR=/etc/ssl/certs +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 +{%- if "alpine" in runtime_stage_base_image %} \ + SSL_CERT_DIR=/etc/ssl/certs {% endif %} + {% if "amd64" not in target_file %} # hadolint ignore=DL3059 RUN [ "cross-build-start" ] @@ -236,12 +215,6 @@ RUN mkdir /data \ tzdata \ curl \ dumb-init \ -{% if "mysql" in features %} - mariadb-connector-c \ -{% endif %} -{% if "postgresql" in features %} - postgresql-libs \ -{% endif %} ca-certificates {% else %} && apt-get update && apt-get install -y \ diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile index a18552b4..c6bf80b7 100644 --- a/docker/amd64/Dockerfile +++ b/docker/amd64/Dockerfile @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -64,6 +63,9 @@ COPY ./rust-toolchain ./rust-toolchain COPY ./build.rs ./build.rs +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -79,6 +81,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -86,9 +89,9 @@ RUN cargo build --features ${DB} --release # because we already have a binary built FROM debian:buster-slim -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # Create data folder and Install needed libraries diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine index 780944d0..a483c833 100644 --- a/docker/amd64/Dockerfile.alpine +++ b/docker/amd64/Dockerfile.alpine @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM clux/muslrust:nightly-2021-10-23 as build +FROM blackdex/rust-musl:x86_64-musl-nightly-2021-12-25 as build + -# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time. -ARG DB=sqlite,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -58,6 +57,9 @@ COPY ./build.rs ./build.rs RUN rustup target add x86_64-unknown-linux-musl +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -73,17 +75,19 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM alpine:3.14 +FROM alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs # Create data folder and Install needed libraries @@ -93,7 +97,6 @@ RUN mkdir /data \ tzdata \ curl \ dumb-init \ - postgresql-libs \ ca-certificates diff --git a/docker/amd64/Dockerfile.buildx b/docker/amd64/Dockerfile.buildx index c9634b89..b7193704 100644 --- a/docker/amd64/Dockerfile.buildx +++ b/docker/amd64/Dockerfile.buildx @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -64,6 +63,9 @@ COPY ./rust-toolchain ./rust-toolchain COPY ./build.rs ./build.rs +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -79,6 +81,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## @@ -86,9 +89,9 @@ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/. # because we already have a binary built FROM debian:buster-slim -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # Create data folder and Install needed libraries diff --git a/docker/amd64/Dockerfile.buildx.alpine b/docker/amd64/Dockerfile.buildx.alpine index 9e4f69ea..649d83de 100644 --- a/docker/amd64/Dockerfile.buildx.alpine +++ b/docker/amd64/Dockerfile.buildx.alpine @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM clux/muslrust:nightly-2021-10-23 as build +FROM blackdex/rust-musl:x86_64-musl-nightly-2021-12-25 as build + -# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time. -ARG DB=sqlite,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -58,6 +57,9 @@ COPY ./build.rs ./build.rs RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -73,17 +75,19 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM alpine:3.14 +FROM alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs # Create data folder and Install needed libraries @@ -93,7 +97,6 @@ RUN mkdir /data \ tzdata \ curl \ dumb-init \ - postgresql-libs \ ca-certificates diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile index 77aa63c3..7873e21e 100644 --- a/docker/arm64/Dockerfile +++ b/docker/arm64/Dockerfile @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,51 +44,32 @@ ENV DEBIAN_FRONTEND=noninteractive \ RUN mkdir -pv "${CARGO_HOME}" \ && rustup set profile minimal -# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies. -# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic. -# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) -# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :arm64 version. -# What we can do is a force install, because nothing important is overlapping each other. # # Install required build libs for arm64 architecture. -# To compile both mysql and postgresql we need some extra packages for both host arch and target arch -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture arm64 \ +# hadolint ignore=DL3059 +RUN dpkg --add-architecture arm64 \ && apt-get update \ && apt-get install -y \ --no-install-recommends \ libssl-dev:arm64 \ libc6-dev:arm64 \ libpq5:arm64 \ - libpq-dev \ - libmariadb3:amd64 \ + libpq-dev:arm64 \ + libmariadb3:arm64 \ libmariadb-dev:arm64 \ libmariadb-dev-compat:arm64 \ gcc-aarch64-linux-gnu \ # - # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt ) - && apt-get download libmariadb-dev-compat:amd64 \ - && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ - && rm -rvf ./libmariadb-dev-compat*.deb \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # - # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. - # The libpq5:arm64 package seems to not provide a symlink to libpq.so.5 with the name libpq.so. - # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. - # Without this specific file the ld command will fail and compilation fails with it. - && ln -sfnr /usr/lib/aarch64-linux-gnu/libpq.so.5 /usr/lib/aarch64-linux-gnu/libpq.so \ - # # Make sure cargo has the right target config && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" # Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" -ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ + CROSS_COMPILE="1" \ + OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ + OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" # Creates a dummy project used to grab dependencies @@ -103,6 +83,9 @@ COPY ./build.rs ./build.rs RUN rustup target add aarch64-unknown-linux-gnu +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -118,6 +101,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu ######################## RUNTIME IMAGE ######################## @@ -125,9 +109,9 @@ RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu # because we already have a binary built FROM balenalib/aarch64-debian:buster -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine new file mode 100644 index 00000000..15a76ee7 --- /dev/null +++ b/docker/arm64/Dockerfile.alpine @@ -0,0 +1,125 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull vaultwarden/web-vault:v2.25.0 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.0 +# [vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 +# [vaultwarden/web-vault:v2.25.0] +# +FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault + +########################## BUILD IMAGE ########################## +FROM blackdex/rust-musl:aarch64-musl-nightly-2021-12-25 as build + + + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" + + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +ENV RUSTFLAGS='-C link-arg=-s' + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN rustup target add aarch64-unknown-linux-musl + +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ + && find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +# hadolint ignore=DL3059 +RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM balenalib/aarch64-alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs + + +# hadolint ignore=DL3059 +RUN [ "cross-build-start" ] + +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apk add --no-cache \ + openssl \ + tzdata \ + curl \ + dumb-init \ + ca-certificates + +# hadolint ignore=DL3059 +RUN [ "cross-build-end" ] + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.buildx b/docker/arm64/Dockerfile.buildx index b0a82c93..aa6009d1 100644 --- a/docker/arm64/Dockerfile.buildx +++ b/docker/arm64/Dockerfile.buildx @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,51 +44,32 @@ ENV DEBIAN_FRONTEND=noninteractive \ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ && rustup set profile minimal -# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies. -# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic. -# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) -# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :arm64 version. -# What we can do is a force install, because nothing important is overlapping each other. # # Install required build libs for arm64 architecture. -# To compile both mysql and postgresql we need some extra packages for both host arch and target arch -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture arm64 \ +# hadolint ignore=DL3059 +RUN dpkg --add-architecture arm64 \ && apt-get update \ && apt-get install -y \ --no-install-recommends \ libssl-dev:arm64 \ libc6-dev:arm64 \ libpq5:arm64 \ - libpq-dev \ - libmariadb3:amd64 \ + libpq-dev:arm64 \ + libmariadb3:arm64 \ libmariadb-dev:arm64 \ libmariadb-dev-compat:arm64 \ gcc-aarch64-linux-gnu \ # - # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt ) - && apt-get download libmariadb-dev-compat:amd64 \ - && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ - && rm -rvf ./libmariadb-dev-compat*.deb \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # - # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. - # The libpq5:arm64 package seems to not provide a symlink to libpq.so.5 with the name libpq.so. - # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. - # Without this specific file the ld command will fail and compilation fails with it. - && ln -sfnr /usr/lib/aarch64-linux-gnu/libpq.so.5 /usr/lib/aarch64-linux-gnu/libpq.so \ - # # Make sure cargo has the right target config && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" # Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" -ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ + CROSS_COMPILE="1" \ + OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ + OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" # Creates a dummy project used to grab dependencies @@ -103,6 +83,9 @@ COPY ./build.rs ./build.rs RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-gnu +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -118,6 +101,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu ######################## RUNTIME IMAGE ######################## @@ -125,9 +109,9 @@ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/. # because we already have a binary built FROM balenalib/aarch64-debian:buster -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/docker/arm64/Dockerfile.buildx.alpine b/docker/arm64/Dockerfile.buildx.alpine new file mode 100644 index 00000000..34f2c8ba --- /dev/null +++ b/docker/arm64/Dockerfile.buildx.alpine @@ -0,0 +1,125 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull vaultwarden/web-vault:v2.25.0 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.0 +# [vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 +# [vaultwarden/web-vault:v2.25.0] +# +FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault + +########################## BUILD IMAGE ########################## +FROM blackdex/rust-musl:aarch64-musl-nightly-2021-12-25 as build + + + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" + + +# Create CARGO_HOME folder and don't download rust docs +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +ENV RUSTFLAGS='-C link-arg=-s' + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl + +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ + && find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +# hadolint ignore=DL3059 +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM balenalib/aarch64-alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs + + +# hadolint ignore=DL3059 +RUN [ "cross-build-start" ] + +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apk add --no-cache \ + openssl \ + tzdata \ + curl \ + dumb-init \ + ca-certificates + +# hadolint ignore=DL3059 +RUN [ "cross-build-end" ] + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile index b1194687..1509bc5d 100644 --- a/docker/armv6/Dockerfile +++ b/docker/armv6/Dockerfile @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,51 +44,32 @@ ENV DEBIAN_FRONTEND=noninteractive \ RUN mkdir -pv "${CARGO_HOME}" \ && rustup set profile minimal -# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies. -# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic. -# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) -# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armel version. -# What we can do is a force install, because nothing important is overlapping each other. # # Install required build libs for armel architecture. -# To compile both mysql and postgresql we need some extra packages for both host arch and target arch -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armel \ +# hadolint ignore=DL3059 +RUN dpkg --add-architecture armel \ && apt-get update \ && apt-get install -y \ --no-install-recommends \ libssl-dev:armel \ libc6-dev:armel \ libpq5:armel \ - libpq-dev \ - libmariadb3:amd64 \ + libpq-dev:armel \ + libmariadb3:armel \ libmariadb-dev:armel \ libmariadb-dev-compat:armel \ gcc-arm-linux-gnueabi \ # - # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt ) - && apt-get download libmariadb-dev-compat:amd64 \ - && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ - && rm -rvf ./libmariadb-dev-compat*.deb \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # - # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. - # The libpq5:armel package seems to not provide a symlink to libpq.so.5 with the name libpq.so. - # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. - # Without this specific file the ld command will fail and compilation fails with it. - && ln -sfnr /usr/lib/arm-linux-gnueabi/libpq.so.5 /usr/lib/arm-linux-gnueabi/libpq.so \ - # # Make sure cargo has the right target config && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" # Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ + CROSS_COMPILE="1" \ + OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ + OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" # Creates a dummy project used to grab dependencies @@ -103,6 +83,9 @@ COPY ./build.rs ./build.rs RUN rustup target add arm-unknown-linux-gnueabi +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -118,6 +101,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi ######################## RUNTIME IMAGE ######################## @@ -125,9 +109,9 @@ RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi # because we already have a binary built FROM balenalib/rpi-debian:buster -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine new file mode 100644 index 00000000..796f9ad0 --- /dev/null +++ b/docker/armv6/Dockerfile.alpine @@ -0,0 +1,125 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull vaultwarden/web-vault:v2.25.0 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.0 +# [vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 +# [vaultwarden/web-vault:v2.25.0] +# +FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault + +########################## BUILD IMAGE ########################## +FROM blackdex/rust-musl:arm-musleabi-nightly-2021-12-25 as build + + + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" + + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +ENV RUSTFLAGS='-C link-arg=-s' + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN rustup target add arm-unknown-linux-musleabi + +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ + && find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +# hadolint ignore=DL3059 +RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM balenalib/rpi-alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs + + +# hadolint ignore=DL3059 +RUN [ "cross-build-start" ] + +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apk add --no-cache \ + openssl \ + tzdata \ + curl \ + dumb-init \ + ca-certificates + +# hadolint ignore=DL3059 +RUN [ "cross-build-end" ] + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.buildx b/docker/armv6/Dockerfile.buildx index 45cb955f..343a4c54 100644 --- a/docker/armv6/Dockerfile.buildx +++ b/docker/armv6/Dockerfile.buildx @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,51 +44,32 @@ ENV DEBIAN_FRONTEND=noninteractive \ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ && rustup set profile minimal -# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies. -# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic. -# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) -# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armel version. -# What we can do is a force install, because nothing important is overlapping each other. # # Install required build libs for armel architecture. -# To compile both mysql and postgresql we need some extra packages for both host arch and target arch -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armel \ +# hadolint ignore=DL3059 +RUN dpkg --add-architecture armel \ && apt-get update \ && apt-get install -y \ --no-install-recommends \ libssl-dev:armel \ libc6-dev:armel \ libpq5:armel \ - libpq-dev \ - libmariadb3:amd64 \ + libpq-dev:armel \ + libmariadb3:armel \ libmariadb-dev:armel \ libmariadb-dev-compat:armel \ gcc-arm-linux-gnueabi \ # - # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt ) - && apt-get download libmariadb-dev-compat:amd64 \ - && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ - && rm -rvf ./libmariadb-dev-compat*.deb \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # - # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. - # The libpq5:armel package seems to not provide a symlink to libpq.so.5 with the name libpq.so. - # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. - # Without this specific file the ld command will fail and compilation fails with it. - && ln -sfnr /usr/lib/arm-linux-gnueabi/libpq.so.5 /usr/lib/arm-linux-gnueabi/libpq.so \ - # # Make sure cargo has the right target config && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" # Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ + CROSS_COMPILE="1" \ + OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ + OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" # Creates a dummy project used to grab dependencies @@ -103,6 +83,9 @@ COPY ./build.rs ./build.rs RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-gnueabi +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -118,6 +101,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi ######################## RUNTIME IMAGE ######################## @@ -125,9 +109,9 @@ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/. # because we already have a binary built FROM balenalib/rpi-debian:buster -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/docker/armv6/Dockerfile.buildx.alpine b/docker/armv6/Dockerfile.buildx.alpine new file mode 100644 index 00000000..baa4f753 --- /dev/null +++ b/docker/armv6/Dockerfile.buildx.alpine @@ -0,0 +1,125 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull vaultwarden/web-vault:v2.25.0 +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.25.0 +# [vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 +# [vaultwarden/web-vault:v2.25.0] +# +FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault + +########################## BUILD IMAGE ########################## +FROM blackdex/rust-musl:arm-musleabi-nightly-2021-12-25 as build + + + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" + + +# Create CARGO_HOME folder and don't download rust docs +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +ENV RUSTFLAGS='-C link-arg=-s' + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi + +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ + && find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +# hadolint ignore=DL3059 +RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM balenalib/rpi-alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs + + +# hadolint ignore=DL3059 +RUN [ "cross-build-start" ] + +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apk add --no-cache \ + openssl \ + tzdata \ + curl \ + dumb-init \ + ca-certificates + +# hadolint ignore=DL3059 +RUN [ "cross-build-end" ] + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +ENTRYPOINT ["/usr/bin/dumb-init", "--"] +CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile index c39500ee..b3deeade 100644 --- a/docker/armv7/Dockerfile +++ b/docker/armv7/Dockerfile @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,51 +44,32 @@ ENV DEBIAN_FRONTEND=noninteractive \ RUN mkdir -pv "${CARGO_HOME}" \ && rustup set profile minimal -# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies. -# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic. -# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) -# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armhf version. -# What we can do is a force install, because nothing important is overlapping each other. # # Install required build libs for armhf architecture. -# To compile both mysql and postgresql we need some extra packages for both host arch and target arch -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armhf \ +# hadolint ignore=DL3059 +RUN dpkg --add-architecture armhf \ && apt-get update \ && apt-get install -y \ --no-install-recommends \ libssl-dev:armhf \ libc6-dev:armhf \ libpq5:armhf \ - libpq-dev \ - libmariadb3:amd64 \ + libpq-dev:armhf \ + libmariadb3:armhf \ libmariadb-dev:armhf \ libmariadb-dev-compat:armhf \ gcc-arm-linux-gnueabihf \ # - # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt ) - && apt-get download libmariadb-dev-compat:amd64 \ - && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ - && rm -rvf ./libmariadb-dev-compat*.deb \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # - # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. - # The libpq5:armhf package seems to not provide a symlink to libpq.so.5 with the name libpq.so. - # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. - # Without this specific file the ld command will fail and compilation fails with it. - && ln -sfnr /usr/lib/arm-linux-gnueabihf/libpq.so.5 /usr/lib/arm-linux-gnueabihf/libpq.so \ - # # Make sure cargo has the right target config && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" # Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ + CROSS_COMPILE="1" \ + OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ + OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" # Creates a dummy project used to grab dependencies @@ -103,6 +83,9 @@ COPY ./build.rs ./build.rs RUN rustup target add armv7-unknown-linux-gnueabihf +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -118,6 +101,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf ######################## RUNTIME IMAGE ######################## @@ -125,9 +109,9 @@ RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabih # because we already have a binary built FROM balenalib/armv7hf-debian:buster -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine index 0b5fef71..0d9ffa27 100644 --- a/docker/armv7/Dockerfile.alpine +++ b/docker/armv7/Dockerfile.alpine @@ -27,11 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM messense/rust-musl-cross:armv7-musleabihf as build +FROM blackdex/rust-musl:armv7-musleabihf-nightly-2021-12-25 as build + -# Alpine-based ARM (musl) only supports sqlite during compile time. -# We now also need to add vendored_openssl, because the current base image we use to build has OpenSSL removed. -ARG DB=sqlite,vendored_openssl # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -60,6 +58,9 @@ COPY ./build.rs ./build.rs RUN rustup target add armv7-unknown-linux-musleabihf +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -75,6 +76,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf # hadolint ignore=DL3059 RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden @@ -82,12 +84,13 @@ RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM balenalib/armv7hf-alpine:3.14 +FROM balenalib/armv7hf-alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/docker/armv7/Dockerfile.buildx b/docker/armv7/Dockerfile.buildx index e513f4e0..79b10b29 100644 --- a/docker/armv7/Dockerfile.buildx +++ b/docker/armv7/Dockerfile.buildx @@ -27,10 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.55-buster as build +FROM rust:1.57-buster as build + -# Debian-based builds support multidb -ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,51 +44,32 @@ ENV DEBIAN_FRONTEND=noninteractive \ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ && rustup set profile minimal -# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies. -# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic. -# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) -# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armhf version. -# What we can do is a force install, because nothing important is overlapping each other. # # Install required build libs for armhf architecture. -# To compile both mysql and postgresql we need some extra packages for both host arch and target arch -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armhf \ +# hadolint ignore=DL3059 +RUN dpkg --add-architecture armhf \ && apt-get update \ && apt-get install -y \ --no-install-recommends \ libssl-dev:armhf \ libc6-dev:armhf \ libpq5:armhf \ - libpq-dev \ - libmariadb3:amd64 \ + libpq-dev:armhf \ + libmariadb3:armhf \ libmariadb-dev:armhf \ libmariadb-dev-compat:armhf \ gcc-arm-linux-gnueabihf \ # - # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt ) - && apt-get download libmariadb-dev-compat:amd64 \ - && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ - && rm -rvf ./libmariadb-dev-compat*.deb \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - # - # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. - # The libpq5:armhf package seems to not provide a symlink to libpq.so.5 with the name libpq.so. - # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. - # Without this specific file the ld command will fail and compilation fails with it. - && ln -sfnr /usr/lib/arm-linux-gnueabihf/libpq.so.5 /usr/lib/arm-linux-gnueabihf/libpq.so \ - # # Make sure cargo has the right target config && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" # Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ + CROSS_COMPILE="1" \ + OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ + OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" # Creates a dummy project used to grab dependencies @@ -103,6 +83,9 @@ COPY ./build.rs ./build.rs RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-gnueabihf +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -118,6 +101,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf ######################## RUNTIME IMAGE ######################## @@ -125,9 +109,9 @@ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/. # because we already have a binary built FROM balenalib/armv7hf-debian:buster -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/docker/armv7/Dockerfile.buildx.alpine b/docker/armv7/Dockerfile.buildx.alpine index bd7a6b1c..9875decc 100644 --- a/docker/armv7/Dockerfile.buildx.alpine +++ b/docker/armv7/Dockerfile.buildx.alpine @@ -27,11 +27,9 @@ FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault ########################## BUILD IMAGE ########################## -FROM messense/rust-musl-cross:armv7-musleabihf as build +FROM blackdex/rust-musl:armv7-musleabihf-nightly-2021-12-25 as build + -# Alpine-based ARM (musl) only supports sqlite during compile time. -# We now also need to add vendored_openssl, because the current base image we use to build has OpenSSL removed. -ARG DB=sqlite,vendored_openssl # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -60,6 +58,9 @@ COPY ./build.rs ./build.rs RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies @@ -75,6 +76,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built +# hadolint ignore=DL3059 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf # hadolint ignore=DL3059 RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden @@ -82,12 +84,13 @@ RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM balenalib/armv7hf-alpine:3.14 +FROM balenalib/armv7hf-alpine:3.15 + +ENV ROCKET_ENV="staging" \ + ROCKET_PORT=80 \ + ROCKET_WORKERS=10 \ + SSL_CERT_DIR=/etc/ssl/certs -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs # hadolint ignore=DL3059 RUN [ "cross-build-start" ] diff --git a/hooks/arches.sh b/hooks/arches.sh index 01a9e991..c27adf31 100644 --- a/hooks/arches.sh +++ b/hooks/arches.sh @@ -7,10 +7,5 @@ arches=( ) if [[ "${DOCKER_TAG}" == *alpine ]]; then - # The Alpine image build currently only works for certain arches. distro_suffix=.alpine - arches=( - amd64 - armv7 - ) fi diff --git a/rust-toolchain b/rust-toolchain index a619163a..979286d9 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1 +1 @@ -nightly-2021-11-05 +nightly-2021-12-25 diff --git a/src/error.rs b/src/error.rs index 4d6b6207..8b0adace 100644 --- a/src/error.rs +++ b/src/error.rs @@ -119,11 +119,13 @@ impl Error { Empty {}.into() } + #[must_use] pub fn with_msg>(mut self, msg: M) -> Self { self.message = msg.into(); self } + #[must_use] pub const fn with_code(mut self, code: u16) -> Self { self.error_code = code; self