From 9b412b9f12a86f13865c698742eaefd1b986a843 Mon Sep 17 00:00:00 2001 From: Delta1925 Date: Sun, 23 Apr 2023 15:44:32 +0200 Subject: [PATCH] Improve dockerfile --- Dockerfile | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index c001b42..63dc421 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,31 +1,25 @@ FROM rust:1.68-alpine3.17 AS bin-builder # Install dependencies -RUN apk add --no-cache openssl-dev openssl-libs-static musl-dev +RUN apk add --no-cache openssl-dev musl-dev # This will build all dependencies and store them in docker's cache. # This way, it won't be necessary to recompile everything everytime -# OPENSSL_STATIC is required, see: https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172 and https://users.rust-lang.org/t/how-to-link-openssl-statically/14912 +# Disable static linking, see: https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172 COPY backend/Cargo.toml . COPY backend/Cargo.lock . RUN echo '[[bin]]' >> Cargo.toml && \ echo 'name = "cache"' >> Cargo.toml && \ echo 'path = "cache.rs"' >> Cargo.toml && \ echo 'fn main() {eprintln!("Caching crates...")}' > cache.rs && \ - export OPENSSL_STATIC=1 && \ - export OPENSSL_LIB_DIR=/usr/lib && \ - export OPENSSL_INCLUDE_DIR=/usr/include/openssl && \ - cargo build --release + RUSTFLAGS='-C target-feature=-crt-static' cargo build --release RUN rm cache.rs && \ rm Cargo.toml # Build wimple-wkd COPY backend/Cargo.toml . COPY backend/src src -RUN export OPENSSL_STATIC=1 && \ - export OPENSSL_LIB_DIR=/usr/lib &&\ - export OPENSSL_INCLUDE_DIR=/usr/include/openssl && \ - cargo build --release +RUN RUSTFLAGS='-C target-feature=-crt-static' cargo build --release FROM node:19-alpine3.17 AS webpage-builder @@ -45,8 +39,10 @@ FROM alpine:3.17 # Put everything together # It uses user `wkd` for added security +# Install libgcc, because the executable is dynamically linked to it WORKDIR /wkd -RUN adduser --no-create-home --disabled-password wkd && \ +RUN apk add --no-cache libgcc && \ + adduser --no-create-home --disabled-password wkd && \ chown -R wkd:wkd /wkd USER wkd COPY --from=webpage-builder assets assets