summaryrefslogtreecommitdiff
path: root/docker
diff options
context:
space:
mode:
authorBlackDex <[email protected]>2023-03-31 13:43:33 +0200
committerBlackDex <[email protected]>2023-04-02 15:19:59 +0200
commitfc43608eecc6287a1966d2e551ac6d81d71dae45 (patch)
treed6dc6e9e467b70b433de9b74a9d27541112f6453 /docker
parent525e6bb65a6926e0f9de3fc5dafd5c5b63981f9f (diff)
downloadvaultwarden-fc43608eecc6287a1966d2e551ac6d81d71dae45.tar.gz
vaultwarden-fc43608eecc6287a1966d2e551ac6d81d71dae45.zip
Revert setcap, update rust and crates
- Revert #3170 as discussed in #3387 In hindsight it's better to not have this feature - Update Dockerfile.j2 for easy version changes. Just change it in one place instead of multiple - Updated to Rust to latest patched version - Updated crates to latest available - Pinned mimalloc to an older version, as it breaks on musl builds
Diffstat (limited to 'docker')
-rw-r--r--docker/Dockerfile.j244
-rw-r--r--docker/amd64/Dockerfile5
-rw-r--r--docker/amd64/Dockerfile.alpine4
-rw-r--r--docker/amd64/Dockerfile.buildkit10
-rw-r--r--docker/amd64/Dockerfile.buildkit.alpine9
-rw-r--r--docker/arm64/Dockerfile5
-rw-r--r--docker/arm64/Dockerfile.alpine4
-rw-r--r--docker/arm64/Dockerfile.buildkit10
-rw-r--r--docker/arm64/Dockerfile.buildkit.alpine9
-rw-r--r--docker/armv6/Dockerfile5
-rw-r--r--docker/armv6/Dockerfile.alpine4
-rw-r--r--docker/armv6/Dockerfile.buildkit10
-rw-r--r--docker/armv6/Dockerfile.buildkit.alpine9
-rw-r--r--docker/armv7/Dockerfile5
-rw-r--r--docker/armv7/Dockerfile.alpine4
-rw-r--r--docker/armv7/Dockerfile.buildkit10
-rw-r--r--docker/armv7/Dockerfile.buildkit.alpine9
17 files changed, 32 insertions, 124 deletions
diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2
index c2954cf3..54490ef3 100644
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@@ -2,40 +2,42 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
-{% set build_stage_base_image = "rust:1.68.1-bullseye" %}
+{% set rust_version = "1.68.2" %}
+{% set debian_version = "bullseye" %}
+{% set alpine_version = "3.17" %}
+{% set build_stage_base_image = "rust:%s-%s" % (rust_version, debian_version) %}
{% if "alpine" in target_file %}
{% if "amd64" in target_file %}
-{% set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.68.1" %}
-{% set runtime_stage_base_image = "alpine:3.17" %}
+{% set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-%s" % rust_version %}
+{% set runtime_stage_base_image = "alpine:%s" % alpine_version %}
{% set package_arch_target = "x86_64-unknown-linux-musl" %}
{% elif "armv7" in target_file %}
-{% set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.68.1" %}
-{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.17" %}
+{% set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-%s" % rust_version %}
+{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:%s" % alpine_version %}
{% set package_arch_target = "armv7-unknown-linux-musleabihf" %}
{% elif "armv6" in target_file %}
-{% set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.68.1" %}
-{% set runtime_stage_base_image = "balenalib/rpi-alpine:3.17" %}
+{% set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-%s" % rust_version %}
+{% set runtime_stage_base_image = "balenalib/rpi-alpine:%s" % alpine_version %}
{% set package_arch_target = "arm-unknown-linux-musleabi" %}
{% elif "arm64" in target_file %}
-{% set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.68.1" %}
-{% set runtime_stage_base_image = "balenalib/aarch64-alpine:3.17" %}
+{% set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-%s" % rust_version %}
+{% set runtime_stage_base_image = "balenalib/aarch64-alpine:%s" % alpine_version %}
{% set package_arch_target = "aarch64-unknown-linux-musl" %}
{% endif %}
{% elif "amd64" in target_file %}
-{% set runtime_stage_base_image = "debian:bullseye-slim" %}
+{% set runtime_stage_base_image = "debian:%s-slim" % debian_version %}
{% elif "arm64" in target_file %}
-{% set runtime_stage_base_image = "balenalib/aarch64-debian:bullseye" %}
+{% set runtime_stage_base_image = "balenalib/aarch64-debian:%s" % debian_version %}
{% set package_arch_name = "arm64" %}
{% set package_arch_target = "aarch64-unknown-linux-gnu" %}
{% set package_cross_compiler = "aarch64-linux-gnu" %}
{% elif "armv6" in target_file %}
-{% set runtime_stage_base_image = "balenalib/rpi-debian:bullseye" %}
+{% set runtime_stage_base_image = "balenalib/rpi-debian:%s" % debian_version %}
{% set package_arch_name = "armel" %}
{% set package_arch_target = "arm-unknown-linux-gnueabi" %}
{% set package_cross_compiler = "arm-linux-gnueabi" %}
{% elif "armv7" in target_file %}
-{% set runtime_stage_base_image = "balenalib/armv7hf-debian:bullseye" %}
+{% set runtime_stage_base_image = "balenalib/armv7hf-debian:%s" % debian_version %}
{% set package_arch_name = "armhf" %}
{% set package_arch_target = "armv7-unknown-linux-gnueabihf" %}
{% set package_cross_compiler = "arm-linux-gnueabihf" %}
@@ -108,7 +110,6 @@ RUN dpkg --add-architecture {{ package_arch_name }} \
--no-install-recommends \
gcc-{{ package_cross_compiler }} \
libc6-dev{{ package_arch_prefix }} \
- libcap2-bin \
libmariadb-dev{{ package_arch_prefix }} \
libmariadb-dev-compat{{ package_arch_prefix }} \
libmariadb3{{ package_arch_prefix }} \
@@ -131,7 +132,6 @@ ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_
RUN apt-get update \
&& apt-get install -y \
--no-install-recommends \
- libcap2-bin \
libmariadb-dev \
libpq-dev
{% endif %}
@@ -174,18 +174,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }}
-{% if "buildkit" in target_file %}
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-{% if package_arch_target is defined %}
-RUN setcap cap_net_bind_service=+ep target/{{ package_arch_target }}/release/vaultwarden
-{% else %}
-RUN setcap cap_net_bind_service=+ep target/release/vaultwarden
-{% endif %}
-{% endif %}
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile
index 96cf73e7..52513005 100644
--- a/docker/amd64/Dockerfile
+++ b/docker/amd64/Dockerfile
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -45,7 +44,6 @@ RUN mkdir -pv "${CARGO_HOME}" \
RUN apt-get update \
&& apt-get install -y \
--no-install-recommends \
- libcap2-bin \
libmariadb-dev \
libpq-dev
@@ -79,7 +77,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine
index 13f58aff..189e5747 100644
--- a/docker/amd64/Dockerfile.alpine
+++ b/docker/amd64/Dockerfile.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:x86_64-musl-stable-1.68.1 as build
+FROM blackdex/rust-musl:x86_64-musl-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -74,7 +73,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/amd64/Dockerfile.buildkit b/docker/amd64/Dockerfile.buildkit
index 1511e5e2..c8b159fd 100644
--- a/docker/amd64/Dockerfile.buildkit
+++ b/docker/amd64/Dockerfile.buildkit
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -45,7 +44,6 @@ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.
RUN apt-get update \
&& apt-get install -y \
--no-install-recommends \
- libcap2-bin \
libmariadb-dev \
libpq-dev
@@ -79,12 +77,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/amd64/Dockerfile.buildkit.alpine b/docker/amd64/Dockerfile.buildkit.alpine
index 3dbf9678..6c3ab0ef 100644
--- a/docker/amd64/Dockerfile.buildkit.alpine
+++ b/docker/amd64/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:x86_64-musl-stable-1.68.1 as build
+FROM blackdex/rust-musl:x86_64-musl-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -74,12 +73,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/x86_64-unknown-linux-musl/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile
index e51a8569..117517aa 100644
--- a/docker/arm64/Dockerfile
+++ b/docker/arm64/Dockerfile
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -48,7 +47,6 @@ RUN dpkg --add-architecture arm64 \
--no-install-recommends \
gcc-aarch64-linux-gnu \
libc6-dev:arm64 \
- libcap2-bin \
libmariadb-dev:arm64 \
libmariadb-dev-compat:arm64 \
libmariadb3:arm64 \
@@ -98,7 +96,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine
index 797dcc53..bb2eb65c 100644
--- a/docker/arm64/Dockerfile.alpine
+++ b/docker/arm64/Dockerfile.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:aarch64-musl-stable-1.68.1 as build
+FROM blackdex/rust-musl:aarch64-musl-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -74,7 +73,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/arm64/Dockerfile.buildkit b/docker/arm64/Dockerfile.buildkit
index bc980c0b..ebf45fdf 100644
--- a/docker/arm64/Dockerfile.buildkit
+++ b/docker/arm64/Dockerfile.buildkit
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -48,7 +47,6 @@ RUN dpkg --add-architecture arm64 \
--no-install-recommends \
gcc-aarch64-linux-gnu \
libc6-dev:arm64 \
- libcap2-bin \
libmariadb-dev:arm64 \
libmariadb-dev-compat:arm64 \
libmariadb3:arm64 \
@@ -98,12 +96,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/aarch64-unknown-linux-gnu/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/arm64/Dockerfile.buildkit.alpine b/docker/arm64/Dockerfile.buildkit.alpine
index 522a8c6a..f80c1acd 100644
--- a/docker/arm64/Dockerfile.buildkit.alpine
+++ b/docker/arm64/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:aarch64-musl-stable-1.68.1 as build
+FROM blackdex/rust-musl:aarch64-musl-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -74,12 +73,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/aarch64-unknown-linux-musl/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile
index 4a64b70f..d8643de7 100644
--- a/docker/armv6/Dockerfile
+++ b/docker/armv6/Dockerfile
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -48,7 +47,6 @@ RUN dpkg --add-architecture armel \
--no-install-recommends \
gcc-arm-linux-gnueabi \
libc6-dev:armel \
- libcap2-bin \
libmariadb-dev:armel \
libmariadb-dev-compat:armel \
libmariadb3:armel \
@@ -98,7 +96,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine
index 285186ce..d896dce3 100644
--- a/docker/armv6/Dockerfile.alpine
+++ b/docker/armv6/Dockerfile.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:arm-musleabi-stable-1.68.1 as build
+FROM blackdex/rust-musl:arm-musleabi-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -76,7 +75,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv6/Dockerfile.buildkit b/docker/armv6/Dockerfile.buildkit
index fc167477..784ea895 100644
--- a/docker/armv6/Dockerfile.buildkit
+++ b/docker/armv6/Dockerfile.buildkit
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -48,7 +47,6 @@ RUN dpkg --add-architecture armel \
--no-install-recommends \
gcc-arm-linux-gnueabi \
libc6-dev:armel \
- libcap2-bin \
libmariadb-dev:armel \
libmariadb-dev-compat:armel \
libmariadb3:armel \
@@ -98,12 +96,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/arm-unknown-linux-gnueabi/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv6/Dockerfile.buildkit.alpine b/docker/armv6/Dockerfile.buildkit.alpine
index 161d8828..e2f75b7e 100644
--- a/docker/armv6/Dockerfile.buildkit.alpine
+++ b/docker/armv6/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:arm-musleabi-stable-1.68.1 as build
+FROM blackdex/rust-musl:arm-musleabi-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -76,12 +75,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/arm-unknown-linux-musleabi/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile
index b739c7d4..654dad06 100644
--- a/docker/armv7/Dockerfile
+++ b/docker/armv7/Dockerfile
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -48,7 +47,6 @@ RUN dpkg --add-architecture armhf \
--no-install-recommends \
gcc-arm-linux-gnueabihf \
libc6-dev:armhf \
- libcap2-bin \
libmariadb-dev:armhf \
libmariadb-dev-compat:armhf \
libmariadb3:armhf \
@@ -98,7 +96,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine
index e3d8350e..137f84d8 100644
--- a/docker/armv7/Dockerfile.alpine
+++ b/docker/armv7/Dockerfile.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.1 as build
+FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -74,7 +73,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv7/Dockerfile.buildkit b/docker/armv7/Dockerfile.buildkit
index 33be6833..8e950799 100644
--- a/docker/armv7/Dockerfile.buildkit
+++ b/docker/armv7/Dockerfile.buildkit
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM rust:1.68.1-bullseye as build
+FROM rust:1.68.2-bullseye as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -48,7 +47,6 @@ RUN dpkg --add-architecture armhf \
--no-install-recommends \
gcc-arm-linux-gnueabihf \
libc6-dev:armhf \
- libcap2-bin \
libmariadb-dev:armhf \
libmariadb-dev-compat:armhf \
libmariadb3:armhf \
@@ -98,12 +96,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/armv7-unknown-linux-gnueabihf/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
diff --git a/docker/armv7/Dockerfile.buildkit.alpine b/docker/armv7/Dockerfile.buildkit.alpine
index e30c4a62..b20f6bd2 100644
--- a/docker/armv7/Dockerfile.buildkit.alpine
+++ b/docker/armv7/Dockerfile.buildkit.alpine
@@ -2,7 +2,6 @@
# This file was generated using a Jinja2 template.
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
@@ -27,7 +26,7 @@
FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault
########################## BUILD IMAGE ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.1 as build
+FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.2 as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -74,12 +73,6 @@ RUN touch src/main.rs
# your actual source files being built
RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
-# Add the `cap_net_bind_service` capability to allow listening on
-# privileged (< 1024) ports even when running as a non-root user.
-# This is only done if building with BuildKit; with the legacy
-# builder, the `COPY` instruction doesn't carry over capabilities.
-RUN setcap cap_net_bind_service=+ep target/armv7-unknown-linux-musleabihf/release/vaultwarden
-
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built