diff options
author | BlackDex <[email protected]> | 2023-03-31 13:43:33 +0200 |
---|---|---|
committer | BlackDex <[email protected]> | 2023-04-02 15:19:59 +0200 |
commit | fc43608eecc6287a1966d2e551ac6d81d71dae45 (patch) | |
tree | d6dc6e9e467b70b433de9b74a9d27541112f6453 /docker | |
parent | 525e6bb65a6926e0f9de3fc5dafd5c5b63981f9f (diff) | |
download | vaultwarden-fc43608eecc6287a1966d2e551ac6d81d71dae45.tar.gz vaultwarden-fc43608eecc6287a1966d2e551ac6d81d71dae45.zip |
Revert setcap, update rust and crates
- Revert #3170 as discussed in #3387
In hindsight it's better to not have this feature
- Update Dockerfile.j2 for easy version changes.
Just change it in one place instead of multiple
- Updated to Rust to latest patched version
- Updated crates to latest available
- Pinned mimalloc to an older version, as it breaks on musl builds
Diffstat (limited to 'docker')
-rw-r--r-- | docker/Dockerfile.j2 | 44 | ||||
-rw-r--r-- | docker/amd64/Dockerfile | 5 | ||||
-rw-r--r-- | docker/amd64/Dockerfile.alpine | 4 | ||||
-rw-r--r-- | docker/amd64/Dockerfile.buildkit | 10 | ||||
-rw-r--r-- | docker/amd64/Dockerfile.buildkit.alpine | 9 | ||||
-rw-r--r-- | docker/arm64/Dockerfile | 5 | ||||
-rw-r--r-- | docker/arm64/Dockerfile.alpine | 4 | ||||
-rw-r--r-- | docker/arm64/Dockerfile.buildkit | 10 | ||||
-rw-r--r-- | docker/arm64/Dockerfile.buildkit.alpine | 9 | ||||
-rw-r--r-- | docker/armv6/Dockerfile | 5 | ||||
-rw-r--r-- | docker/armv6/Dockerfile.alpine | 4 | ||||
-rw-r--r-- | docker/armv6/Dockerfile.buildkit | 10 | ||||
-rw-r--r-- | docker/armv6/Dockerfile.buildkit.alpine | 9 | ||||
-rw-r--r-- | docker/armv7/Dockerfile | 5 | ||||
-rw-r--r-- | docker/armv7/Dockerfile.alpine | 4 | ||||
-rw-r--r-- | docker/armv7/Dockerfile.buildkit | 10 | ||||
-rw-r--r-- | docker/armv7/Dockerfile.buildkit.alpine | 9 |
17 files changed, 32 insertions, 124 deletions
diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index c2954cf3..54490ef3 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -2,40 +2,42 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - -{% set build_stage_base_image = "rust:1.68.1-bullseye" %} +{% set rust_version = "1.68.2" %} +{% set debian_version = "bullseye" %} +{% set alpine_version = "3.17" %} +{% set build_stage_base_image = "rust:%s-%s" % (rust_version, debian_version) %} {% if "alpine" in target_file %} {% if "amd64" in target_file %} -{% set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.68.1" %} -{% set runtime_stage_base_image = "alpine:3.17" %} +{% set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-%s" % rust_version %} +{% set runtime_stage_base_image = "alpine:%s" % alpine_version %} {% set package_arch_target = "x86_64-unknown-linux-musl" %} {% elif "armv7" in target_file %} -{% set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.68.1" %} -{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.17" %} +{% set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-%s" % rust_version %} +{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:%s" % alpine_version %} {% set package_arch_target = "armv7-unknown-linux-musleabihf" %} {% elif "armv6" in target_file %} -{% set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.68.1" %} -{% set runtime_stage_base_image = "balenalib/rpi-alpine:3.17" %} +{% set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-%s" % rust_version %} +{% set runtime_stage_base_image = "balenalib/rpi-alpine:%s" % alpine_version %} {% set package_arch_target = "arm-unknown-linux-musleabi" %} {% elif "arm64" in target_file %} -{% set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.68.1" %} -{% set runtime_stage_base_image = "balenalib/aarch64-alpine:3.17" %} +{% set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-%s" % rust_version %} +{% set runtime_stage_base_image = "balenalib/aarch64-alpine:%s" % alpine_version %} {% set package_arch_target = "aarch64-unknown-linux-musl" %} {% endif %} {% elif "amd64" in target_file %} -{% set runtime_stage_base_image = "debian:bullseye-slim" %} +{% set runtime_stage_base_image = "debian:%s-slim" % debian_version %} {% elif "arm64" in target_file %} -{% set runtime_stage_base_image = "balenalib/aarch64-debian:bullseye" %} +{% set runtime_stage_base_image = "balenalib/aarch64-debian:%s" % debian_version %} {% set package_arch_name = "arm64" %} {% set package_arch_target = "aarch64-unknown-linux-gnu" %} {% set package_cross_compiler = "aarch64-linux-gnu" %} {% elif "armv6" in target_file %} -{% set runtime_stage_base_image = "balenalib/rpi-debian:bullseye" %} +{% set runtime_stage_base_image = "balenalib/rpi-debian:%s" % debian_version %} {% set package_arch_name = "armel" %} {% set package_arch_target = "arm-unknown-linux-gnueabi" %} {% set package_cross_compiler = "arm-linux-gnueabi" %} {% elif "armv7" in target_file %} -{% set runtime_stage_base_image = "balenalib/armv7hf-debian:bullseye" %} +{% set runtime_stage_base_image = "balenalib/armv7hf-debian:%s" % debian_version %} {% set package_arch_name = "armhf" %} {% set package_arch_target = "armv7-unknown-linux-gnueabihf" %} {% set package_cross_compiler = "arm-linux-gnueabihf" %} @@ -108,7 +110,6 @@ RUN dpkg --add-architecture {{ package_arch_name }} \ --no-install-recommends \ gcc-{{ package_cross_compiler }} \ libc6-dev{{ package_arch_prefix }} \ - libcap2-bin \ libmariadb-dev{{ package_arch_prefix }} \ libmariadb-dev-compat{{ package_arch_prefix }} \ libmariadb3{{ package_arch_prefix }} \ @@ -131,7 +132,6 @@ ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_ RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ - libcap2-bin \ libmariadb-dev \ libpq-dev {% endif %} @@ -174,18 +174,6 @@ RUN touch src/main.rs # your actual source files being built RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} -{% if "buildkit" in target_file %} -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -{% if package_arch_target is defined %} -RUN setcap cap_net_bind_service=+ep target/{{ package_arch_target }}/release/vaultwarden -{% else %} -RUN setcap cap_net_bind_service=+ep target/release/vaultwarden -{% endif %} -{% endif %} - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile index 96cf73e7..52513005 100644 --- a/docker/amd64/Dockerfile +++ b/docker/amd64/Dockerfile @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,7 +44,6 @@ RUN mkdir -pv "${CARGO_HOME}" \ RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ - libcap2-bin \ libmariadb-dev \ libpq-dev @@ -79,7 +77,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine index 13f58aff..189e5747 100644 --- a/docker/amd64/Dockerfile.alpine +++ b/docker/amd64/Dockerfile.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:x86_64-musl-stable-1.68.1 as build +FROM blackdex/rust-musl:x86_64-musl-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -74,7 +73,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/amd64/Dockerfile.buildkit b/docker/amd64/Dockerfile.buildkit index 1511e5e2..c8b159fd 100644 --- a/docker/amd64/Dockerfile.buildkit +++ b/docker/amd64/Dockerfile.buildkit @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -45,7 +44,6 @@ RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/. RUN apt-get update \ && apt-get install -y \ --no-install-recommends \ - libcap2-bin \ libmariadb-dev \ libpq-dev @@ -79,12 +77,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/amd64/Dockerfile.buildkit.alpine b/docker/amd64/Dockerfile.buildkit.alpine index 3dbf9678..6c3ab0ef 100644 --- a/docker/amd64/Dockerfile.buildkit.alpine +++ b/docker/amd64/Dockerfile.buildkit.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:x86_64-musl-stable-1.68.1 as build +FROM blackdex/rust-musl:x86_64-musl-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -74,12 +73,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/x86_64-unknown-linux-musl/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile index e51a8569..117517aa 100644 --- a/docker/arm64/Dockerfile +++ b/docker/arm64/Dockerfile @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -48,7 +47,6 @@ RUN dpkg --add-architecture arm64 \ --no-install-recommends \ gcc-aarch64-linux-gnu \ libc6-dev:arm64 \ - libcap2-bin \ libmariadb-dev:arm64 \ libmariadb-dev-compat:arm64 \ libmariadb3:arm64 \ @@ -98,7 +96,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine index 797dcc53..bb2eb65c 100644 --- a/docker/arm64/Dockerfile.alpine +++ b/docker/arm64/Dockerfile.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:aarch64-musl-stable-1.68.1 as build +FROM blackdex/rust-musl:aarch64-musl-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -74,7 +73,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/arm64/Dockerfile.buildkit b/docker/arm64/Dockerfile.buildkit index bc980c0b..ebf45fdf 100644 --- a/docker/arm64/Dockerfile.buildkit +++ b/docker/arm64/Dockerfile.buildkit @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -48,7 +47,6 @@ RUN dpkg --add-architecture arm64 \ --no-install-recommends \ gcc-aarch64-linux-gnu \ libc6-dev:arm64 \ - libcap2-bin \ libmariadb-dev:arm64 \ libmariadb-dev-compat:arm64 \ libmariadb3:arm64 \ @@ -98,12 +96,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/aarch64-unknown-linux-gnu/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/arm64/Dockerfile.buildkit.alpine b/docker/arm64/Dockerfile.buildkit.alpine index 522a8c6a..f80c1acd 100644 --- a/docker/arm64/Dockerfile.buildkit.alpine +++ b/docker/arm64/Dockerfile.buildkit.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:aarch64-musl-stable-1.68.1 as build +FROM blackdex/rust-musl:aarch64-musl-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -74,12 +73,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/aarch64-unknown-linux-musl/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile index 4a64b70f..d8643de7 100644 --- a/docker/armv6/Dockerfile +++ b/docker/armv6/Dockerfile @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -48,7 +47,6 @@ RUN dpkg --add-architecture armel \ --no-install-recommends \ gcc-arm-linux-gnueabi \ libc6-dev:armel \ - libcap2-bin \ libmariadb-dev:armel \ libmariadb-dev-compat:armel \ libmariadb3:armel \ @@ -98,7 +96,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine index 285186ce..d896dce3 100644 --- a/docker/armv6/Dockerfile.alpine +++ b/docker/armv6/Dockerfile.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:arm-musleabi-stable-1.68.1 as build +FROM blackdex/rust-musl:arm-musleabi-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -76,7 +75,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv6/Dockerfile.buildkit b/docker/armv6/Dockerfile.buildkit index fc167477..784ea895 100644 --- a/docker/armv6/Dockerfile.buildkit +++ b/docker/armv6/Dockerfile.buildkit @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -48,7 +47,6 @@ RUN dpkg --add-architecture armel \ --no-install-recommends \ gcc-arm-linux-gnueabi \ libc6-dev:armel \ - libcap2-bin \ libmariadb-dev:armel \ libmariadb-dev-compat:armel \ libmariadb3:armel \ @@ -98,12 +96,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/arm-unknown-linux-gnueabi/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv6/Dockerfile.buildkit.alpine b/docker/armv6/Dockerfile.buildkit.alpine index 161d8828..e2f75b7e 100644 --- a/docker/armv6/Dockerfile.buildkit.alpine +++ b/docker/armv6/Dockerfile.buildkit.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:arm-musleabi-stable-1.68.1 as build +FROM blackdex/rust-musl:arm-musleabi-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -76,12 +75,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/arm-unknown-linux-musleabi/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile index b739c7d4..654dad06 100644 --- a/docker/armv7/Dockerfile +++ b/docker/armv7/Dockerfile @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -48,7 +47,6 @@ RUN dpkg --add-architecture armhf \ --no-install-recommends \ gcc-arm-linux-gnueabihf \ libc6-dev:armhf \ - libcap2-bin \ libmariadb-dev:armhf \ libmariadb-dev-compat:armhf \ libmariadb3:armhf \ @@ -98,7 +96,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine index e3d8350e..137f84d8 100644 --- a/docker/armv7/Dockerfile.alpine +++ b/docker/armv7/Dockerfile.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.1 as build +FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -74,7 +73,6 @@ RUN touch src/main.rs # your actual source files being built RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv7/Dockerfile.buildkit b/docker/armv7/Dockerfile.buildkit index 33be6833..8e950799 100644 --- a/docker/armv7/Dockerfile.buildkit +++ b/docker/armv7/Dockerfile.buildkit @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM rust:1.68.1-bullseye as build +FROM rust:1.68.2-bullseye as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -48,7 +47,6 @@ RUN dpkg --add-architecture armhf \ --no-install-recommends \ gcc-arm-linux-gnueabihf \ libc6-dev:armhf \ - libcap2-bin \ libmariadb-dev:armhf \ libmariadb-dev-compat:armhf \ libmariadb3:armhf \ @@ -98,12 +96,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/armv7-unknown-linux-gnueabihf/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built diff --git a/docker/armv7/Dockerfile.buildkit.alpine b/docker/armv7/Dockerfile.buildkit.alpine index e30c4a62..b20f6bd2 100644 --- a/docker/armv7/Dockerfile.buildkit.alpine +++ b/docker/armv7/Dockerfile.buildkit.alpine @@ -2,7 +2,6 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. - # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ @@ -27,7 +26,7 @@ FROM vaultwarden/web-vault@sha256:aa6ba791911a815ea570ec2ddc59992481c6ba8fbb65eed4f7074b463430d3ee as vault ########################## BUILD IMAGE ########################## -FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.1 as build +FROM blackdex/rust-musl:armv7-musleabihf-stable-1.68.2 as build # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -74,12 +73,6 @@ RUN touch src/main.rs # your actual source files being built RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf -# Add the `cap_net_bind_service` capability to allow listening on -# privileged (< 1024) ports even when running as a non-root user. -# This is only done if building with BuildKit; with the legacy -# builder, the `COPY` instruction doesn't carry over capabilities. -RUN setcap cap_net_bind_service=+ep target/armv7-unknown-linux-musleabihf/release/vaultwarden - ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built |