From bd35ec2e520ec6c6f60f6bf78ccafe7515a6e3e8 Mon Sep 17 00:00:00 2001 From: Jose Quintana Date: Sat, 27 Sep 2025 02:01:57 +0200 Subject: [PATCH 1/2] chore: draft for multiarch image --- Dockerfile | 57 ++++++++-- Dockerfile.cross | 191 +++++++++++++++++++++++++++++++++ Makefile | 138 ++++++++++++++++++++---- README.md | 28 ++--- cargo/config.toml | 3 - scripts/git-credential-ghtoken | 79 -------------- tests/openssl/Cargo.lock | 156 +++++++++++++++++++++++++++ tests/openssl/Cargo.toml | 11 ++ tests/openssl/src/main.rs | 18 ++++ tests/zlib/Cargo.lock | 57 ++++++---- tests/zlib/Cargo.toml | 2 +- 11 files changed, 591 insertions(+), 149 deletions(-) create mode 100644 Dockerfile.cross delete mode 100755 scripts/git-credential-ghtoken create mode 100644 tests/openssl/Cargo.lock create mode 100644 tests/openssl/Cargo.toml create mode 100644 tests/openssl/src/main.rs diff --git a/Dockerfile b/Dockerfile index 0558534..46121a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # NOTE: Most of Dockerfile and related were borrowed from https://hub.docker.com/r/ekidd/rust-musl-builder -FROM debian:12.11-slim +FROM debian:12.12-slim ARG VERSION=0.0.0 ENV VERSION=${VERSION} @@ -19,15 +19,17 @@ RUN set -eux \ && DEBIAN_FRONTEND=noninteractive apt-get install -qq -y --no-install-recommends --no-install-suggests \ autoconf \ automake \ + bison \ build-essential \ ca-certificates \ clang \ cmake \ curl \ file \ + flex \ + g++-aarch64-linux-gnu \ gcc-aarch64-linux-gnu \ gcc-arm-linux-gnueabihf \ - g++-aarch64-linux-gnu \ git \ libbz2-dev \ libgmp-dev \ @@ -43,15 +45,15 @@ RUN set -eux \ llvm-dev \ lzma-dev \ musl-dev \ - musl-dev:armhf \ musl-dev:arm64 \ + musl-dev:armhf \ musl-tools \ patch \ pkgconf \ python3 \ xutils-dev \ - yasm \ xz-utils \ + yasm \ zlib1g-dev \ # Clean up local repository of retrieved packages and remove the package lists && apt-get clean \ @@ -80,7 +82,7 @@ RUN set -eux \ # the popular Rust `hyper` crate. # OpenSSL 1.1.1 - https://github.com/openssl/openssl/releases -ARG OPENSSL_VERSION=1.1.1w +ARG OPENSSL_VERSION=3.5.3 # We point /usr/local/musl/include/linux at some Linux kernel headers (not # necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine" @@ -100,8 +102,7 @@ RUN set -eux \ && ln -s "/usr/include/$(uname -m)-linux-gnu/asm" /usr/local/musl/include/asm \ && ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic \ && cd /tmp \ - && ver=$(echo $OPENSSL_VERSION | sed -e 's:\.:_:g') \ - && curl -LO "https://github.com/openssl/openssl/releases/download/OpenSSL_${ver}/openssl-${OPENSSL_VERSION}.tar.gz" \ + && curl -LO "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" \ && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ && cd "openssl-${OPENSSL_VERSION}" \ && env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY ${config} "linux-$(uname -m)" \ @@ -109,11 +110,27 @@ RUN set -eux \ && env C_INCLUDE_PATH=/usr/local/musl/include/ make -j$(nproc) \ && make -j$(nproc) install_sw \ && make -j$(nproc) install_ssldirs \ - && rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic \ && openssl version \ + && rm -rf \ + /usr/local/musl/include/linux \ + /usr/local/musl/include/asm \ + /usr/local/musl/include/asm-generic \ + && ls -l /usr/local/musl \ + && if [ "$(uname -m)" = "x86_64" ]; then \ + ln -s /usr/local/musl/lib64 /usr/local/musl/lib; \ + fi \ && rm -r /tmp/* \ && true +RUN set -eux \ + && echo "Testing musl-gcc with OpenSSL..." \ + && openssl version \ + && echo "int main(){return 0;}" | \ + musl-gcc -o test -x c - \ + -I/usr/local/musl/include \ + -L/usr/local/musl/lib \ + -lssl -lcrypto \ + && true # zlib - http://zlib.net/ ARG ZLIB_VERSION=1.3.1 @@ -132,7 +149,22 @@ RUN set -eux \ # libpq - https://ftp.postgresql.org/pub/source/ -ARG POSTGRESQL_VERSION=15.9 +ARG POSTGRESQL_VERSION=17.6 +ARG ICU4C_VERSION=77.1 + +RUN set -eux \ + && echo "Building icu4c..." \ + && cd /tmp \ + && ver1=$(echo $ICU4C_VERSION | sed -e 's:\.:-:g') \ + && ver2=$(echo $ICU4C_VERSION | sed -e 's:\.:_:g') \ + && curl -LO https://github.com/unicode-org/icu/releases/download/release-${ver1}/icu4c-${ver2}-src.tgz \ + && tar xf icu4c-${ver2}-src.tgz \ + && cd icu/source \ + && env CC=musl-gcc CXX=musl-g++ ./configure --prefix=/usr/local/musl \ + && make -j$(nproc) \ + && make -j$(nproc) install \ + && rm -r /tmp/* \ + && true RUN set -eux \ && echo "Building libpq ${POSTGRESQL_VERSION}..." \ @@ -206,6 +238,8 @@ RUN set -eux \ ENV PATH=$PATH:/usr/local/osxcross/target/bin ENV MACOSX_DEPLOYMENT_TARGET=${OSX_VERSION_MIN} ENV OSXCROSS_MACPORTS_MIRROR=https://packages.macports.org +ENV OSXCROSS_MACPORTS_LOCAL=/usr/local/osxcross/target/macports/pkgs/opt/local +ENV OSXCROSS_MACPORTS_LIBEXEC=${OSXCROSS_MACPORTS_LOCAL}/libexec RUN set -eux \ && echo "Testing osxcross with compiler-rt..." \ @@ -217,10 +251,11 @@ RUN set -eux \ && echo "Install dependencies via osxcross tools..." \ && apt-get update \ && /usr/local/osxcross/tools/get_dependencies.sh \ + && osxcross-macports install zlib openssl3 \ && true # Rust stable toolchain -ARG TOOLCHAIN=1.86.0 +ARG TOOLCHAIN=1.87.0 # Install our Rust toolchain and the `musl` target. We patch the # command-line we pass to the installer so that it won't attempt to @@ -236,7 +271,7 @@ RUN set -eux \ x86_64-apple-darwin \ x86_64-unknown-linux-musl \ && true -COPY cargo/config.toml /root/.cargo/config +COPY cargo/config.toml /root/.cargo/config.toml RUN set -eux \ && echo "Removing temp files..." \ diff --git a/Dockerfile.cross b/Dockerfile.cross new file mode 100644 index 0000000..ac7392f --- /dev/null +++ b/Dockerfile.cross @@ -0,0 +1,191 @@ +FROM joseluisq/docker-osxcross:1.0.0-beta.1 + +ARG VERSION=0.0.0 +ENV VERSION=${VERSION} + +LABEL version="${VERSION}" \ + description="Use same Docker image for compiling Rust programs for Linux (musl libc) & macOS (osxcross)." \ + maintainer="Jose Quintana " + +# Static linking for C++ code +RUN set -eux \ + && ln -s "/usr/bin/g++" "/usr/bin/musl-g++" \ + # Create appropriate directories for current user + && mkdir -p /root/libs /root/src \ + && true + +ENV PATH=/root/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH + +##### Rust toolchains + +# Rust/Cargo related environment variables +ENV TARGET=musl +# Crate-related environment variables +ENV LIBZ_SYS_STATIC=1 + +# Rust stable toolchain +ARG TOOLCHAIN=1.87.0 + +RUN set -eux \ + && curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain=$TOOLCHAIN \ + && rustup target add \ + aarch64-apple-darwin \ + aarch64-unknown-linux-gnu \ + aarch64-unknown-linux-musl \ + x86_64-apple-darwin \ + x86_64-unknown-linux-musl \ + && true + +COPY cargo/config.toml /root/.cargo/config.toml + +RUN set -eux \ + && rustc -vV \ + && cargo -vV \ + && true + +##### Libraries + +# zlib - http://zlib.net/ +ARG ZLIB_VERSION=1.3.1 + +WORKDIR /tmp + +RUN set -eux \ + && echo "Downloading zlib ${ZLIB_VERSION}..." \ + && cd /tmp \ + && curl -LO "https://www.zlib.net/fossils/zlib-${ZLIB_VERSION}.tar.gz" \ + && tar xzf "zlib-${ZLIB_VERSION}.tar.gz" \ + && rm -rf "zlib-${ZLIB_VERSION}.tar.gz" \ + && true + +WORKDIR /tmp/zlib-${ZLIB_VERSION} + +# x86_64 glibc +RUN set -eux \ + && make distclean \ + && CC=gcc ./configure --prefix=/usr/local/x86_64-linux-gnu \ + && make -j$(nproc) \ + && make install \ + && true + +# arm64 glibc +RUN set -eux \ + && make distclean \ + && CC=aarch64-linux-gnu-gcc ./configure --prefix=/usr/local/aarch64-linux-gnu \ + && make -j$(nproc) \ + && make install \ + && true + +# x86_64 musl +RUN set -eux \ + && make distclean \ + && CC=musl-gcc ./configure --static --prefix=/usr/local/x86_64-linux-musl \ + && make -j$(nproc) \ + && make install \ + && true + +WORKDIR /tmp + +# OpenSSL 3.5.3 - https://github.com/openssl/openssl/releases +ARG OPENSSL_VERSION=3.5.3 + +RUN set -eux \ + && curl -LO "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" \ + && true + +# We point /usr/local/musl/include/linux at some Linux kernel headers (not +# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine" +# component. It's possible that this will cause bizarre and terrible things to +# happen. There may be "sanitized" header +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for x86_64..." \ + && ls /usr/include/linux \ + && mkdir -p /usr/local/x86_64-linux-musl/include \ + && ln -s /usr/include/linux /usr/local/x86_64-linux-musl/include/linux \ + && ln -s "/usr/include/x86_64-linux-gnu/asm" /usr/local/x86_64-linux-musl/include/asm \ + && ln -s /usr/include/asm-generic /usr/local/x86_64-linux-musl/include/asm-generic \ + && env CC=musl-gcc ./Configure no-shared no-zlib \ + -fPIC --prefix=/usr/local/x86_64-linux-musl \ + -DOPENSSL_NO_SECURE_MEMORY "linux-x86_64" \ + && env C_INCLUDE_PATH=/usr/local/x86_64-linux-musl/include/ make depend \ + && env C_INCLUDE_PATH=/usr/local/x86_64-linux-musl/include/ make -j$(nproc) \ + && make -j$(nproc) install_sw \ + && make -j$(nproc) install_ssldirs \ + && openssl version \ + && rm -rf \ + /usr/local/x86_64-linux-musl/include/linux \ + /usr/local/x86_64-linux-musl/include/asm \ + /usr/local/x86_64-linux-musl/include/asm-generic \ + && ls -l /usr/local/x86_64-linux-musl \ + && if ! [ -d /usr/local/x86_64-linux-musl/lib ]; then \ + ln -s /usr/local/x86_64-linux-musl/lib64 /usr/local/x86_64-linux-musl/lib; \ + else \ + mv /usr/local/x86_64-linux-musl/lib /usr/local/x86_64-linux-musl/abc; \ + mv /usr/local/x86_64-linux-musl/lib64 /usr/local/x86_64-linux-musl/lib; \ + cp -rp /usr/local/x86_64-linux-musl/abc/. /usr/local/x86_64-linux-musl/lib/; \ + unlink /usr/local/x86_64-linux-musl/lib/lib64; \ + rm -rf /usr/local/x86_64-linux-musl/abc; \ + fi \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for aarch64..." \ + && ls /usr/include/linux \ + && mkdir -p /usr/local/aarch64-linux-gnu/include \ + # && ln -s /usr/include/linux /usr/local/aarch64-linux-gnu/include/linux \ + # && ln -s "/usr/include/aarch64-linux-gnu/asm" /usr/local/aarch64-linux-gnu/include/asm \ + # && ln -s /usr/include/asm-generic /usr/local/aarch64-linux-gnu/include/asm-generic \ + && env CC=aarch64-linux-gnu-gcc ./Configure no-shared no-zlib \ + -fPIC --prefix=/usr/local/aarch64-linux-gnu \ + -DOPENSSL_NO_SECURE_MEMORY -mno-outline-atomics "linux-aarch64" \ + && env C_INCLUDE_PATH=/usr/local/aarch64-linux-gnu/include/ make depend \ + && env C_INCLUDE_PATH=/usr/local/aarch64-linux-gnu/include/ make -j$(nproc) \ + && make -j$(nproc) install_sw \ + && make -j$(nproc) install_ssldirs \ + && openssl version \ + && rm -rf \ + /usr/local/aarch64-linux-gnu/include/linux \ + /usr/local/aarch64-linux-gnu/include/asm \ + /usr/local/aarch64-linux-gnu/include/asm-generic \ + && ls -l /usr/local/aarch64-linux-gnu \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + +RUN set -eux \ + && echo "Testing musl-gcc with OpenSSL..." \ + && openssl version \ + && echo "int main(){return 0;}" | \ + musl-gcc -o test -x c - \ + -I/usr/local/x86_64-linux-musl/include \ + -L/usr/local/x86_64-linux-musl/lib \ + -lssl -lcrypto \ + && true + +WORKDIR /root + +# OpenSSL related environment variables +ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/x86_64-linux-musl +ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/aarch64-linux-gnu +ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 +ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 + +# pkg-config related environment variables +ENV PKG_CONFIG_ALLOW_CROSS=true \ + PKG_CONFIG_ALL_STATIC=true + +RUN set -eux \ + && echo "Removing temp files..." \ + && rm -rf *~ taballs *.tar.xz \ + && rm -rf /tmp/* \ + && true + +WORKDIR /root/src + +CMD ["bash"] diff --git a/Makefile b/Makefile index 68f71da..31a6919 100644 --- a/Makefile +++ b/Makefile @@ -9,6 +9,28 @@ build: -f Dockerfile . .PHONY: build +build-osxcross: + docker build \ + -t $(REPOSITORY)/rust-linux-darwin-builder:osxcross \ + --network=host \ + -f Dockerfile . +.PHONY: build-osxcross + +build-cross: + docker build \ + -t $(REPOSITORY)/rust-linux-darwin-builder:cross \ + --network=host \ + -f Dockerfile.cross . +.PHONY: build-cross + +run-cross: + @docker run --rm -it \ + -v $(PWD):/root/src \ + -v $(PWD)/cargo/config.toml:/root/.cargo/config.toml \ + -w /root/src \ + $(REPOSITORY)/rust-linux-darwin-builder:cross \ + bash +.PHONY: run-cross # Use to build both arm64 and amd64 images at the same time. # WARNING! Will automatically push, since multi-platform images are not available locally. @@ -25,12 +47,20 @@ buildx: .PHONY: buildx +run: + @docker run --rm -it \ + -v $(PWD):/root/src \ + -w /root/src \ + $(REPOSITORY)/rust-linux-darwin-builder:$(TAG) \ + bash +.PHONY: run + test: @docker run --rm \ -v $(PWD):/root/src \ -w /root/src \ $(REPOSITORY)/rust-linux-darwin-builder:$(TAG) \ - bash -c 'set -eu; make test-ci' + bash -c 'set -eu; make test-ci; make test-openssl' .PHONY: test test-ci: @@ -45,86 +75,156 @@ test-ci: && if [ "$$(uname -m)" = "x86_64" ]; then \ echo "Compiling application (linux-gnu x86_64)..."; \ cargo build --release --target x86_64-unknown-linux-gnu; \ - du -sh target/x86_64-unknown-linux-gnu/release/hello-world-test; \ target/x86_64-unknown-linux-gnu/release/hello-world-test; \ + du -sh target/x86_64-unknown-linux-gnu/release/hello-world-test; \ + file target/x86_64-unknown-linux-gnu/release/hello-world-test; \ echo; \ \ echo "Compiling application (linux-musl x86_64)..."; \ cargo build --release --target x86_64-unknown-linux-musl; \ - du -sh target/x86_64-unknown-linux-musl/release/hello-world-test; \ target/x86_64-unknown-linux-musl/release/hello-world-test; \ + du -sh target/x86_64-unknown-linux-musl/release/hello-world-test; \ + file target/x86_64-unknown-linux-musl/release/hello-world-test; \ echo; \ fi \ \ && echo "Cross-compiling application (apple-darwin x86_64)..." \ && cargo build --release --target x86_64-apple-darwin \ && du -sh target/x86_64-apple-darwin/release/hello-world-test \ + && file target/x86_64-apple-darwin/release/hello-world-test \ && echo \ -\ \ && echo "Cross-compiling application (linux-gnu aarch64)..." \ && cargo build --release --target aarch64-unknown-linux-gnu \ - && du -sh target/aarch64-unknown-linux-gnu/release/hello-world-test \ && if [ "$$(uname -m)" = "aarch64" ]; then \ target/aarch64-unknown-linux-gnu/release/hello-world-test; \ fi \ + && du -sh target/aarch64-unknown-linux-gnu/release/hello-world-test \ + && file target/aarch64-unknown-linux-gnu/release/hello-world-test \ && echo \ \ && echo "Cross-compiling application (linux-musl aarch64)..." \ && cargo build --release --target aarch64-unknown-linux-musl \ - && du -sh target/aarch64-unknown-linux-musl/release/hello-world-test \ && if [ "$$(uname -m)" = "aarch64" ]; then \ target/aarch64-unknown-linux-musl/release/hello-world-test; \ fi \ + && du -sh target/aarch64-unknown-linux-musl/release/hello-world-test \ + && file target/aarch64-unknown-linux-musl/release/hello-world-test \ && echo \ \ && echo "Cross-compiling application (apple-darwin aarch64)..." \ && cargo build --release --target aarch64-apple-darwin \ - && du -sh target/aarch64-apple-darwin/release/hello-world-test + && du -sh target/aarch64-apple-darwin/release/hello-world-test \ + && file target/aarch64-apple-darwin/release/hello-world-test +.ONESHELL: test-ci + +test-zlib: + @echo "Checking Debian version..." + @cat /etc/debian_version + @echo + @echo "Testing cross-compiling zlib application..." + @rustc -vV @echo - @cd ../.. @cd tests/zlib \ \ && if [ "$$(uname -m)" = "x86_64" ]; then \ echo "Compiling application (linux-gnu x86_64)..."; \ cargo build --release --target x86_64-unknown-linux-gnu; \ - du -sh target/x86_64-unknown-linux-gnu/release/zlib-test; \ target/x86_64-unknown-linux-gnu/release/zlib-test; \ + du -sh target/x86_64-unknown-linux-gnu/release/zlib-test; \ + file target/x86_64-unknown-linux-gnu/release/zlib-test; \ echo; \ \ echo "Compiling application (linux-musl x86_64)..."; \ cargo build --release --target x86_64-unknown-linux-musl; \ - du -sh target/x86_64-unknown-linux-musl/release/zlib-test; \ target/x86_64-unknown-linux-musl/release/zlib-test; \ + du -sh target/x86_64-unknown-linux-musl/release/zlib-test; \ + file target/x86_64-unknown-linux-musl/release/zlib-test; \ echo; \ fi \ \ && echo "Cross-compiling application (apple-darwin x86_64)..." \ - && LIBZ_SYS_STATIC=0 CC=o64-clang CXX=o64-clang++ \ + && LIBZ_SYS_STATIC=1 CC=o64-clang CXX=o64-clang++ \ cargo build --release --target x86_64-apple-darwin \ && du -sh target/x86_64-apple-darwin/release/zlib-test \ - && echo \ -\ + && file target/x86_64-apple-darwin/release/zlib-test \ \ && echo "Cross-compiling application (linux-gnu aarch64)..." \ - && cargo build --release --target aarch64-unknown-linux-gnu \ - && du -sh target/aarch64-unknown-linux-gnu/release/zlib-test \ + && CC=aarch64-linux-gnu-gcc cargo build --release --target aarch64-unknown-linux-gnu \ && if [ "$$(uname -m)" = "aarch64" ]; then \ target/aarch64-unknown-linux-gnu/release/zlib-test; \ fi \ + && du -sh target/aarch64-unknown-linux-gnu/release/zlib-test \ + && file target/aarch64-unknown-linux-gnu/release/zlib-test \ && echo \ \ && echo "Cross-compiling application (linux-musl aarch64)..." \ && cargo build --release --target aarch64-unknown-linux-musl \ - && du -sh target/aarch64-unknown-linux-musl/release/zlib-test \ && if [ "$$(uname -m)" = "aarch64" ]; then \ target/aarch64-unknown-linux-musl/release/zlib-test; \ fi \ + && du -sh target/aarch64-unknown-linux-musl/release/zlib-test \ + && file target/aarch64-unknown-linux-musl/release/zlib-test \ && echo \ \ && echo "Cross-compiling application (apple-darwin aarch64)..." \ - && LIBZ_SYS_STATIC=0 CC=o64-clang CXX=o64-clang++ \ + && LIBZ_SYS_STATIC=1 CC=oa64-clang CXX=oa64-clang++ \ cargo build --release --target aarch64-apple-darwin \ - && du -sh target/aarch64-apple-darwin/release/zlib-test + && du -sh target/aarch64-apple-darwin/release/zlib-test \ + && file target/aarch64-apple-darwin/release/zlib-test -.ONESHELL: test-ci +.ONESHELL: test-zlib + +test-openssl: + @echo "Checking Debian version..." + @cat /etc/debian_version + @echo + @echo "Testing cross-compiling openssl application..." + @rustc -vV + @echo + @cd tests/openssl \ +\ + && if [ "$$(uname -m)" = "x86_64" ]; then \ + echo "Compiling application (linux-gnu x86_64)..."; \ + cargo build --release --target x86_64-unknown-linux-gnu; \ + target/x86_64-unknown-linux-gnu/release/openssl; \ + du -sh target/x86_64-unknown-linux-gnu/release/openssl; \ + file target/x86_64-unknown-linux-gnu/release/openssl; \ + echo; \ +\ + echo "Compiling application (linux-musl x86_64)..."; \ + cargo build --release --target x86_64-unknown-linux-musl; \ + target/x86_64-unknown-linux-musl/release/openssl; \ + du -sh target/x86_64-unknown-linux-musl/release/openssl; \ + file target/x86_64-unknown-linux-musl/release/openssl; \ + echo; \ + fi \ +\ + && echo "Cross-compiling application (apple-darwin x86_64)..." \ + && OPENSSL_STATIC=1 \ + CC=o64-clang CXX=o64-clang++ \ + cargo build --release --target x86_64-apple-darwin \ + && du -sh target/x86_64-apple-darwin/release/openssl \ + && file target/x86_64-apple-darwin/release/openssl \ + && echo \ +\ + && echo "Cross-compiling application (linux-musl aarch64)..." \ + && cargo build --release --target aarch64-unknown-linux-musl \ + && if [ "$$(uname -m)" = "arm64" ]; then \ + target/aarch64-unknown-linux-musl/release/openssl; \ + fi \ + && du -sh target/aarch64-unknown-linux-musl/release/openssl \ + && file target/aarch64-unknown-linux-musl/release/openssl \ + && echo \ +\ + && echo "Cross-compiling application (apple-darwin aarch64)..." \ + && CC=oa64-clang CXX=oa64-clang++ \ + cargo build --release --target aarch64-apple-darwin \ + && if [ "$$(uname -m)" = "arm64" ]; then \ + target/aarch64-apple-darwin/release/openssl; \ + fi \ + && du -sh target/aarch64-apple-darwin/release/openssl \ + && file target/aarch64-apple-darwin/release/openssl \ + && echo \ + && echo "Cross-compiling done." +.ONESHELL: test-openssl diff --git a/README.md b/README.md index 3993d74..84c2bd4 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Below are the default toolchains included in the Docker image. docker run --rm \ --volume "${PWD}/sample":/root/src \ --workdir /root/src \ - joseluisq/rust-linux-darwin-builder:1.86.0 \ + joseluisq/rust-linux-darwin-builder:1.87.0 \ sh -c "cargo build --release --target x86_64-unknown-linux-musl" ``` @@ -52,7 +52,7 @@ docker run --rm \ docker run --rm \ --volume "${PWD}/sample":/root/src \ --workdir /root/src \ - joseluisq/rust-linux-darwin-builder:1.86.0 \ + joseluisq/rust-linux-darwin-builder:1.87.0 \ sh -c "cargo build --release --target x86_64-unknown-linux-gnu" ``` @@ -62,7 +62,7 @@ docker run --rm \ docker run --rm \ --volume "${PWD}/sample":/root/src \ --workdir /root/src \ - joseluisq/rust-linux-darwin-builder:1.86.0 \ + joseluisq/rust-linux-darwin-builder:1.87.0 \ sh -c "cargo build --release --target x86_64-apple-darwin" ``` @@ -74,7 +74,7 @@ docker run --rm \ docker run --rm \ --volume "${PWD}/sample":/root/src \ --workdir /root/src \ - joseluisq/rust-linux-darwin-builder:1.86.0 \ + joseluisq/rust-linux-darwin-builder:1.87.0 \ sh -c "cargo build --release --target aarch64-unknown-linux-gnu" ``` @@ -84,7 +84,7 @@ docker run --rm \ docker run --rm \ --volume "${PWD}/sample":/root/src \ --workdir /root/src \ - joseluisq/rust-linux-darwin-builder:1.86.0 \ + joseluisq/rust-linux-darwin-builder:1.87.0 \ sh -c "cargo build --release --target aarch64-unknown-linux-musl" ``` @@ -94,7 +94,7 @@ docker run --rm \ docker run --rm \ --volume "${PWD}/sample":/root/src \ --workdir /root/src \ - joseluisq/rust-linux-darwin-builder:1.86.0 \ + joseluisq/rust-linux-darwin-builder:1.87.0 \ sh -c "cargo build --release --target aarch64-apple-darwin" ``` @@ -107,7 +107,7 @@ It's known that the [`CARGO_HOME`](https://doc.rust-lang.org/cargo/guide/cargo-h You can also use the image as a base for your Dockerfile: ```Dockerfile -FROM joseluisq/rust-linux-darwin-builder:1.86.0 +FROM joseluisq/rust-linux-darwin-builder:1.87.0 ``` ### OSXCross @@ -150,7 +150,7 @@ compile: @docker run --rm -it \ -v $(PWD):/app/src \ -w /app/src \ - joseluisq/rust-linux-darwin-builder:1.86.0 \ + joseluisq/rust-linux-darwin-builder:1.87.0 \ make cross-compile .PHONY: compile @@ -172,14 +172,14 @@ cross-compile: Just run the makefile `compile` target, then you will see two release binaries `x86_64-unknown-linux-musl` and `x86_64-apple-darwin`. ```sh -make compile -# rustc 1.86.0 (05f9846f8 2025-03-31) +# make compile +# rustc 1.87.0 (17067e9ac 2025-05-09) # binary: rustc -# commit-hash: 05f9846f893b09a1be1fc8560e33fc3c815cfecb -# commit-date: 2025-03-31 +# commit-hash: 17067e9ac6d7ecb70e50f92c1944e545188d2359 +# commit-date: 2025-05-09 # host: x86_64-unknown-linux-gnu -# release: 1.86.0 -# LLVM version: 19.1.7 +# release: 1.87.0 +# LLVM version: 20.1.1 # 2. Compiling application (linux-musl x86_64)... # Finished release [optimized] target(s) in 0.01s diff --git a/cargo/config.toml b/cargo/config.toml index 521423f..492c816 100644 --- a/cargo/config.toml +++ b/cargo/config.toml @@ -2,9 +2,6 @@ # Target musl-libc by default when running Cargo target = "x86_64-unknown-linux-musl" -[target.armv7-unknown-linux-musleabihf] -linker = "arm-linux-gnueabihf-gcc" - [target.aarch64-unknown-linux-gnu] linker = "aarch64-linux-gnu-gcc" diff --git a/scripts/git-credential-ghtoken b/scripts/git-credential-ghtoken deleted file mode 100755 index 20a8fd0..0000000 --- a/scripts/git-credential-ghtoken +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash -# -# Usage: git-credential-ghtoken -# -# Allows `git` to authenticate with GitHub using `GH_USER` and `GH_TOKEN` -# environment variables. -# -# To install this: -# -# git config --global credential.https://github.com.helper \ -# "$(pwd)/scripts/git-credential-ghtoken" -# -# Or copy it into your path and run: -# -# git config --global credential.https://github.com.helper ghtoken -# -# -# Copyright (c) 2018 Faraday, Inc. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in all -# copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - -# Standard paranoia. -set -euo pipefail - -# Parse our command-line arguments. -operation="$1" - -# Ignore all operations besides `get`. -if [ "$operation" != get ]; then - exit 0 -fi - -# Quit now if we don't have the necessary environment variables. -if [ ! -v GH_USER ] || [ ! -v GH_TOKEN ]; then - exit 0 -fi - -# Parse the input we receive from `git`. -while read line; do - var="$(echo "$line" | sed 's/=.*$//')" - val="$(echo "$line" | sed 's/^.*=//')" - case "$var" in - # Only send credentials over HTTPS. - protocol) - if [ "$val" != https ]; then - exit 0 - fi - ;; - # Only send credentials to GitHub (just extra paranoia; change as - # needed). - host) - if [ "$val" != github.com ]; then - exit 0 - fi - ;; - esac -done - -# Output our credentials. -cat <"] +edition = "2018" + +[dependencies] +openssl = { version = "0.10.73" } + +[profile.release] +lto = true diff --git a/tests/openssl/src/main.rs b/tests/openssl/src/main.rs new file mode 100644 index 0000000..7aaba02 --- /dev/null +++ b/tests/openssl/src/main.rs @@ -0,0 +1,18 @@ +use openssl::aes::{unwrap_key, wrap_key, AesKey}; + +fn main() { + let kek = b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + let key_to_wrap = b"\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"; + + let enc_key = AesKey::new_encrypt(kek).unwrap(); + let mut ciphertext = [0u8; 24]; + wrap_key(&enc_key, None, &mut ciphertext, &key_to_wrap[..]).unwrap(); + + let dec_key = AesKey::new_decrypt(kek).unwrap(); + let mut orig_key = [0u8; 16]; + unwrap_key(&dec_key, None, &mut orig_key, &ciphertext[..]).unwrap(); + + assert_eq!(&orig_key[..], &key_to_wrap[..]); + + println!("OpenSSL AES key wrapping tested sucessfully!") +} diff --git a/tests/zlib/Cargo.lock b/tests/zlib/Cargo.lock index ddddd3f..26d337b 100644 --- a/tests/zlib/Cargo.lock +++ b/tests/zlib/Cargo.lock @@ -1,42 +1,49 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] -name = "adler" -version = "1.0.2" +name = "adler2" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" [[package]] name = "cc" -version = "1.0.83" +version = "1.2.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1174fb0b6ec23863f8b971027804a42614e347eafb0a95bf0b12cdae21fc4d0" +checksum = "80f41ae168f955c12fb8960b057d70d0ca153fb83182b57d86380443527be7e9" dependencies = [ - "libc", + "find-msvc-tools", + "shlex", ] [[package]] name = "cfg-if" -version = "1.0.0" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" [[package]] name = "crc32fast" -version = "1.3.2" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d" +checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511" dependencies = [ "cfg-if", ] +[[package]] +name = "find-msvc-tools" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ced73b1dacfc750a6db6c0a0c3a3853c8b41997e2e2c563dc90804ae6867959" + [[package]] name = "flate2" -version = "1.0.27" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010" +checksum = "4a3d7db9596fecd151c5f638c0ee5d5bd487b6e0ea232e5dc96d5250f6f94b1d" dependencies = [ "crc32fast", "libz-sys", @@ -45,15 +52,15 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.147" +version = "0.2.175" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" [[package]] name = "libz-sys" -version = "1.1.12" +version = "1.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d97137b25e321a73eef1418d1d5d2eda4d77e12813f8e6dead84bc52c5870a7b" +checksum = "8b70e7a7df205e92a1a4cd9aaae7898dac0aa555503cc0a649494d0d60e7651d" dependencies = [ "cc", "libc", @@ -63,18 +70,24 @@ dependencies = [ [[package]] name = "miniz_oxide" -version = "0.7.1" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7810e0be55b428ada41041c41f32c9f1a42817901b4ccf45fa3d4b6561e74c7" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" dependencies = [ - "adler", + "adler2", ] [[package]] name = "pkg-config" -version = "0.3.27" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" + +[[package]] +name = "shlex" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "vcpkg" diff --git a/tests/zlib/Cargo.toml b/tests/zlib/Cargo.toml index 021dabe..5dd611a 100644 --- a/tests/zlib/Cargo.toml +++ b/tests/zlib/Cargo.toml @@ -5,7 +5,7 @@ authors = ["Jose Quintana "] edition = "2021" [dependencies] -flate2 = { version = "1.0", features = [ "zlib-default" ] } +flate2 = { version = "1.1.2", features = [ "zlib-default" ] } [profile.release] lto = true From cb84e4caf593639d089cbe20a493d9ced8e2e582 Mon Sep 17 00:00:00 2001 From: Jose Quintana Date: Tue, 30 Sep 2025 00:10:19 +0200 Subject: [PATCH 2/2] refactor: dockerfiles & fix openssl3 binary for x86_64/arm64 darwin --- .cirrus.yml | 97 ------- .github/workflows/devel.yml | 227 +++++++++++++++ .github/workflows/release-beta.yml | 157 +++++++++++ .github/workflows/release.yml | 201 ++++++++++++++ Dockerfile | 292 -------------------- Makefile | 46 +-- Dockerfile.cross => docker/amd64/Dockerfile | 51 +++- docker/arm64/Dockerfile | 224 +++++++++++++++ 8 files changed, 861 insertions(+), 434 deletions(-) delete mode 100644 .cirrus.yml create mode 100644 .github/workflows/devel.yml create mode 100644 .github/workflows/release-beta.yml create mode 100644 .github/workflows/release.yml delete mode 100644 Dockerfile rename Dockerfile.cross => docker/amd64/Dockerfile (78%) create mode 100644 docker/arm64/Dockerfile diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 54cf704..0000000 --- a/.cirrus.yml +++ /dev/null @@ -1,97 +0,0 @@ -task: - only_if: $CIRRUS_TAG == '' - timeout_in: 120m - matrix: - - name: linux-amd64 - compute_engine_instance: - image_project: cirrus-images - image: family/docker-builder - platform: linux - cpu: 8 - memory: 8G - - - name: linux-arm64 - compute_engine_instance: - image_project: cirrus-images - image: family/docker-builder-arm64 - architecture: arm64 - platform: linux - cpu: 4 - memory: 4G - - build_script: make build - run_script: make test - -task: - only_if: $CIRRUS_TAG != '' - alias: build-linux-image - timeout_in: 120m - env: - DOCKER_USERNAME: ENCRYPTED[db65fd6fc1af68040964a27c82f2cbd202c849199038cfddc961a573d803a4f2793ba30eede0b6bcdb6bbf29f5c4f012] - DOCKER_PASSWORD: ENCRYPTED[a1503baddfbe37c5a4474c46ec12b11beee3d16c054c1fa5bfcdde674be32524781f9d4e4d9444db6575fc5aa6270040] - matrix: - - name: linux-amd64 - env: - CIRRUS_ARCH: amd64 - compute_engine_instance: - image_project: cirrus-images - image: family/docker-builder - platform: linux - cpu: 8 - memory: 8G - - - name: linux-arm64 - env: - CIRRUS_ARCH: arm64 - compute_engine_instance: - image_project: cirrus-images - image: family/docker-builder-arm64 - architecture: arm64 - platform: linux - cpu: 4 - memory: 4G - - build_script: TAG=$CIRRUS_ARCH make build - login_script: docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD - push_script: docker push joseluisq/rust-linux-darwin-builder:$CIRRUS_ARCH - -release_docker_builder: - only_if: $CIRRUS_TAG != '' - depends_on: - - build-linux-image - env: - DOCKER_USERNAME: ENCRYPTED[db65fd6fc1af68040964a27c82f2cbd202c849199038cfddc961a573d803a4f2793ba30eede0b6bcdb6bbf29f5c4f012] - DOCKER_PASSWORD: ENCRYPTED[a1503baddfbe37c5a4474c46ec12b11beee3d16c054c1fa5bfcdde674be32524781f9d4e4d9444db6575fc5aa6270040] - login_script: | - docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD - push_latest_script: | - docker manifest create \ - joseluisq/rust-linux-darwin-builder:latest \ - --amend joseluisq/rust-linux-darwin-builder:amd64 \ - --amend joseluisq/rust-linux-darwin-builder:arm64 - docker manifest push joseluisq/rust-linux-darwin-builder:latest - pull_latest_script: | - docker pull joseluisq/rust-linux-darwin-builder:amd64 - docker pull joseluisq/rust-linux-darwin-builder:arm64 - push_aliases_script: | - SEMVER=${CIRRUS_TAG##*v} - SEMVER_MAJOR=${SEMVER%.*.*} - SEMVER_MINOR=${SEMVER%.*} - - docker manifest create \ - joseluisq/rust-linux-darwin-builder:${SEMVER} \ - --amend joseluisq/rust-linux-darwin-builder:amd64 \ - --amend joseluisq/rust-linux-darwin-builder:arm64 - docker manifest push joseluisq/rust-linux-darwin-builder:${SEMVER} - - docker manifest create \ - joseluisq/rust-linux-darwin-builder:${SEMVER_MAJOR} \ - --amend joseluisq/rust-linux-darwin-builder:amd64 \ - --amend joseluisq/rust-linux-darwin-builder:arm64 - docker manifest push joseluisq/rust-linux-darwin-builder:${SEMVER_MAJOR} - - docker manifest create \ - joseluisq/rust-linux-darwin-builder:${SEMVER_MINOR} \ - --amend joseluisq/rust-linux-darwin-builder:amd64 \ - --amend joseluisq/rust-linux-darwin-builder:arm64 - docker manifest push joseluisq/rust-linux-darwin-builder:${SEMVER_MINOR} diff --git a/.github/workflows/devel.yml b/.github/workflows/devel.yml new file mode 100644 index 0000000..f1a7e13 --- /dev/null +++ b/.github/workflows/devel.yml @@ -0,0 +1,227 @@ +name: devel +on: + pull_request: + branches: + - master + paths: + - docker/** + - .github/workflows/*.yml + push: + branches: + - master + paths: + - docker/** + - .github/workflows/*.yml + +env: + DOCKER_IMAGE: localhost:5000/github.com/joseluisq/rust-linux-darwin-builder + +jobs: + docker-amd64: + name: Docker test (amd64) + runs-on: ubuntu-22.04 + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - + name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 1 + - + name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: rust-linux-darwin-builder-amd64-buildx-${{ github.sha }} + restore-keys: | + rust-linux-darwin-builder-amd64-buildx- + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.DOCKER_IMAGE }} + flavor: | + latest=false + suffix=-amd64 + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + - + name: Build and export to Docker client + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/amd64 + file: docker/amd64/Dockerfile + load: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + VERSION=0.0.0 + - + name: Build and push to local registry + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/amd64 + file: docker/amd64/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + VERSION=0.0.0 + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + - + name: Inspect image + run: | + docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} + - + name: Check manifest + if: github.event_name != 'pull_request' + run: | + docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} + - + name: Run tests + uses: addnab/docker-run-action@v3 + with: + image: "${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}" + shell: bash + run: | + set -eux + cat /etc/debian_version + uname -a + make test-app + make test-zlib + make test-openssl + - + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + docker-arm64: + name: Docker test (arm64) + runs-on: ubuntu-22.04-arm + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - + name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 1 + - + name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: rust-linux-darwin-builder-arm64-buildx-${{ github.sha }} + restore-keys: | + rust-linux-darwin-builder-arm64-buildx- + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.DOCKER_IMAGE }} + flavor: | + latest=false + suffix=-arm64 + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: network=host + - + name: Build and export to Docker client + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/arm64 + file: docker/arm64/Dockerfile + load: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + VERSION=0.0.0 + - + name: Build and push to local registry + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/arm64 + file: docker/arm64/Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + VERSION=0.0.0 + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max + + - + name: Inspect image + run: | + docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} + - + name: Check manifest + if: github.event_name != 'pull_request' + run: | + docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} + - + name: Run tests + uses: addnab/docker-run-action@v3 + with: + image: "${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }}" + shell: bash + run: | + set -eux + cat /etc/debian_version + uname -a + make test-app + make test-zlib + make test-openssl + - + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/.github/workflows/release-beta.yml b/.github/workflows/release-beta.yml new file mode 100644 index 0000000..80a6732 --- /dev/null +++ b/.github/workflows/release-beta.yml @@ -0,0 +1,157 @@ +name: release-beta +on: + push: + tags: + - 'v1.0.[0-9]+-beta.[0-9]+' + - 'v2.0.[0-9]+-beta.[0-9]+' + +jobs: + build-amd64: + name: osxcross (amd64) + runs-on: ubuntu-22.04 + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + joseluisq/rust-linux-darwin-builder + ghcr.io/joseluisq/rust-linux-darwin-builder + flavor: | + latest=false + suffix=-amd64 + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{version}}-amd64 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + provenance: false + context: . + platforms: linux/amd64 + file: ./docker/amd64/Dockerfile + tags: ${{ steps.meta.outputs.tags }} + + build-arm64: + name: osxcross (arm64) + runs-on: ubuntu-22.04-arm + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: | + joseluisq/rust-linux-darwin-builder + ghcr.io/joseluisq/rust-linux-darwin-builder + flavor: | + latest=false + suffix=-arm64 + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{version}}-arm64 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + provenance: false + context: . + platforms: linux/arm64 + file: ./docker/arm64/Dockerfile + tags: ${{ steps.meta.outputs.tags }} + + manifest: + needs: + - build-amd64 + - build-arm64 + runs-on: ubuntu-22.04 + steps: + - name: Set envs + run: | + github_ref=${GITHUB_REF#refs/tags/} + SEMVER=${github_ref##*v} + echo "SEMVER=${SEMVER}" >> $GITHUB_ENV + echo $SEMVER + - + name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Pull all images + run: | + docker pull joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 + docker pull joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + + docker pull ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 + docker pull ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + - + name: Push semver alias + run: | + docker manifest create \ + joseluisq/rust-linux-darwin-builder:$SEMVER \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push joseluisq/rust-linux-darwin-builder:$SEMVER + + docker manifest create \ + ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..c5694b3 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,201 @@ +name: release +on: + push: + tags: + - 'v1.0.[0-9]+' + - 'v2.0.[0-9]+' + +jobs: + build-amd64: + name: osxcross (amd64) + runs-on: ubuntu-22.04 + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Docker meta + id: meta-amd64 + uses: docker/metadata-action@v5 + with: + images: joseluisq/rust-linux-darwin-builder + flavor: | + latest=true + suffix=-amd64 + tags: | + type=semver,pattern={{version}} + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + provenance: false + context: . + platforms: linux/amd64 + file: ./docker/amd64/Dockerfile + tags: ${{ steps.meta-amd64.outputs.tags }} + + build-arm64: + name: osxcross (arm64) + runs-on: ubuntu-22.04-arm + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Docker meta + id: meta-arm64 + uses: docker/metadata-action@v5 + with: + images: | + joseluisq/rust-linux-darwin-builder + ghcr.io/joseluisq/rust-linux-darwin-builder + flavor: | + latest=true + suffix=-arm64 + tags: | + type=semver,pattern={{version}} + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - + name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + provenance: false + context: . + platforms: linux/arm64 + file: ./docker/arm64/Dockerfile + tags: ${{ steps.meta-arm64.outputs.tags }} + + manifest: + needs: + - build-amd64 + - build-arm64 + runs-on: ubuntu-22.04 + steps: + - name: Set envs + run: | + github_ref=${GITHUB_REF#refs/tags/} + SEMVER=${github_ref##*v} + SEMVER_MAJOR=${SEMVER%.*.*} + SEMVER_MINOR=${SEMVER%.*} + echo "SEMVER=${SEMVER}" >> $GITHUB_ENV + echo "SEMVER_MAJOR=${SEMVER_MAJOR}" >> $GITHUB_ENV + echo "SEMVER_MINOR=${SEMVER_MINOR}" >> $GITHUB_ENV + echo $SEMVER + echo $SEMVER_MAJOR + echo $SEMVER_MINOR + - + name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - + name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Pull all images + run: | + docker pull joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 + docker pull joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + + docker pull ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 + docker pull ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + - + name: Push semver minor alias + run: | + docker manifest create \ + joseluisq/rust-linux-darwin-builder:$SEMVER_MINOR \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push joseluisq/rust-linux-darwin-builder:$SEMVER_MINOR + + docker manifest create \ + ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER_MINOR \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER_MINOR + - + name: Push latest (1.0 or newer) + run: | + docker manifest create \ + joseluisq/rust-linux-darwin-builder:latest \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push joseluisq/rust-linux-darwin-builder:latest + + docker manifest create \ + ghcr.io/joseluisghcr.io/q/rust-linux-darwin-builder:latest \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push ghcr.io/joseluisq/rust-linux-darwin-builder:latest + - + name: Push semver alias + run: | + docker manifest create \ + joseluisq/rust-linux-darwin-builder:$SEMVER \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push joseluisq/rust-linux-darwin-builder:$SEMVER + + docker manifest create \ + ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER + - + name: Push semver major alias (1.0 or newer) + run: | + docker manifest create \ + joseluisq/rust-linux-darwin-builder:$SEMVER_MAJOR \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push joseluisq/rust-linux-darwin-builder:$SEMVER_MAJOR + + docker manifest create \ + ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER_MAJOR \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-amd64 \ + --amend ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER-arm64 + docker manifest push ghcr.io/joseluisq/rust-linux-darwin-builder:$SEMVER_MAJOR diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 46121a5..0000000 --- a/Dockerfile +++ /dev/null @@ -1,292 +0,0 @@ -# NOTE: Most of Dockerfile and related were borrowed from https://hub.docker.com/r/ekidd/rust-musl-builder - -FROM debian:12.12-slim - -ARG VERSION=0.0.0 -ENV VERSION=${VERSION} - -LABEL version="${VERSION}" \ - description="Use same Docker image for compiling Rust programs for Linux (musl libc) & macOS (osxcross)." \ - maintainer="Jose Quintana " - -# Make sure we have basic dev tools for building C libraries. Our goal -# here is to support the musl-libc builds and Cargo builds needed for a -# large selection of the most popular crates. -RUN set -eux \ - && dpkg --add-architecture armhf \ - && dpkg --add-architecture arm64 \ - && DEBIAN_FRONTEND=noninteractive apt-get update -qq \ - && DEBIAN_FRONTEND=noninteractive apt-get install -qq -y --no-install-recommends --no-install-suggests \ - autoconf \ - automake \ - bison \ - build-essential \ - ca-certificates \ - clang \ - cmake \ - curl \ - file \ - flex \ - g++-aarch64-linux-gnu \ - gcc-aarch64-linux-gnu \ - gcc-arm-linux-gnueabihf \ - git \ - libbz2-dev \ - libgmp-dev \ - libicu-dev \ - libmpc-dev \ - libmpfr-dev \ - libpq-dev \ - libsqlite3-dev \ - libssl-dev \ - libtool \ - libxml2-dev \ - linux-libc-dev \ - llvm-dev \ - lzma-dev \ - musl-dev \ - musl-dev:arm64 \ - musl-dev:armhf \ - musl-tools \ - patch \ - pkgconf \ - python3 \ - xutils-dev \ - xz-utils \ - yasm \ - zlib1g-dev \ - # Clean up local repository of retrieved packages and remove the package lists - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && true - -# Static linking for C++ code -RUN set -eux \ - && ln -s "/usr/bin/g++" "/usr/bin/musl-g++" \ - # Create appropriate directories for current user - && mkdir -p /root/libs /root/src \ - && true - -# Set up our path with all our binary directories, including those for the -# musl-gcc toolchain and for our Rust toolchain. -ENV PATH=/root/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access -# private repositories if desired. -COPY scripts/git-credential-ghtoken /usr/local/bin -RUN set -eux \ - && git config --global credential.https://github.com.helper ghtoken \ - && true - -# Build a static library version of OpenSSL using musl-libc. This is needed by -# the popular Rust `hyper` crate. - -# OpenSSL 1.1.1 - https://github.com/openssl/openssl/releases -ARG OPENSSL_VERSION=3.5.3 - -# We point /usr/local/musl/include/linux at some Linux kernel headers (not -# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine" -# component. It's possible that this will cause bizarre and terrible things to -# happen. There may be "sanitized" header -RUN set -eux \ - && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) config='';; \ - arm64) config='-mno-outline-atomics';; \ - *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; \ - esac \ - && echo "Building OpenSSL ${OPENSSL_VERSION}..." \ - && ls /usr/include/linux \ - && mkdir -p /usr/local/musl/include \ - && ln -s /usr/include/linux /usr/local/musl/include/linux \ - && ln -s "/usr/include/$(uname -m)-linux-gnu/asm" /usr/local/musl/include/asm \ - && ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic \ - && cd /tmp \ - && curl -LO "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" \ - && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ - && cd "openssl-${OPENSSL_VERSION}" \ - && env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY ${config} "linux-$(uname -m)" \ - && env C_INCLUDE_PATH=/usr/local/musl/include/ make depend \ - && env C_INCLUDE_PATH=/usr/local/musl/include/ make -j$(nproc) \ - && make -j$(nproc) install_sw \ - && make -j$(nproc) install_ssldirs \ - && openssl version \ - && rm -rf \ - /usr/local/musl/include/linux \ - /usr/local/musl/include/asm \ - /usr/local/musl/include/asm-generic \ - && ls -l /usr/local/musl \ - && if [ "$(uname -m)" = "x86_64" ]; then \ - ln -s /usr/local/musl/lib64 /usr/local/musl/lib; \ - fi \ - && rm -r /tmp/* \ - && true - -RUN set -eux \ - && echo "Testing musl-gcc with OpenSSL..." \ - && openssl version \ - && echo "int main(){return 0;}" | \ - musl-gcc -o test -x c - \ - -I/usr/local/musl/include \ - -L/usr/local/musl/lib \ - -lssl -lcrypto \ - && true - -# zlib - http://zlib.net/ -ARG ZLIB_VERSION=1.3.1 - -RUN set -eux \ - && echo "Building zlib ${ZLIB_VERSION}..." \ - && cd /tmp \ - && curl -LO "https://www.zlib.net/fossils/zlib-${ZLIB_VERSION}.tar.gz" \ - && tar xzf "zlib-${ZLIB_VERSION}.tar.gz" \ - && cd "zlib-${ZLIB_VERSION}" \ - && env CC=musl-gcc ./configure --static --prefix=/usr/local/musl \ - && make -j$(nproc) \ - && make -j$(nproc) install \ - && rm -r /tmp/* \ - && true - - -# libpq - https://ftp.postgresql.org/pub/source/ -ARG POSTGRESQL_VERSION=17.6 -ARG ICU4C_VERSION=77.1 - -RUN set -eux \ - && echo "Building icu4c..." \ - && cd /tmp \ - && ver1=$(echo $ICU4C_VERSION | sed -e 's:\.:-:g') \ - && ver2=$(echo $ICU4C_VERSION | sed -e 's:\.:_:g') \ - && curl -LO https://github.com/unicode-org/icu/releases/download/release-${ver1}/icu4c-${ver2}-src.tgz \ - && tar xf icu4c-${ver2}-src.tgz \ - && cd icu/source \ - && env CC=musl-gcc CXX=musl-g++ ./configure --prefix=/usr/local/musl \ - && make -j$(nproc) \ - && make -j$(nproc) install \ - && rm -r /tmp/* \ - && true - -RUN set -eux \ - && echo "Building libpq ${POSTGRESQL_VERSION}..." \ - && cd /tmp \ - && curl -LO "https://ftp.postgresql.org/pub/source/v${POSTGRESQL_VERSION}/postgresql-${POSTGRESQL_VERSION}.tar.gz" \ - && tar xzf "postgresql-${POSTGRESQL_VERSION}.tar.gz" \ - && cd "postgresql-${POSTGRESQL_VERSION}" \ - && env CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl \ - && cd src/interfaces/libpq \ - && make -j$(nproc) all-static-lib \ - && make -j$(nproc) install-lib-static \ - && cd ../../bin/pg_config \ - && make -j$(nproc) \ - && make -j$(nproc) install \ - && rm -r /tmp/* \ - && true - -ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/musl/ \ - AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/musl/ \ - X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 \ - AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 \ - PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \ - PQ_LIB_STATIC_AARCH64_UNKNOWN_LINUX_MUSL=1 \ - PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \ - PG_CONFIG_AARCH64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \ - PKG_CONFIG_ALLOW_CROSS=true \ - PKG_CONFIG_ALL_STATIC=true \ - LIBZ_SYS_STATIC=1 \ - TARGET=musl - -# (Please feel free to submit pull requests for musl-libc builds of other C -# libraries needed by the most popular and common Rust crates, to avoid -# everybody needing to build them manually.) - - -# Mac OS X SDK version - https://github.com/joseluisq/macosx-sdks -ARG OSX_SDK_VERSION=13.3 -ARG OSX_SDK_SUM=518e35eae6039b3f64e8025f4525c1c43786cc5cf39459d609852faf091e34be -ARG OSX_VERSION_MIN=10.14 - -# OS X Cross - https://github.com/tpoechtrager/osxcross -ARG OSX_CROSS_COMMIT=f873f534c6cdb0776e457af8c7513da1e02abe59 - -# Install OS X Cross -# A Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android -RUN set -eux \ - && echo "Cloning osxcross..." \ - && git clone https://github.com/tpoechtrager/osxcross.git /usr/local/osxcross \ - && cd /usr/local/osxcross \ - && git checkout -q "${OSX_CROSS_COMMIT}" \ - && rm -rf ./.git \ - && true - -RUN set -eux \ - && echo "Building osxcross with ${OSX_SDK_VERSION}..." \ - && cd /usr/local/osxcross \ - && curl -Lo "./tarballs/MacOSX${OSX_SDK_VERSION}.sdk.tar.xz" \ - "https://github.com/joseluisq/macosx-sdks/releases/download/${OSX_SDK_VERSION}/MacOSX${OSX_SDK_VERSION}.sdk.tar.xz" \ - && echo "${OSX_SDK_SUM} ./tarballs/MacOSX${OSX_SDK_VERSION}.sdk.tar.xz" \ - | sha256sum -c - \ - && env UNATTENDED=yes OSX_VERSION_MIN=${OSX_VERSION_MIN} ./build.sh \ - && true - -RUN set -eux \ - && cd /usr/local/osxcross \ - && echo "Building osxcross with compiler-rt..." \ - # compiler-rt can be needed to build code using `__builtin_available()` - && env DISABLE_PARALLEL_ARCH_BUILD=1 ./build_compiler_rt.sh \ - && true - -ENV PATH=$PATH:/usr/local/osxcross/target/bin -ENV MACOSX_DEPLOYMENT_TARGET=${OSX_VERSION_MIN} -ENV OSXCROSS_MACPORTS_MIRROR=https://packages.macports.org -ENV OSXCROSS_MACPORTS_LOCAL=/usr/local/osxcross/target/macports/pkgs/opt/local -ENV OSXCROSS_MACPORTS_LIBEXEC=${OSXCROSS_MACPORTS_LOCAL}/libexec - -RUN set -eux \ - && echo "Testing osxcross with compiler-rt..." \ - && echo "int main(void){return 0;}" | xcrun clang -xc -o/dev/null -v - 2>&1 | grep "libclang_rt" 1>/dev/null \ - && echo "compiler-rt installed and working successfully!" \ - && true - -RUN set -eux \ - && echo "Install dependencies via osxcross tools..." \ - && apt-get update \ - && /usr/local/osxcross/tools/get_dependencies.sh \ - && osxcross-macports install zlib openssl3 \ - && true - -# Rust stable toolchain -ARG TOOLCHAIN=1.87.0 - -# Install our Rust toolchain and the `musl` target. We patch the -# command-line we pass to the installer so that it won't attempt to -# interact with the user or fool around with TTYs. We also set the default -# `--target` to musl so that our users don't need to keep overriding it manually. -RUN set -eux \ - && curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain=$TOOLCHAIN \ - && rustup target add \ - aarch64-apple-darwin \ - aarch64-unknown-linux-gnu \ - aarch64-unknown-linux-musl \ - armv7-unknown-linux-musleabihf \ - x86_64-apple-darwin \ - x86_64-unknown-linux-musl \ - && true -COPY cargo/config.toml /root/.cargo/config.toml - -RUN set -eux \ - && echo "Removing temp files..." \ - && rm -rf *~ taballs *.tar.xz \ - && rm -rf /tmp/* \ - && true - -WORKDIR /root/src - -CMD ["bash"] - -# Metadata -LABEL org.opencontainers.image.vendor="Jose Quintana" \ - org.opencontainers.image.url="https://github.com/joseluisq/rust-linux-darwin-builder" \ - org.opencontainers.image.title="Rust Linux / Darwin Builder" \ - org.opencontainers.image.description="Use same Docker image for compiling Rust programs for Linux (musl libc) & macOS (osxcross)." \ - org.opencontainers.image.version="$VERSION" \ - org.opencontainers.image.documentation="https://github.com/joseluisq/rust-linux-darwin-builder" diff --git a/Makefile b/Makefile index 31a6919..1aa8b51 100644 --- a/Makefile +++ b/Makefile @@ -9,29 +9,6 @@ build: -f Dockerfile . .PHONY: build -build-osxcross: - docker build \ - -t $(REPOSITORY)/rust-linux-darwin-builder:osxcross \ - --network=host \ - -f Dockerfile . -.PHONY: build-osxcross - -build-cross: - docker build \ - -t $(REPOSITORY)/rust-linux-darwin-builder:cross \ - --network=host \ - -f Dockerfile.cross . -.PHONY: build-cross - -run-cross: - @docker run --rm -it \ - -v $(PWD):/root/src \ - -v $(PWD)/cargo/config.toml:/root/.cargo/config.toml \ - -w /root/src \ - $(REPOSITORY)/rust-linux-darwin-builder:cross \ - bash -.PHONY: run-cross - # Use to build both arm64 and amd64 images at the same time. # WARNING! Will automatically push, since multi-platform images are not available locally. # Use `REPOSITORY` arg to specify which container repository to push the images to. @@ -50,6 +27,7 @@ buildx: run: @docker run --rm -it \ -v $(PWD):/root/src \ + -v $(PWD)/cargo/config.toml:/root/.cargo/config.toml \ -w /root/src \ $(REPOSITORY)/rust-linux-darwin-builder:$(TAG) \ bash @@ -60,10 +38,10 @@ test: -v $(PWD):/root/src \ -w /root/src \ $(REPOSITORY)/rust-linux-darwin-builder:$(TAG) \ - bash -c 'set -eu; make test-ci; make test-openssl' + bash -c 'set -eu; make test-app; make test-zlib; make test-openssl' .PHONY: test -test-ci: +test-app: @echo "Checking Debian version..." @cat /etc/debian_version @echo @@ -116,7 +94,7 @@ test-ci: && cargo build --release --target aarch64-apple-darwin \ && du -sh target/aarch64-apple-darwin/release/hello-world-test \ && file target/aarch64-apple-darwin/release/hello-world-test -.ONESHELL: test-ci +.ONESHELL: test-app test-zlib: @echo "Checking Debian version..." @@ -193,7 +171,8 @@ test-openssl: echo; \ \ echo "Compiling application (linux-musl x86_64)..."; \ - cargo build --release --target x86_64-unknown-linux-musl; \ + OPENSSL_STATIC=1 \ + cargo build --release --target x86_64-unknown-linux-musl; \ target/x86_64-unknown-linux-musl/release/openssl; \ du -sh target/x86_64-unknown-linux-musl/release/openssl; \ file target/x86_64-unknown-linux-musl/release/openssl; \ @@ -209,22 +188,17 @@ test-openssl: && echo \ \ && echo "Cross-compiling application (linux-musl aarch64)..." \ - && cargo build --release --target aarch64-unknown-linux-musl \ - && if [ "$$(uname -m)" = "arm64" ]; then \ - target/aarch64-unknown-linux-musl/release/openssl; \ - fi \ + && OPENSSL_STATIC=1 \ + cargo build --release --target aarch64-unknown-linux-musl \ && du -sh target/aarch64-unknown-linux-musl/release/openssl \ && file target/aarch64-unknown-linux-musl/release/openssl \ && echo \ \ && echo "Cross-compiling application (apple-darwin aarch64)..." \ - && CC=oa64-clang CXX=oa64-clang++ \ + && OPENSSL_STATIC=1 \ + CC=oa64-clang CXX=oa64-clang++ \ cargo build --release --target aarch64-apple-darwin \ - && if [ "$$(uname -m)" = "arm64" ]; then \ - target/aarch64-apple-darwin/release/openssl; \ - fi \ && du -sh target/aarch64-apple-darwin/release/openssl \ && file target/aarch64-apple-darwin/release/openssl \ && echo \ - && echo "Cross-compiling done." .ONESHELL: test-openssl diff --git a/Dockerfile.cross b/docker/amd64/Dockerfile similarity index 78% rename from Dockerfile.cross rename to docker/amd64/Dockerfile index ac7392f..dabe150 100644 --- a/Dockerfile.cross +++ b/docker/amd64/Dockerfile @@ -93,10 +93,6 @@ RUN set -eux \ && curl -LO "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" \ && true -# We point /usr/local/musl/include/linux at some Linux kernel headers (not -# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine" -# component. It's possible that this will cause bizarre and terrible things to -# happen. There may be "sanitized" header RUN set -eux \ && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ && cd "openssl-${OPENSSL_VERSION}" \ @@ -138,9 +134,6 @@ RUN set -eux \ && echo "Building OpenSSL ${OPENSSL_VERSION} for aarch64..." \ && ls /usr/include/linux \ && mkdir -p /usr/local/aarch64-linux-gnu/include \ - # && ln -s /usr/include/linux /usr/local/aarch64-linux-gnu/include/linux \ - # && ln -s "/usr/include/aarch64-linux-gnu/asm" /usr/local/aarch64-linux-gnu/include/asm \ - # && ln -s /usr/include/asm-generic /usr/local/aarch64-linux-gnu/include/asm-generic \ && env CC=aarch64-linux-gnu-gcc ./Configure no-shared no-zlib \ -fPIC --prefix=/usr/local/aarch64-linux-gnu \ -DOPENSSL_NO_SECURE_MEMORY -mno-outline-atomics "linux-aarch64" \ @@ -158,6 +151,44 @@ RUN set -eux \ && rm -rf "openssl-${OPENSSL_VERSION}" \ && true +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for MACOS aarch64..." \ + && mkdir -p /usr/local/aarch64-apple-darwin/include \ + && env CC=oa64-clang \ + ./Configure no-asm no-shared no-zlib no-tests no-fuzz-libfuzzer no-fuzz-afl \ + -fPIC --prefix=/usr/local/aarch64-apple-darwin \ + -DOPENSSL_NO_SECURE_MEMORY "darwin64-arm64-cc" \ + && make -j$(nproc) build_libs \ + && make -j$(nproc) install_dev \ + && rm -rf \ + /usr/local/aarch64-apple-darwin/include/asm \ + /usr/local/aarch64-apple-darwin/include/asm-generic \ + && ls -l /usr/local/aarch64-apple-darwin \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for MACOS x86_64..." \ + && mkdir -p /usr/local/x86_64-apple-darwin/include \ + && env CC=o64-clang \ + ./Configure no-asm no-shared no-zlib no-tests no-fuzz-libfuzzer no-fuzz-afl \ + -fPIC --prefix=/usr/local/x86_64-apple-darwin \ + -DOPENSSL_NO_SECURE_MEMORY "darwin64-x86_64-cc" \ + && make -j$(nproc) build_libs \ + && make -j$(nproc) install_dev \ + && rm -rf \ + /usr/local/x86_64-apple-darwin/include/asm \ + /usr/local/x86_64-apple-darwin/include/asm-generic \ + && ls -l /usr/local/x86_64-apple-darwin \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + RUN set -eux \ && echo "Testing musl-gcc with OpenSSL..." \ && openssl version \ @@ -171,10 +202,12 @@ RUN set -eux \ WORKDIR /root # OpenSSL related environment variables -ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/x86_64-linux-musl -ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/aarch64-linux-gnu ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 +ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/x86_64-linux-musl +ENV X86_64_APPLE_DARWIN_OPENSSL_DIR=/usr/local/x86_64-apple-darwin ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 +ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/aarch64-linux-gnu +ENV AARCH64_APPLE_DARWIN_OPENSSL_DIR=/usr/local/aarch64-apple-darwin # pkg-config related environment variables ENV PKG_CONFIG_ALLOW_CROSS=true \ diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile new file mode 100644 index 0000000..dabe150 --- /dev/null +++ b/docker/arm64/Dockerfile @@ -0,0 +1,224 @@ +FROM joseluisq/docker-osxcross:1.0.0-beta.1 + +ARG VERSION=0.0.0 +ENV VERSION=${VERSION} + +LABEL version="${VERSION}" \ + description="Use same Docker image for compiling Rust programs for Linux (musl libc) & macOS (osxcross)." \ + maintainer="Jose Quintana " + +# Static linking for C++ code +RUN set -eux \ + && ln -s "/usr/bin/g++" "/usr/bin/musl-g++" \ + # Create appropriate directories for current user + && mkdir -p /root/libs /root/src \ + && true + +ENV PATH=/root/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH + +##### Rust toolchains + +# Rust/Cargo related environment variables +ENV TARGET=musl +# Crate-related environment variables +ENV LIBZ_SYS_STATIC=1 + +# Rust stable toolchain +ARG TOOLCHAIN=1.87.0 + +RUN set -eux \ + && curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain=$TOOLCHAIN \ + && rustup target add \ + aarch64-apple-darwin \ + aarch64-unknown-linux-gnu \ + aarch64-unknown-linux-musl \ + x86_64-apple-darwin \ + x86_64-unknown-linux-musl \ + && true + +COPY cargo/config.toml /root/.cargo/config.toml + +RUN set -eux \ + && rustc -vV \ + && cargo -vV \ + && true + +##### Libraries + +# zlib - http://zlib.net/ +ARG ZLIB_VERSION=1.3.1 + +WORKDIR /tmp + +RUN set -eux \ + && echo "Downloading zlib ${ZLIB_VERSION}..." \ + && cd /tmp \ + && curl -LO "https://www.zlib.net/fossils/zlib-${ZLIB_VERSION}.tar.gz" \ + && tar xzf "zlib-${ZLIB_VERSION}.tar.gz" \ + && rm -rf "zlib-${ZLIB_VERSION}.tar.gz" \ + && true + +WORKDIR /tmp/zlib-${ZLIB_VERSION} + +# x86_64 glibc +RUN set -eux \ + && make distclean \ + && CC=gcc ./configure --prefix=/usr/local/x86_64-linux-gnu \ + && make -j$(nproc) \ + && make install \ + && true + +# arm64 glibc +RUN set -eux \ + && make distclean \ + && CC=aarch64-linux-gnu-gcc ./configure --prefix=/usr/local/aarch64-linux-gnu \ + && make -j$(nproc) \ + && make install \ + && true + +# x86_64 musl +RUN set -eux \ + && make distclean \ + && CC=musl-gcc ./configure --static --prefix=/usr/local/x86_64-linux-musl \ + && make -j$(nproc) \ + && make install \ + && true + +WORKDIR /tmp + +# OpenSSL 3.5.3 - https://github.com/openssl/openssl/releases +ARG OPENSSL_VERSION=3.5.3 + +RUN set -eux \ + && curl -LO "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" \ + && true + +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for x86_64..." \ + && ls /usr/include/linux \ + && mkdir -p /usr/local/x86_64-linux-musl/include \ + && ln -s /usr/include/linux /usr/local/x86_64-linux-musl/include/linux \ + && ln -s "/usr/include/x86_64-linux-gnu/asm" /usr/local/x86_64-linux-musl/include/asm \ + && ln -s /usr/include/asm-generic /usr/local/x86_64-linux-musl/include/asm-generic \ + && env CC=musl-gcc ./Configure no-shared no-zlib \ + -fPIC --prefix=/usr/local/x86_64-linux-musl \ + -DOPENSSL_NO_SECURE_MEMORY "linux-x86_64" \ + && env C_INCLUDE_PATH=/usr/local/x86_64-linux-musl/include/ make depend \ + && env C_INCLUDE_PATH=/usr/local/x86_64-linux-musl/include/ make -j$(nproc) \ + && make -j$(nproc) install_sw \ + && make -j$(nproc) install_ssldirs \ + && openssl version \ + && rm -rf \ + /usr/local/x86_64-linux-musl/include/linux \ + /usr/local/x86_64-linux-musl/include/asm \ + /usr/local/x86_64-linux-musl/include/asm-generic \ + && ls -l /usr/local/x86_64-linux-musl \ + && if ! [ -d /usr/local/x86_64-linux-musl/lib ]; then \ + ln -s /usr/local/x86_64-linux-musl/lib64 /usr/local/x86_64-linux-musl/lib; \ + else \ + mv /usr/local/x86_64-linux-musl/lib /usr/local/x86_64-linux-musl/abc; \ + mv /usr/local/x86_64-linux-musl/lib64 /usr/local/x86_64-linux-musl/lib; \ + cp -rp /usr/local/x86_64-linux-musl/abc/. /usr/local/x86_64-linux-musl/lib/; \ + unlink /usr/local/x86_64-linux-musl/lib/lib64; \ + rm -rf /usr/local/x86_64-linux-musl/abc; \ + fi \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for aarch64..." \ + && ls /usr/include/linux \ + && mkdir -p /usr/local/aarch64-linux-gnu/include \ + && env CC=aarch64-linux-gnu-gcc ./Configure no-shared no-zlib \ + -fPIC --prefix=/usr/local/aarch64-linux-gnu \ + -DOPENSSL_NO_SECURE_MEMORY -mno-outline-atomics "linux-aarch64" \ + && env C_INCLUDE_PATH=/usr/local/aarch64-linux-gnu/include/ make depend \ + && env C_INCLUDE_PATH=/usr/local/aarch64-linux-gnu/include/ make -j$(nproc) \ + && make -j$(nproc) install_sw \ + && make -j$(nproc) install_ssldirs \ + && openssl version \ + && rm -rf \ + /usr/local/aarch64-linux-gnu/include/linux \ + /usr/local/aarch64-linux-gnu/include/asm \ + /usr/local/aarch64-linux-gnu/include/asm-generic \ + && ls -l /usr/local/aarch64-linux-gnu \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for MACOS aarch64..." \ + && mkdir -p /usr/local/aarch64-apple-darwin/include \ + && env CC=oa64-clang \ + ./Configure no-asm no-shared no-zlib no-tests no-fuzz-libfuzzer no-fuzz-afl \ + -fPIC --prefix=/usr/local/aarch64-apple-darwin \ + -DOPENSSL_NO_SECURE_MEMORY "darwin64-arm64-cc" \ + && make -j$(nproc) build_libs \ + && make -j$(nproc) install_dev \ + && rm -rf \ + /usr/local/aarch64-apple-darwin/include/asm \ + /usr/local/aarch64-apple-darwin/include/asm-generic \ + && ls -l /usr/local/aarch64-apple-darwin \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + +RUN set -eux \ + && tar xvzf "openssl-${OPENSSL_VERSION}.tar.gz" \ + && cd "openssl-${OPENSSL_VERSION}" \ + && echo "Building OpenSSL ${OPENSSL_VERSION} for MACOS x86_64..." \ + && mkdir -p /usr/local/x86_64-apple-darwin/include \ + && env CC=o64-clang \ + ./Configure no-asm no-shared no-zlib no-tests no-fuzz-libfuzzer no-fuzz-afl \ + -fPIC --prefix=/usr/local/x86_64-apple-darwin \ + -DOPENSSL_NO_SECURE_MEMORY "darwin64-x86_64-cc" \ + && make -j$(nproc) build_libs \ + && make -j$(nproc) install_dev \ + && rm -rf \ + /usr/local/x86_64-apple-darwin/include/asm \ + /usr/local/x86_64-apple-darwin/include/asm-generic \ + && ls -l /usr/local/x86_64-apple-darwin \ + && cd .. \ + && rm -rf "openssl-${OPENSSL_VERSION}" \ + && true + +RUN set -eux \ + && echo "Testing musl-gcc with OpenSSL..." \ + && openssl version \ + && echo "int main(){return 0;}" | \ + musl-gcc -o test -x c - \ + -I/usr/local/x86_64-linux-musl/include \ + -L/usr/local/x86_64-linux-musl/lib \ + -lssl -lcrypto \ + && true + +WORKDIR /root + +# OpenSSL related environment variables +ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 +ENV X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/x86_64-linux-musl +ENV X86_64_APPLE_DARWIN_OPENSSL_DIR=/usr/local/x86_64-apple-darwin +ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_STATIC=1 +ENV AARCH64_UNKNOWN_LINUX_MUSL_OPENSSL_DIR=/usr/local/aarch64-linux-gnu +ENV AARCH64_APPLE_DARWIN_OPENSSL_DIR=/usr/local/aarch64-apple-darwin + +# pkg-config related environment variables +ENV PKG_CONFIG_ALLOW_CROSS=true \ + PKG_CONFIG_ALL_STATIC=true + +RUN set -eux \ + && echo "Removing temp files..." \ + && rm -rf *~ taballs *.tar.xz \ + && rm -rf /tmp/* \ + && true + +WORKDIR /root/src + +CMD ["bash"]