Support all DB's for Alpine and Debian

- Using my own rust-musl build containers we now support all database types for both Debian and Alpine. - Added new Alpine containers for armv6 and arm64/aarch64 - The Debian builds can also be done wihout dpkg magic stuff, probably some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in any case, it works now without hacking dpkg and apt. - Updated toolchain and crates
dani-garcia · Dec 26, 2021 · 5b430f2 · 5b430f2
1 parent 6bf8a9d
commit 5b430f2
Show file tree

Hide file tree

Showing 22 changed files with 830 additions and 433 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -34,7 +34,7 @@ rocket = { version = "=0.5.0-dev", features = ["tls"], default-features = false
 rocket_contrib = "=0.5.0-dev"
 
 # HTTP client
-reqwest = { version = "0.11.7", features = ["blocking", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] }
+reqwest = { version = "0.11.8", features = ["blocking", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] }
 
 # Used for custom short lived cookie jar
 cookie = "0.15.1"
@@ -55,8 +55,8 @@ rmpv = "1.0.0"
 chashmap = "2.2.2"
 
 # A generic serialization/deserialization framework
-serde = { version = "1.0.130", features = ["derive"] }
-serde_json = "1.0.72"
+serde = { version = "1.0.132", features = ["derive"] }
+serde_json = "1.0.73"
 
 # Logging
 log = "0.4.14"
@@ -78,7 +78,7 @@ uuid = { version = "0.8.2", features = ["v4"] }
 
 # Date and time libraries
 chrono = { version = "0.4.19", features = ["serde"] }
-chrono-tz = "0.6.0"
+chrono-tz = "0.6.1"
 time = "0.2.27"
 
 # Job scheduler
@@ -95,7 +95,7 @@ jsonwebtoken = "7.2.0"
 
 # U2F library
 u2f = "0.2.0"
-webauthn-rs = "0.3.0"
+webauthn-rs = "0.3.1"
 
 # Yubico Library
 yubico = { version = "0.10.0", features = ["online-tokio"], default-features = false }
@@ -104,7 +104,7 @@ yubico = { version = "0.10.0", features = ["online-tokio"], default-features = f
 dotenv = { version = "0.15.0", default-features = false }
 
 # Lazy initialization
-once_cell = "1.8.0"
+once_cell = "1.9.0"
 
 # Numerical libraries
 num-traits = "0.2.14"
@@ -115,7 +115,7 @@ tracing = { version = "0.1.29", features = ["log"] } # Needed to have lettre tra
 lettre = { version = "0.10.0-rc.4", features = ["smtp-transport", "builder", "serde", "native-tls", "hostname", "tracing"], default-features = false }
 
 # Template library
-handlebars = { version = "4.1.5", features = ["dir_source"] }
+handlebars = { version = "4.1.6", features = ["dir_source"] }
 
 # For favicon extraction from main website
 html5ever = "0.25.1"

diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2
@@ -3,16 +3,24 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 
-{% set build_stage_base_image = "rust:1.55-buster" %}
+{% set build_stage_base_image = "rust:1.57-buster" %}
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
-{%     set build_stage_base_image = "clux/muslrust:nightly-2021-10-23" %}
-{%     set runtime_stage_base_image = "alpine:3.14" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-nightly-2021-12-25" %}
+{%     set runtime_stage_base_image = "alpine:3.15" %}
 {%     set package_arch_target = "x86_64-unknown-linux-musl" %}
 {%   elif "armv7" in target_file %}
-{%     set build_stage_base_image = "messense/rust-musl-cross:armv7-musleabihf" %}
-{%     set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.14" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-nightly-2021-12-25" %}
+{%     set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.15" %}
 {%     set package_arch_target = "armv7-unknown-linux-musleabihf" %}
+{%   elif "armv6" in target_file %}
+{%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-nightly-2021-12-25" %}
+{%     set runtime_stage_base_image = "balenalib/rpi-alpine:3.15" %}
+{%     set package_arch_target = "arm-unknown-linux-musleabi" %}
+{%   elif "arm64" in target_file %}
+{%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-nightly-2021-12-25" %}
+{%     set runtime_stage_base_image = "balenalib/aarch64-alpine:3.15" %}
+{%     set package_arch_target = "aarch64-unknown-linux-musl" %}
 {%   endif %}
 {% elif "amd64" in target_file %}
 {%   set runtime_stage_base_image = "debian:buster-slim" %}
@@ -75,22 +83,7 @@ FROM vaultwarden/web-vault@{{ vault_image_digest }} as vault
 ########################## BUILD IMAGE  ##########################
 FROM {{ build_stage_base_image }} as build
 
-{% if "alpine" in target_file %}
-{%   if "amd64" in target_file %}
-# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time.
-ARG DB=sqlite,postgresql
-{%     set features = "sqlite,postgresql" %}
-{%   else %}
-# Alpine-based ARM (musl) only supports sqlite during compile time.
-# We now also need to add vendored_openssl, because the current base image we use to build has OpenSSL removed.
-ARG DB=sqlite,vendored_openssl
-{%     set features = "sqlite" %}
-{%   endif %}
-{% else %}
-# Debian-based builds support multidb
-ARG DB=sqlite,mysql,postgresql
-{%   set features = "sqlite,mysql,postgresql" %}
-{% endif %}
+
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -118,51 +111,32 @@ ENV RUSTFLAGS='-C link-arg=-s'
 ENV CFLAGS_armv7_unknown_linux_musleabihf="-mfpu=vfpv3-d16"
 {%   endif %}
 {% elif "arm" in target_file %}
-# NOTE: Any apt-get/dpkg after this stage will fail because of broken dependencies.
-# For Diesel-RS migrations_macros to compile with MySQL/MariaDB we need to do some magic.
-# We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client)
-# We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the {{ package_arch_prefix }} version.
-# What we can do is a force install, because nothing important is overlapping each other.
 #
 # Install required build libs for {{ package_arch_name }} architecture.
-# To compile both mysql and postgresql we need some extra packages for both host arch and target arch
-RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > /etc/apt/sources.list.d/deb-src.list \
-    && dpkg --add-architecture {{ package_arch_name }} \
+# hadolint ignore=DL3059
+RUN dpkg --add-architecture {{ package_arch_name }} \
     && apt-get update \
     && apt-get install -y \
         --no-install-recommends \
         libssl-dev{{ package_arch_prefix }} \
         libc6-dev{{ package_arch_prefix }} \
         libpq5{{ package_arch_prefix }} \
-        libpq-dev \
-        libmariadb3:amd64 \
+        libpq-dev{{ package_arch_prefix }} \
+        libmariadb3{{ package_arch_prefix }} \
         libmariadb-dev{{ package_arch_prefix }} \
         libmariadb-dev-compat{{ package_arch_prefix }} \
         gcc-{{ package_cross_compiler }} \
     #
-    # Manual install libmariadb-dev-compat:amd64 ( After this broken dependencies will break apt )
-    && apt-get download libmariadb-dev-compat:amd64 \
-    && dpkg --force-all -i ./libmariadb-dev-compat*.deb \
-    && rm -rvf ./libmariadb-dev-compat*.deb \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/* \
-    #
-    # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic.
-    # The libpq5{{ package_arch_prefix }} package seems to not provide a symlink to libpq.so.5 with the name libpq.so.
-    # This is only provided by the libpq-dev package which can't be installed for both arch at the same time.
-    # Without this specific file the ld command will fail and compilation fails with it.
-    && ln -sfnr /usr/lib/{{ package_cross_compiler }}/libpq.so.5 /usr/lib/{{ package_cross_compiler }}/libpq.so \
-    #
     # Make sure cargo has the right target config
     && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \
     && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \
     && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config"
 
 # Set arm specific environment values
-ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc"
-ENV CROSS_COMPILE="1"
-ENV OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}"
-ENV OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}"
+ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \
+    CROSS_COMPILE="1" \
+    OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \
+    OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}"
 
 {% elif "amd64" in target_file %}
 # Install DB packages
@@ -188,6 +162,9 @@ COPY ./build.rs ./build.rs
 RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }}
 {% endif %}
 
+# Configure the DB ARG as late as possible to not invalidate the cached layers above
+ARG DB=sqlite,mysql,postgresql
+
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
@@ -203,6 +180,7 @@ RUN touch src/main.rs
 
 # Builds again, this time it'll just be
 # your actual source files being built
+# hadolint ignore=DL3059
 RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }}
 {% if "alpine" in target_file %}
 {%   if "armv7" in target_file %}
@@ -216,13 +194,14 @@ RUN musl-strip target/{{ package_arch_target }}/release/vaultwarden
 # because we already have a binary built
 FROM {{ runtime_stage_base_image }}
 
-ENV ROCKET_ENV "staging"
-ENV ROCKET_PORT=80
-ENV ROCKET_WORKERS=10
-{% if "alpine" in runtime_stage_base_image %}
-ENV SSL_CERT_DIR=/etc/ssl/certs
+ENV ROCKET_ENV="staging" \
+    ROCKET_PORT=80 \
+    ROCKET_WORKERS=10
+{%- if "alpine" in runtime_stage_base_image %} \
+    SSL_CERT_DIR=/etc/ssl/certs
 {% endif %}
 
+
 {% if "amd64" not in target_file %}
 # hadolint ignore=DL3059
 RUN [ "cross-build-start" ]
@@ -236,12 +215,6 @@ RUN mkdir /data \
         tzdata \
         curl \
         dumb-init \
-{%   if "mysql" in features %}
-        mariadb-connector-c \
-{%   endif %}
-{%   if "postgresql" in features %}
-        postgresql-libs \
-{%   endif %}
         ca-certificates
 {% else %}
     && apt-get update && apt-get install -y \

diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile
@@ -27,10 +27,9 @@
 FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.55-buster as build
+FROM rust:1.57-buster as build
+
 
-# Debian-based builds support multidb
-ARG DB=sqlite,mysql,postgresql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -64,6 +63,9 @@ COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 
 
+# Configure the DB ARG as late as possible to not invalidate the cached layers above
+ARG DB=sqlite,mysql,postgresql
+
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
@@ -79,16 +81,17 @@ RUN touch src/main.rs
 
 # Builds again, this time it'll just be
 # your actual source files being built
+# hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release
 
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM debian:buster-slim
 
-ENV ROCKET_ENV "staging"
-ENV ROCKET_PORT=80
-ENV ROCKET_WORKERS=10
+ENV ROCKET_ENV="staging" \
+    ROCKET_PORT=80 \
+    ROCKET_WORKERS=10
 
 
 # Create data folder and Install needed libraries

diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine
@@ -27,10 +27,9 @@
 FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM clux/muslrust:nightly-2021-10-23 as build
+FROM blackdex/rust-musl:x86_64-musl-nightly-2021-12-25 as build
+
 
-# Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time.
-ARG DB=sqlite,postgresql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -58,6 +57,9 @@ COPY ./build.rs ./build.rs
 
 RUN rustup target add x86_64-unknown-linux-musl
 
+# Configure the DB ARG as late as possible to not invalidate the cached layers above
+ARG DB=sqlite,mysql,postgresql
+
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
@@ -73,17 +75,19 @@ RUN touch src/main.rs
 
 # Builds again, this time it'll just be
 # your actual source files being built
+# hadolint ignore=DL3059
 RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
 
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
-FROM alpine:3.14
+FROM alpine:3.15
+
+ENV ROCKET_ENV="staging" \
+    ROCKET_PORT=80 \
+    ROCKET_WORKERS=10 \
+    SSL_CERT_DIR=/etc/ssl/certs
 
-ENV ROCKET_ENV "staging"
-ENV ROCKET_PORT=80
-ENV ROCKET_WORKERS=10
-ENV SSL_CERT_DIR=/etc/ssl/certs
 
 
 # Create data folder and Install needed libraries
@@ -93,7 +97,6 @@ RUN mkdir /data \
         tzdata \
         curl \
         dumb-init \
-        postgresql-libs \
         ca-certificates
 
 

diff --git a/docker/amd64/Dockerfile.buildx b/docker/amd64/Dockerfile.buildx
@@ -27,10 +27,9 @@
 FROM vaultwarden/web-vault@sha256:0df389deac9e83c739a1f4ff595f12f493b6c27cb4a22bb8fcaba9dc49b9b527 as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.55-buster as build
+FROM rust:1.57-buster as build
+
 
-# Debian-based builds support multidb
-ARG DB=sqlite,mysql,postgresql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \
@@ -64,6 +63,9 @@ COPY ./rust-toolchain ./rust-toolchain
 COPY ./build.rs ./build.rs
 
 
+# Configure the DB ARG as late as possible to not invalidate the cached layers above
+ARG DB=sqlite,mysql,postgresql
+
 # Builds your dependencies and removes the
 # dummy project, except the target folder
 # This folder contains the compiled dependencies
@@ -79,16 +81,17 @@ RUN touch src/main.rs
 
 # Builds again, this time it'll just be
 # your actual source files being built
+# hadolint ignore=DL3059
 RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release
 
 ######################## RUNTIME IMAGE  ########################
 # Create a new stage with a minimal image
 # because we already have a binary built
 FROM debian:buster-slim
 
-ENV ROCKET_ENV "staging"
-ENV ROCKET_PORT=80
-ENV ROCKET_WORKERS=10
+ENV ROCKET_ENV="staging" \
+    ROCKET_PORT=80 \
+    ROCKET_WORKERS=10
 
 
 # Create data folder and Install needed libraries