Skip to content

Commit

Permalink
Install latest rustc/cargo where needed
Browse files Browse the repository at this point in the history
The cryptography Python package requires rustc >= 1.65.0 to build
now, and Debian only comes with 1.63.0 by default. We therefore
utilize the rustup installation script, similar to the get-pip.py
script, to get the latest version for the architectures where this
build step is needed.

In the Alpine case we never need to build the package, so remove
the rust dependency there.

In the case of i386 the rustup script is unable to correctly identify
which system it is to build for, so we need to provide this info
manually.
  • Loading branch information
JonasAlfredsson committed Aug 13, 2024
1 parent 868123b commit 607eee8
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 6 deletions.
22 changes: 19 additions & 3 deletions src/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ ENV CERTBOT_DNS_AUTHENTICATORS \
# any real need to cater to other programs/environments.
ARG PIP_BREAK_SYSTEM_PACKAGES=1

# We need to do some platfrom specific workarounds in the build script, so bring
# this information in to the build environment.
ARG TARGETPLATFORM

# Through this we gain the ability to handle certbot upgrades through
# dependabot pull requests.
COPY requirements.txt /requirements.txt
Expand All @@ -34,7 +38,6 @@ RUN set -ex && \
apt-get update && \
apt-get install -y --no-install-recommends \
build-essential \
cargo \
curl \
libffi8 \
libffi-dev \
Expand All @@ -45,6 +48,18 @@ RUN set -ex && \
python3 \
python3-dev \
&& \
# Install the latest version of rustc/cargo if we are in an architecture that
# needs to build the cryptography Python package.
if echo "$TARGETPLATFORM" | grep -E -q '^(linux/386|linux/arm64|linux/arm/v7)'; then \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | /bin/sh -s -- -y \
# For some reason the rustup script is unable to correctly identify the
# environment if we are building an i386 image on an x86_64 system, so we need
# to provide this information manually.
$(if [ "$TARGETPLATFORM" = "linux/386" ]; then \
echo "--default-host i686-unknown-linux-gnu"; \
fi) && \
. "$HOME/.cargo/env"; \
fi && \
# Install the latest version of PIP, Setuptools and Wheel.
curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 && \
# Install certbot.
Expand All @@ -54,18 +69,19 @@ RUN set -ex && \
# Remove everything that is no longer necessary.
apt-get remove --purge -y \
build-essential \
cargo \
curl \
libffi-dev \
libssl-dev \
pkg-config \
python3-dev \
&& \
if echo "$TARGETPLATFORM" | grep -E -q '^(linux/386|linux/arm64|linux/arm/v7)'; then \
rustup self uninstall -y; \
fi && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /root/.cache && \
rm -rf /root/.cargo && \
# Create new directories and set correct permissions.
mkdir -p /var/www/letsencrypt && \
mkdir -p /etc/nginx/user_conf.d && \
Expand Down
3 changes: 0 additions & 3 deletions src/Dockerfile-alpine
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@ RUN set -ex && \
# Install packages necessary during the build phase (for all architectures).
apk add --no-cache \
bash \
cargo \
curl \
findutils \
libffi \
Expand All @@ -54,14 +53,12 @@ RUN set -ex && \
pip3 install $(echo $CERTBOT_DNS_AUTHENTICATORS | sed 's/\(^\| \)/\1certbot-dns-/g') && \
# Remove everything that is no longer necessary.
apk del \
cargo \
curl \
libffi-dev \
libressl-dev \
python3-dev \
&& \
rm -rf /root/.cache && \
rm -rf /root/.cargo && \
# Create new directories and set correct permissions.
mkdir -p /var/www/letsencrypt && \
mkdir -p /etc/nginx/user_conf.d && \
Expand Down

0 comments on commit 607eee8

Please sign in to comment.