DEV: use consistent third-party installation method (#610)

* DEV: use consistent third-party installation method

* FIX: slim base image build on aarch64

diff --git a/image/base/cron.d_anacron b/image/base/etc/cron.d/cron.d_anacron
similarity index 100%
rename from image/base/cron.d_anacron
rename to image/base/etc/cron.d/cron.d_anacron

diff --git a/image/base/runit-1 b/image/base/etc/runit/1
similarity index 100%
rename from image/base/runit-1
rename to image/base/etc/runit/1

diff --git a/image/base/runit-1.d-00-fix-var-logs b/image/base/etc/runit/1.d/00-fix-var-logs
similarity index 100%
rename from image/base/runit-1.d-00-fix-var-logs
rename to image/base/etc/runit/1.d/00-fix-var-logs

diff --git a/image/base/runit-1.d-anacron b/image/base/etc/runit/1.d/anacron
similarity index 100%
rename from image/base/runit-1.d-anacron
rename to image/base/etc/runit/1.d/anacron

diff --git a/image/base/runit-1.d-cleanup-pids b/image/base/etc/runit/1.d/cleanup-pids
similarity index 100%
rename from image/base/runit-1.d-cleanup-pids
rename to image/base/etc/runit/1.d/cleanup-pids

diff --git a/image/base/runit-2 b/image/base/etc/runit/2
similarity index 100%
rename from image/base/runit-2
rename to image/base/etc/runit/2

diff --git a/image/base/runit-3 b/image/base/etc/runit/3
similarity index 100%
rename from image/base/runit-3
rename to image/base/etc/runit/3

diff --git a/image/base/cron b/image/base/etc/service/cron/run
similarity index 100%
rename from image/base/cron
rename to image/base/etc/service/cron/run

diff --git a/image/base/rsyslog b/image/base/etc/service/rsyslog/run
similarity index 100%
rename from image/base/rsyslog
rename to image/base/etc/service/rsyslog/run

diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick
index b2f56663c0d1d61bf45df4c22aacffcaeedaa91d..71700e159ba3ae51dd919fbc0ed48a46ca0776f9 100755 (executable)
--- a/image/base/install-imagemagick
+++ b/image/base/install-imagemagick
@@ -13,11 +13,11 @@ WDIR=/tmp/imagemagick
 
 # Install build deps
 apt -y -q remove imagemagick
-apt -y -q install git make gcc pkg-config autoconf curl g++ \
-    yasm cmake \
+apt -y -q install git make gcc pkg-config autoconf curl g++ yasm cmake \
     libde265-0 libde265-dev ${LIBJPEGTURBO} x265 libx265-dev libtool \
-    libpng16-16 libpng-dev ${LIBJPEGTURBO} libwebp6 libwebp-dev libgomp1 libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils \
-    libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev
+    libpng16-16 libpng-dev ${LIBJPEGTURBO} libwebp6 libwebp-dev libgomp1 \
+    libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils \
+    libltdl7-dev libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev
 
 # Use backports instead of compiling it
 apt -y -q install -t bullseye-backports libheif1 libaom-dev libheif-dev
@@ -26,7 +26,7 @@ mkdir -p $WDIR
 cd $WDIR
 
 # Build and install ImageMagick
-wget -O $WDIR/ImageMagick.tar.gz "https://github.com/ImageMagick/ImageMagick/archive/$IMAGE_MAGICK_VERSION.tar.gz"
+wget -q -O $WDIR/ImageMagick.tar.gz "https://github.com/ImageMagick/ImageMagick/archive/$IMAGE_MAGICK_VERSION.tar.gz"
 sha256sum $WDIR/ImageMagick.tar.gz
 echo "$IMAGE_MAGICK_HASH $WDIR/ImageMagick.tar.gz" | sha256sum -c
 IMDIR=$WDIR/$(tar tzf $WDIR/ImageMagick.tar.gz --wildcards "ImageMagick-*/configure" |cut -d/ -f1)
@@ -58,3 +58,6 @@ make all && make install
 cd $HOME
 rm -rf $WDIR
 ldconfig /usr/local/lib
+
+# Validate ImageMagick install
+test $(convert -version | grep -o -e png -e tiff -e jpeg -e freetype -e heic -e webp | wc -l) -eq 6

diff --git a/image/base/install-jemalloc b/image/base/install-jemalloc
new file mode 100755 (executable)
index 0000000..7d20c09
--- /dev/null
+++ b/image/base/install-jemalloc
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -e
+
+# version check: https://github.com/jemalloc/jemalloc/releases
+
+# jemalloc stable
+mkdir /jemalloc-stable
+cd /jemalloc-stable
+
+wget -q https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2
+sha256sum jemalloc-3.6.0.tar.bz2
+echo "e16c2159dd3c81ca2dc3b5c9ef0d43e1f2f45b04548f42db12e7c12d7bdf84fe jemalloc-3.6.0.tar.bz2" | sha256sum -c
+tar --strip-components=1 -xjf jemalloc-3.6.0.tar.bz2
+./configure --prefix=/usr && make && make install
+cd / && rm -rf /jemalloc-stable
+
+# jemalloc new
+mkdir /jemalloc-new
+cd /jemalloc-new
+
+wget -q https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
+sha256sum jemalloc-5.2.1.tar.bz2
+echo "34330e5ce276099e2e8950d9335db5a875689a4c6a56751ef3b1d8c537f887f6 jemalloc-5.2.1.tar.bz2" | sha256sum -c
+tar --strip-components=1 -xjf jemalloc-5.2.1.tar.bz2 
+./configure --prefix=/usr --with-install-suffix=5.2.1 && make build_lib && make install_lib
+cd / && rm -rf /jemalloc-new

diff --git a/image/base/install-nginx b/image/base/install-nginx
index 0a6eb2286401776f227eb7091d97d6254a7bd29a..a1616c804d9fcaa7c15f927644412f1e189c6dd0 100755 (executable)
--- a/image/base/install-nginx
+++ b/image/base/install-nginx
@@ -5,17 +5,15 @@ set -e
 VERSION=1.21.6
 HASH="66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae"
 
-apt install -y autoconf
-
 cd /tmp
-curl -O https://nginx.org/download/nginx-$VERSION.tar.gz
+wget -q https://nginx.org/download/nginx-$VERSION.tar.gz
 sha256sum nginx-$VERSION.tar.gz
 echo "$HASH nginx-$VERSION.tar.gz" | sha256sum -c
 tar zxf nginx-$VERSION.tar.gz
 cd nginx-$VERSION
 
 # nginx-common for boilerplate files etc.
-apt install -y nginx-common libpcre3 libpcre3-dev zlib1g zlib1g-dev
+apt install -y nginx-common
 
 cd /tmp
 # this is the reason we are compiling by hand...

diff --git a/image/base/install-oxipng b/image/base/install-oxipng
new file mode 100755 (executable)
index 0000000..93b30b2
--- /dev/null
+++ b/image/base/install-oxipng
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+# version check: https://github.com/shssoichiro/oxipng/releases
+OXIPNG_VERSION="5.0.1"
+OXIPNG_FILE="oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz"
+OXIPNG_HASH="89240cfd863f8007ab3ad95d88dc2ce15fc003a0421508728d73fec1375f19b6"
+
+# Install other deps
+apt -y -q install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng
+
+mkdir /oxipng-install
+cd /oxipng-install
+
+wget -q https://github.com/shssoichiro/oxipng/releases/download/v${OXIPNG_VERSION}/${OXIPNG_FILE}
+sha256sum ${OXIPNG_FILE}
+echo "${OXIPNG_HASH} ${OXIPNG_FILE}" | sha256sum -c
+
+tar --strip-components=1 -xzf $OXIPNG_FILE
+cp -v ./oxipng /usr/local/bin
+cd / && rm -fr /oxipng-install

diff --git a/image/base/install-redis b/image/base/install-redis
index 8c2b62e4e2e42fd0080b7ad016c7819c1432ef4e..10dde863f5405643114d6ce8227b3a7f8cd90d96 100755 (executable)
--- a/image/base/install-redis
+++ b/image/base/install-redis
@@ -7,7 +7,7 @@ REDIS_HASH="5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab"
 
 cd /tmp
 # Prepare Redis source.
-wget http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz
+wget -q http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz
 sha256sum redis-$REDIS_VERSION.tar.gz
 echo "$REDIS_HASH redis-$REDIS_VERSION.tar.gz" | sha256sum -c
 

diff --git a/image/base/install-ruby b/image/base/install-ruby
new file mode 100755 (executable)
index 0000000..0ad7cca
--- /dev/null
+++ b/image/base/install-ruby
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+RUBY_VERSION="2.7.5"
+
+mkdir /src 
+git -C /src clone https://github.com/rbenv/ruby-build.git
+cd /src/ruby-build && ./install.sh
+cd / && rm -fr /src
+
+ruby-build ${RUBY_VERSION} /usr/local

diff --git a/image/base/boot b/image/base/sbin/boot
similarity index 100%
rename from image/base/boot
rename to image/base/sbin/boot

diff --git a/image/base/slim.Dockerfile b/image/base/slim.Dockerfile
index 6ddf68f958c00be8b0d3d66abe3781b66c7d40ae..ed1035a72640a71b739ebf4dc4f23f81fde95129 100644 (file)
--- a/image/base/slim.Dockerfile
+++ b/image/base/slim.Dockerfile
@@ -11,11 +11,9 @@ ENV RAILS_ENV production
 RUN echo 2.0.`date +%Y%m%d` > /VERSION
 
 RUN echo 'deb http://deb.debian.org/debian bullseye-backports main' > /etc/apt/sources.list.d/bullseye-backports.list
-RUN apt update && apt install -y gnupg sudo curl
 RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
-RUN apt update && apt -y install fping
+RUN apt update && apt -y install gnupg sudo curl fping
 RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt update || true"
-RUN apt -y install software-properties-common
 RUN apt-mark hold initscripts
 RUN apt -y upgrade
 
@@ -34,9 +32,10 @@ RUN apt -y update
 # install these without recommends to avoid pulling in e.g.
 # X11 libraries, mailutils
 RUN apt -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
-RUN apt -y install build-essential ca-certificates rsync \
+RUN apt -y install autoconf build-essential ca-certificates rsync \
                        libxslt-dev libcurl4-openssl-dev \
                        libssl-dev libyaml-dev libtool \
+                       libpcre3 libpcre3-dev zlib1g zlib1g-dev \
                        libxml2-dev gawk parallel \
                        postgresql-${PG_MAJOR} postgresql-client-${PG_MAJOR} \
                        postgresql-contrib-${PG_MAJOR} libpq-dev libreadline-dev \
@@ -59,47 +58,30 @@ RUN cd / &&\
     npm install -g terser &&\
     npm install -g uglify-js
 
+ADD install-imagemagick /tmp/install-imagemagick
+RUN /tmp/install-imagemagick
+
+ADD install-jemalloc /tmp/install-jemalloc
+RUN /tmp/install-jemalloc
+
 ADD install-nginx /tmp/install-nginx
 RUN /tmp/install-nginx
 
-RUN apt -y install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng
-
-RUN mkdir /oxipng-install && cd /oxipng-install &&\
-      wget https://github.com/shssoichiro/oxipng/releases/download/v5.0.1/oxipng-5.0.1-x86_64-unknown-linux-musl.tar.gz &&\
-      tar -xzf oxipng-5.0.1-x86_64-unknown-linux-musl.tar.gz && cd oxipng-5.0.1-x86_64-unknown-linux-musl &&\
-      cp oxipng /usr/local/bin &&\
-      cd / && rm -rf /oxipng-install
+ADD install-oxipng /tmp/install-oxipng
+RUN /tmp/install-oxipng
 
-RUN mkdir /jemalloc-stable && cd /jemalloc-stable &&\
-      wget https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2 &&\
-      tar -xjf jemalloc-3.6.0.tar.bz2 && cd jemalloc-3.6.0 && ./configure --prefix=/usr && make && make install &&\
-      cd / && rm -rf /jemalloc-stable
+ADD install-redis /tmp/install-redis
+RUN /tmp/install-redis
 
-RUN mkdir /jemalloc-new && cd /jemalloc-new &&\
-      wget https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2 &&\
-      tar -xjf jemalloc-5.2.1.tar.bz2 && cd jemalloc-5.2.1 && ./configure --prefix=/usr --with-install-suffix=5.2.1 && make build_lib && make install_lib &&\
-      cd / && rm -rf /jemalloc-new
+ADD install-ruby /tmp/install-ruby
+RUN /tmp/install-ruby
 
 RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
-    mkdir /src && git -C /src clone https://github.com/rbenv/ruby-build.git &&\
-    cd /src/ruby-build && ./install.sh &&\
-    cd / && rm -rf /src/ruby-build && (ruby-build 2.7.5 /usr/local)
-
-RUN gem update --system
+    gem update --system
 
 RUN gem install bundler pups --force &&\
     mkdir -p /pups/bin/ &&\
-    ln -s /usr/local/bin/pups /pups/bin/pups &&\
-    rm -rf /usr/local/share/ri/2.7.5/system
-
-ADD install-redis /tmp/install-redis
-RUN /tmp/install-redis
-
-ADD install-imagemagick /tmp/install-imagemagick
-RUN /tmp/install-imagemagick
-
-# Validate install
-RUN ruby -Eutf-8 -e "v = \`convert -version\`; %w{png tiff jpeg freetype heic}.each { |f| unless v.include?(f); STDERR.puts('no ' + f +  ' support in imagemagick'); exit(-1); end }"
+    ln -s /usr/local/bin/pups /pups/bin/pups
 
 # This tool allows us to disable huge page support for our current process
 # since the flag is preserved through forks and execs it can be used on any
@@ -108,41 +90,32 @@ ADD thpoff.c /src/thpoff.c
 RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c
 
 # clean up for docker squash
-RUN   rm -fr /usr/share/man &&\
-      rm -fr /usr/share/doc &&\
-      rm -fr /usr/share/vim/vim74/tutor &&\
-      rm -fr /usr/share/vim/vim74/doc &&\
-      rm -fr /usr/share/vim/vim74/lang &&\
-      rm -fr /usr/local/share/doc &&\
-      rm -fr /usr/local/share/ruby-build &&\
-      rm -fr /root/.gem &&\
-      rm -fr /root/.npm &&\
-      rm -fr /tmp/* &&\
-      rm -fr /usr/share/vim/vim74/spell/en*
-
+RUN rm -fr /usr/share/man &&\
+    rm -fr /usr/share/doc &&\
+    rm -fr /usr/share/vim/vim74/doc &&\
+    rm -fr /usr/share/vim/vim74/lang &&\
+    rm -fr /usr/share/vim/vim74/spell/en* &&\
+    rm -fr /usr/share/vim/vim74/tutor &&\
+    rm -fr /usr/local/share/doc &&\
+    rm -fr /usr/local/share/ri &&\
+    rm -fr /usr/local/share/ruby-build &&\
+    rm -fr /var/lib/apt/lists/* &&\
+    rm -fr /root/.gem &&\
+    rm -fr /root/.npm &&\
+    rm -fr /tmp/*
 
 # this can probably be done, but I worry that people changing PG locales will have issues
 # cd /usr/share/locale && rm -fr `ls -d */ | grep -v en`
 
-RUN mkdir -p /etc/runit/3.d
-
-ADD runit-1 /etc/runit/1
-ADD runit-1.d-cleanup-pids /etc/runit/1.d/cleanup-pids
-ADD runit-1.d-anacron /etc/runit/1.d/anacron
-ADD runit-1.d-00-fix-var-logs /etc/runit/1.d/00-fix-var-logs
-ADD runit-2 /etc/runit/2
-ADD runit-3 /etc/runit/3
-ADD boot /sbin/boot
+# this is required for aarch64 which uses buildx
+# see https://github.com/docker/buildx/issues/150
+RUN rm -f /etc/service
 
-ADD cron /etc/service/cron/run
-ADD rsyslog /etc/service/rsyslog/run
-ADD cron.d_anacron /etc/cron.d/anacron
+COPY etc/  /etc
+COPY sbin/ /sbin
 
 # Discourse specific bits
 RUN useradd discourse -s /bin/bash -m -U &&\
-    mkdir -p /var/www &&\
-    cd /var/www &&\
-    git clone --depth 1 https://github.com/discourse/discourse.git &&\
-    cd discourse &&\
-    git remote set-branches --add origin tests-passed &&\
-    chown -R discourse:discourse /var/www/discourse
+    install -dm 0755 -o discourse -g discourse /var/www/discourse &&\
+    sudo -u discourse git clone --depth 1 https://github.com/discourse/discourse.git /var/www/discourse &&\
+    sudo -u discourse git -C /var/www/discourse remote set-branches --add origin tests-passed