From: Gabe Pacuilla <gabe@discourse.org>
Date: Mon, 14 Mar 2022 23:22:43 +0000 (-0400)
Subject: DEV: use consistent third-party installation method (#610)
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=93906f14f4a2df88aea11340fb1b11efbc4a785f;p=discourse_docker.git
DEV: use consistent third-party installation method (#610)
* DEV: use consistent third-party installation method
* FIX: slim base image build on aarch64
---
diff --git a/image/base/cron.d_anacron b/image/base/etc/cron.d/cron.d_anacron
similarity index 100%
rename from image/base/cron.d_anacron
rename to image/base/etc/cron.d/cron.d_anacron
diff --git a/image/base/runit-1 b/image/base/etc/runit/1
similarity index 100%
rename from image/base/runit-1
rename to image/base/etc/runit/1
diff --git a/image/base/runit-1.d-00-fix-var-logs b/image/base/etc/runit/1.d/00-fix-var-logs
similarity index 100%
rename from image/base/runit-1.d-00-fix-var-logs
rename to image/base/etc/runit/1.d/00-fix-var-logs
diff --git a/image/base/runit-1.d-anacron b/image/base/etc/runit/1.d/anacron
similarity index 100%
rename from image/base/runit-1.d-anacron
rename to image/base/etc/runit/1.d/anacron
diff --git a/image/base/runit-1.d-cleanup-pids b/image/base/etc/runit/1.d/cleanup-pids
similarity index 100%
rename from image/base/runit-1.d-cleanup-pids
rename to image/base/etc/runit/1.d/cleanup-pids
diff --git a/image/base/runit-2 b/image/base/etc/runit/2
similarity index 100%
rename from image/base/runit-2
rename to image/base/etc/runit/2
diff --git a/image/base/runit-3 b/image/base/etc/runit/3
similarity index 100%
rename from image/base/runit-3
rename to image/base/etc/runit/3
diff --git a/image/base/cron b/image/base/etc/service/cron/run
similarity index 100%
rename from image/base/cron
rename to image/base/etc/service/cron/run
diff --git a/image/base/rsyslog b/image/base/etc/service/rsyslog/run
similarity index 100%
rename from image/base/rsyslog
rename to image/base/etc/service/rsyslog/run
diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick
index b2f5666..71700e1 100755
--- a/image/base/install-imagemagick
+++ b/image/base/install-imagemagick
@@ -13,11 +13,11 @@ WDIR=/tmp/imagemagick
# Install build deps
apt -y -q remove imagemagick
-apt -y -q install git make gcc pkg-config autoconf curl g++ \
- yasm cmake \
+apt -y -q install git make gcc pkg-config autoconf curl g++ yasm cmake \
libde265-0 libde265-dev ${LIBJPEGTURBO} x265 libx265-dev libtool \
- libpng16-16 libpng-dev ${LIBJPEGTURBO} libwebp6 libwebp-dev libgomp1 libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils \
- libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev
+ libpng16-16 libpng-dev ${LIBJPEGTURBO} libwebp6 libwebp-dev libgomp1 \
+ libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils \
+ libltdl7-dev libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev
# Use backports instead of compiling it
apt -y -q install -t bullseye-backports libheif1 libaom-dev libheif-dev
@@ -26,7 +26,7 @@ mkdir -p $WDIR
cd $WDIR
# Build and install ImageMagick
-wget -O $WDIR/ImageMagick.tar.gz "https://github.com/ImageMagick/ImageMagick/archive/$IMAGE_MAGICK_VERSION.tar.gz"
+wget -q -O $WDIR/ImageMagick.tar.gz "https://github.com/ImageMagick/ImageMagick/archive/$IMAGE_MAGICK_VERSION.tar.gz"
sha256sum $WDIR/ImageMagick.tar.gz
echo "$IMAGE_MAGICK_HASH $WDIR/ImageMagick.tar.gz" | sha256sum -c
IMDIR=$WDIR/$(tar tzf $WDIR/ImageMagick.tar.gz --wildcards "ImageMagick-*/configure" |cut -d/ -f1)
@@ -58,3 +58,6 @@ make all && make install
cd $HOME
rm -rf $WDIR
ldconfig /usr/local/lib
+
+# Validate ImageMagick install
+test $(convert -version | grep -o -e png -e tiff -e jpeg -e freetype -e heic -e webp | wc -l) -eq 6
diff --git a/image/base/install-jemalloc b/image/base/install-jemalloc
new file mode 100755
index 0000000..7d20c09
--- /dev/null
+++ b/image/base/install-jemalloc
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -e
+
+# version check: https://github.com/jemalloc/jemalloc/releases
+
+# jemalloc stable
+mkdir /jemalloc-stable
+cd /jemalloc-stable
+
+wget -q https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2
+sha256sum jemalloc-3.6.0.tar.bz2
+echo "e16c2159dd3c81ca2dc3b5c9ef0d43e1f2f45b04548f42db12e7c12d7bdf84fe jemalloc-3.6.0.tar.bz2" | sha256sum -c
+tar --strip-components=1 -xjf jemalloc-3.6.0.tar.bz2
+./configure --prefix=/usr && make && make install
+cd / && rm -rf /jemalloc-stable
+
+# jemalloc new
+mkdir /jemalloc-new
+cd /jemalloc-new
+
+wget -q https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
+sha256sum jemalloc-5.2.1.tar.bz2
+echo "34330e5ce276099e2e8950d9335db5a875689a4c6a56751ef3b1d8c537f887f6 jemalloc-5.2.1.tar.bz2" | sha256sum -c
+tar --strip-components=1 -xjf jemalloc-5.2.1.tar.bz2
+./configure --prefix=/usr --with-install-suffix=5.2.1 && make build_lib && make install_lib
+cd / && rm -rf /jemalloc-new
diff --git a/image/base/install-nginx b/image/base/install-nginx
index 0a6eb22..a1616c8 100755
--- a/image/base/install-nginx
+++ b/image/base/install-nginx
@@ -5,17 +5,15 @@ set -e
VERSION=1.21.6
HASH="66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae"
-apt install -y autoconf
-
cd /tmp
-curl -O https://nginx.org/download/nginx-$VERSION.tar.gz
+wget -q https://nginx.org/download/nginx-$VERSION.tar.gz
sha256sum nginx-$VERSION.tar.gz
echo "$HASH nginx-$VERSION.tar.gz" | sha256sum -c
tar zxf nginx-$VERSION.tar.gz
cd nginx-$VERSION
# nginx-common for boilerplate files etc.
-apt install -y nginx-common libpcre3 libpcre3-dev zlib1g zlib1g-dev
+apt install -y nginx-common
cd /tmp
# this is the reason we are compiling by hand...
diff --git a/image/base/install-oxipng b/image/base/install-oxipng
new file mode 100755
index 0000000..93b30b2
--- /dev/null
+++ b/image/base/install-oxipng
@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+# version check: https://github.com/shssoichiro/oxipng/releases
+OXIPNG_VERSION="5.0.1"
+OXIPNG_FILE="oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz"
+OXIPNG_HASH="89240cfd863f8007ab3ad95d88dc2ce15fc003a0421508728d73fec1375f19b6"
+
+# Install other deps
+apt -y -q install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng
+
+mkdir /oxipng-install
+cd /oxipng-install
+
+wget -q https://github.com/shssoichiro/oxipng/releases/download/v${OXIPNG_VERSION}/${OXIPNG_FILE}
+sha256sum ${OXIPNG_FILE}
+echo "${OXIPNG_HASH} ${OXIPNG_FILE}" | sha256sum -c
+
+tar --strip-components=1 -xzf $OXIPNG_FILE
+cp -v ./oxipng /usr/local/bin
+cd / && rm -fr /oxipng-install
diff --git a/image/base/install-redis b/image/base/install-redis
index 8c2b62e..10dde86 100755
--- a/image/base/install-redis
+++ b/image/base/install-redis
@@ -7,7 +7,7 @@ REDIS_HASH="5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab"
cd /tmp
# Prepare Redis source.
-wget http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz
+wget -q http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz
sha256sum redis-$REDIS_VERSION.tar.gz
echo "$REDIS_HASH redis-$REDIS_VERSION.tar.gz" | sha256sum -c
diff --git a/image/base/install-ruby b/image/base/install-ruby
new file mode 100755
index 0000000..0ad7cca
--- /dev/null
+++ b/image/base/install-ruby
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+RUBY_VERSION="2.7.5"
+
+mkdir /src
+git -C /src clone https://github.com/rbenv/ruby-build.git
+cd /src/ruby-build && ./install.sh
+cd / && rm -fr /src
+
+ruby-build ${RUBY_VERSION} /usr/local
diff --git a/image/base/boot b/image/base/sbin/boot
similarity index 100%
rename from image/base/boot
rename to image/base/sbin/boot
diff --git a/image/base/slim.Dockerfile b/image/base/slim.Dockerfile
index 6ddf68f..ed1035a 100644
--- a/image/base/slim.Dockerfile
+++ b/image/base/slim.Dockerfile
@@ -11,11 +11,9 @@ ENV RAILS_ENV production
RUN echo 2.0.`date +%Y%m%d` > /VERSION
RUN echo 'deb http://deb.debian.org/debian bullseye-backports main' > /etc/apt/sources.list.d/bullseye-backports.list
-RUN apt update && apt install -y gnupg sudo curl
RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
-RUN apt update && apt -y install fping
+RUN apt update && apt -y install gnupg sudo curl fping
RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt update || true"
-RUN apt -y install software-properties-common
RUN apt-mark hold initscripts
RUN apt -y upgrade
@@ -34,9 +32,10 @@ RUN apt -y update
# install these without recommends to avoid pulling in e.g.
# X11 libraries, mailutils
RUN apt -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
-RUN apt -y install build-essential ca-certificates rsync \
+RUN apt -y install autoconf build-essential ca-certificates rsync \
libxslt-dev libcurl4-openssl-dev \
libssl-dev libyaml-dev libtool \
+ libpcre3 libpcre3-dev zlib1g zlib1g-dev \
libxml2-dev gawk parallel \
postgresql-${PG_MAJOR} postgresql-client-${PG_MAJOR} \
postgresql-contrib-${PG_MAJOR} libpq-dev libreadline-dev \
@@ -59,47 +58,30 @@ RUN cd / &&\
npm install -g terser &&\
npm install -g uglify-js
+ADD install-imagemagick /tmp/install-imagemagick
+RUN /tmp/install-imagemagick
+
+ADD install-jemalloc /tmp/install-jemalloc
+RUN /tmp/install-jemalloc
+
ADD install-nginx /tmp/install-nginx
RUN /tmp/install-nginx
-RUN apt -y install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng
-
-RUN mkdir /oxipng-install && cd /oxipng-install &&\
- wget https://github.com/shssoichiro/oxipng/releases/download/v5.0.1/oxipng-5.0.1-x86_64-unknown-linux-musl.tar.gz &&\
- tar -xzf oxipng-5.0.1-x86_64-unknown-linux-musl.tar.gz && cd oxipng-5.0.1-x86_64-unknown-linux-musl &&\
- cp oxipng /usr/local/bin &&\
- cd / && rm -rf /oxipng-install
+ADD install-oxipng /tmp/install-oxipng
+RUN /tmp/install-oxipng
-RUN mkdir /jemalloc-stable && cd /jemalloc-stable &&\
- wget https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2 &&\
- tar -xjf jemalloc-3.6.0.tar.bz2 && cd jemalloc-3.6.0 && ./configure --prefix=/usr && make && make install &&\
- cd / && rm -rf /jemalloc-stable
+ADD install-redis /tmp/install-redis
+RUN /tmp/install-redis
-RUN mkdir /jemalloc-new && cd /jemalloc-new &&\
- wget https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2 &&\
- tar -xjf jemalloc-5.2.1.tar.bz2 && cd jemalloc-5.2.1 && ./configure --prefix=/usr --with-install-suffix=5.2.1 && make build_lib && make install_lib &&\
- cd / && rm -rf /jemalloc-new
+ADD install-ruby /tmp/install-ruby
+RUN /tmp/install-ruby
RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
- mkdir /src && git -C /src clone https://github.com/rbenv/ruby-build.git &&\
- cd /src/ruby-build && ./install.sh &&\
- cd / && rm -rf /src/ruby-build && (ruby-build 2.7.5 /usr/local)
-
-RUN gem update --system
+ gem update --system
RUN gem install bundler pups --force &&\
mkdir -p /pups/bin/ &&\
- ln -s /usr/local/bin/pups /pups/bin/pups &&\
- rm -rf /usr/local/share/ri/2.7.5/system
-
-ADD install-redis /tmp/install-redis
-RUN /tmp/install-redis
-
-ADD install-imagemagick /tmp/install-imagemagick
-RUN /tmp/install-imagemagick
-
-# Validate install
-RUN ruby -Eutf-8 -e "v = \`convert -version\`; %w{png tiff jpeg freetype heic}.each { |f| unless v.include?(f); STDERR.puts('no ' + f + ' support in imagemagick'); exit(-1); end }"
+ ln -s /usr/local/bin/pups /pups/bin/pups
# This tool allows us to disable huge page support for our current process
# since the flag is preserved through forks and execs it can be used on any
@@ -108,41 +90,32 @@ ADD thpoff.c /src/thpoff.c
RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c
# clean up for docker squash
-RUN rm -fr /usr/share/man &&\
- rm -fr /usr/share/doc &&\
- rm -fr /usr/share/vim/vim74/tutor &&\
- rm -fr /usr/share/vim/vim74/doc &&\
- rm -fr /usr/share/vim/vim74/lang &&\
- rm -fr /usr/local/share/doc &&\
- rm -fr /usr/local/share/ruby-build &&\
- rm -fr /root/.gem &&\
- rm -fr /root/.npm &&\
- rm -fr /tmp/* &&\
- rm -fr /usr/share/vim/vim74/spell/en*
-
+RUN rm -fr /usr/share/man &&\
+ rm -fr /usr/share/doc &&\
+ rm -fr /usr/share/vim/vim74/doc &&\
+ rm -fr /usr/share/vim/vim74/lang &&\
+ rm -fr /usr/share/vim/vim74/spell/en* &&\
+ rm -fr /usr/share/vim/vim74/tutor &&\
+ rm -fr /usr/local/share/doc &&\
+ rm -fr /usr/local/share/ri &&\
+ rm -fr /usr/local/share/ruby-build &&\
+ rm -fr /var/lib/apt/lists/* &&\
+ rm -fr /root/.gem &&\
+ rm -fr /root/.npm &&\
+ rm -fr /tmp/*
# this can probably be done, but I worry that people changing PG locales will have issues
# cd /usr/share/locale && rm -fr `ls -d */ | grep -v en`
-RUN mkdir -p /etc/runit/3.d
-
-ADD runit-1 /etc/runit/1
-ADD runit-1.d-cleanup-pids /etc/runit/1.d/cleanup-pids
-ADD runit-1.d-anacron /etc/runit/1.d/anacron
-ADD runit-1.d-00-fix-var-logs /etc/runit/1.d/00-fix-var-logs
-ADD runit-2 /etc/runit/2
-ADD runit-3 /etc/runit/3
-ADD boot /sbin/boot
+# this is required for aarch64 which uses buildx
+# see https://github.com/docker/buildx/issues/150
+RUN rm -f /etc/service
-ADD cron /etc/service/cron/run
-ADD rsyslog /etc/service/rsyslog/run
-ADD cron.d_anacron /etc/cron.d/anacron
+COPY etc/ /etc
+COPY sbin/ /sbin
# Discourse specific bits
RUN useradd discourse -s /bin/bash -m -U &&\
- mkdir -p /var/www &&\
- cd /var/www &&\
- git clone --depth 1 https://github.com/discourse/discourse.git &&\
- cd discourse &&\
- git remote set-branches --add origin tests-passed &&\
- chown -R discourse:discourse /var/www/discourse
+ install -dm 0755 -o discourse -g discourse /var/www/discourse &&\
+ sudo -u discourse git clone --depth 1 https://github.com/discourse/discourse.git /var/www/discourse &&\
+ sudo -u discourse git -C /var/www/discourse remote set-branches --add origin tests-passed