@ -83,8 +83,6 @@ FROM vaultwarden/web-vault@{{ vault_image_digest }} as vault
########################## BUILD IMAGE ##########################
########################## BUILD IMAGE ##########################
FROM {{ build_stage_base_image }} as build
FROM {{ build_stage_base_image }} as build
# Build time options to avoid dpkg warnings and help with reproducible builds.
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND = noninteractive \
ENV DEBIAN_FRONTEND = noninteractive \
LANG = C.UTF-8 \
LANG = C.UTF-8 \
@ -93,7 +91,6 @@ ENV DEBIAN_FRONTEND=noninteractive \
CARGO_HOME = "/root/.cargo" \
CARGO_HOME = "/root/.cargo" \
USER = "root"
USER = "root"
# Create CARGO_HOME folder and don't download rust docs
# Create CARGO_HOME folder and don't download rust docs
RUN { { mount_rust_cache -} } mkdir -pv " ${ CARGO_HOME } " \
RUN { { mount_rust_cache -} } mkdir -pv " ${ CARGO_HOME } " \
&& rustup set profile minimal
&& rustup set profile minimal
@ -104,20 +101,20 @@ RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \
ENV RUSTFLAGS = '-Clink-arg=/usr/local/musl/{{ package_arch_target }}/lib/libatomic.a'
ENV RUSTFLAGS = '-Clink-arg=/usr/local/musl/{{ package_arch_target }}/lib/libatomic.a'
{ % endif %}
{ % endif %}
{ % elif "arm" in target_file %}
{ % elif "arm" in target_file %}
#
# Install build dependencies for the {{ package_arch_name }} architecture
# Install required build libs for {{ package_arch_name }} architecture.
RUN dpkg --add-architecture { { package_arch_name } } \
RUN dpkg --add-architecture { { package_arch_name } } \
&& apt-get update \
&& apt-get update \
&& apt-get install -y \
&& apt-get install -y \
--no-install-recommends \
--no-install-recommends \
libssl-dev{ { package_arch_prefix } } \
gcc-{ { package_cross_compiler } } \
libc6-dev{ { package_arch_prefix } } \
libc6-dev{ { package_arch_prefix } } \
libpq5{ { package_arch_prefix } } \
libcap2-bin \
libpq-dev{ { package_arch_prefix } } \
libmariadb3{ { package_arch_prefix } } \
libmariadb-dev{ { package_arch_prefix } } \
libmariadb-dev{ { package_arch_prefix } } \
libmariadb-dev-compat{ { package_arch_prefix } } \
libmariadb-dev-compat{ { package_arch_prefix } } \
gcc-{ { package_cross_compiler } } \
libmariadb3{ { package_arch_prefix } } \
libpq-dev{ { package_arch_prefix } } \
libpq5{ { package_arch_prefix } } \
libssl-dev{ { package_arch_prefix } } \
#
#
# Make sure cargo has the right target config
# Make sure cargo has the right target config
&& echo '[target.{{ package_arch_target }}]' >> " ${ CARGO_HOME } /config " \
&& echo '[target.{{ package_arch_target }}]' >> " ${ CARGO_HOME } /config " \
@ -129,16 +126,14 @@ ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_
CROSS_COMPILE = "1" \
CROSS_COMPILE = "1" \
OPENSSL_INCLUDE_DIR = "/usr/include/{{ package_cross_compiler }}" \
OPENSSL_INCLUDE_DIR = "/usr/include/{{ package_cross_compiler }}" \
OPENSSL_LIB_DIR = "/usr/lib/{{ package_cross_compiler }}"
OPENSSL_LIB_DIR = "/usr/lib/{{ package_cross_compiler }}"
{ % elif "amd64" in target_file %}
{ % elif "amd64" in target_file %}
# Install DB packag es
# Install build dependenci es
RUN apt-get update \
RUN apt-get update \
&& apt-get install -y \
&& apt-get install -y \
--no-install-recommends \
--no-install-recommends \
libmariadb-dev{ { package_arch_prefix } } \
libcap2-bin \
libpq-dev{ { package_arch_prefix } } \
libmariadb-dev \
&& apt-get clean \
libpq-dev
&& rm -rf /var/lib/apt/lists/*
{ % endif %}
{ % endif %}
# Creates a dummy project used to grab dependencies
# Creates a dummy project used to grab dependencies
@ -179,6 +174,18 @@ RUN touch src/main.rs
# your actual source files being built
# your actual source files being built
RUN { { mount_rust_cache -} } cargo build --features ${ DB } --release{ { package_arch_target_param } }
RUN { { mount_rust_cache -} } cargo build --features ${ DB } --release{ { package_arch_target_param } }
{ % if "buildkit" in target_file %}
# Add the `cap_net_bind_service` capability to allow listening on
# privileged (< 1024) ports even when running as a non-root user.
# This is only done if building with BuildKit; with the legacy
# builder, the `COPY` instruction doesn't carry over capabilities.
{ % if package_arch_target is defined %}
RUN setcap cap_net_bind_service = +ep target/{ { package_arch_target } } /release/vaultwarden
{ % else %}
RUN setcap cap_net_bind_service = +ep target/release/vaultwarden
{ % endif %}
{ % endif %}
######################## RUNTIME IMAGE ########################
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# Create a new stage with a minimal image
# because we already have a binary built
# because we already have a binary built
@ -200,18 +207,18 @@ RUN [ "cross-build-start" ]
RUN mkdir /data \
RUN mkdir /data \
{ % if "alpine" in runtime_stage_base_image %}
{ % if "alpine" in runtime_stage_base_image %}
&& apk add --no-cache \
&& apk add --no-cache \
openssl \
ca-certificates \
tzdata \
curl \
curl \
ca-certificates
openssl \
tzdata
{ % else %}
{ % else %}
&& apt-get update && apt-get install -y \
&& apt-get update && apt-get install -y \
--no-install-recommends \
--no-install-recommends \
openssl \
ca-certificates \
ca-certificates \
curl \
curl \
libmariadb-dev-compat \
libmariadb-dev-compat \
libpq5 \
libpq5 \
openssl \
&& apt-get clean \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
&& rm -rf /var/lib/apt/lists/*
{ % endif %}
{ % endif %}