diff --git a/.gitignore b/.gitignore
index 2795e0e6b..f18232dec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,7 @@ altnames.cnf
/insecure
**/*.rs.bk
test.db
+cargo_vendor_config
/vendor
kanidm_rlm_python/test_data/certs/
vendor.tar.gz
diff --git a/Makefile b/Makefile
index d38c2cd2d..6aef316ad 100644
--- a/Makefile
+++ b/Makefile
@@ -15,7 +15,7 @@ help:
.PHONY: buildx/kanidmd/x86_64_v3
buildx/kanidmd/x86_64_v3: ## build multiarch server images
-buildx/kanidmd/x86_64_v3:
+buildx/kanidmd/x86_64_v3: vendor
@$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) --pull --push --platform "linux/amd64/v3" \
-f kanidmd/Dockerfile -t $(IMAGE_BASE)/server:x86_64_$(IMAGE_VERSION) \
--build-arg "KANIDM_BUILD_PROFILE=container_x86_64_v3" \
@@ -25,7 +25,7 @@ buildx/kanidmd/x86_64_v3:
.PHONY: buildx/kanidmd
buildx/kanidmd: ## Build multiarch kanidm server images and push to docker hub
-buildx/kanidmd:
+buildx/kanidmd: vendor
@$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) \
--pull --push --platform $(IMAGE_ARCH) \
-f kanidmd/Dockerfile \
@@ -37,7 +37,7 @@ buildx/kanidmd:
.PHONY: buildx/kanidm_tools
buildx/kanidm_tools: ## Build multiarch kanidm tool images and push to docker hub
-buildx/kanidm_tools:
+buildx/kanidm_tools: vendor
@$(CONTAINER_TOOL) buildx build $(CONTAINER_TOOL_ARGS) \
--pull --push --platform $(IMAGE_ARCH) \
-f kanidm_tools/Dockerfile \
@@ -103,7 +103,7 @@ precommit: test codespell test/pykanidm doc/format
.PHONY: vendor
vendor:
- cargo vendor
+ cargo vendor > cargo_vendor_config
.PHONY: vendor-prep
vendor-prep: vendor
diff --git a/kanidm_tools/Cargo.toml b/kanidm_tools/Cargo.toml
index 9f2e3b163..4870ddfef 100644
--- a/kanidm_tools/Cargo.toml
+++ b/kanidm_tools/Cargo.toml
@@ -27,7 +27,7 @@ path = "src/ssh_authorizedkeys.rs"
[dependencies]
clap = { workspace = true, features = ["derive", "env"] }
-compact_jwt.workspace = true
+compact_jwt = { workspace = true, features = ["openssl"] }
dialoguer.workspace = true
futures-concurrency.workspace = true
libc.workspace = true
diff --git a/kanidm_tools/Dockerfile b/kanidm_tools/Dockerfile
index 4558c9599..c47a125f8 100644
--- a/kanidm_tools/Dockerfile
+++ b/kanidm_tools/Dockerfile
@@ -1,53 +1,56 @@
-# This builds the kanidm CLI tool
+# This builds the kanidm CLI tools
ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos
-
RUN zypper refresh --force
RUN zypper dup -y
FROM repos AS builder
-ARG SCCACHE_REDIS=""
ARG KANIDM_FEATURES
ARG KANIDM_BUILD_PROFILE
ARG KANIDM_BUILD_OPTIONS=""
-RUN zypper install -y \
+RUN echo Profile $KANIDM_BUILD_PROFILE
+RUN echo Features $KANIDM_FEATURES
+
+RUN zypper install -y --no-recommends \
rustup wasm-pack \
- gcc clang lld \
+ clang \
make automake autoconf \
- libopenssl-devel \
+ libopenssl-3-devel \
pam-devel \
libudev-devel \
sqlite3-devel \
- rsync
+ rsync \
+ mold
+
RUN zypper clean -a
RUN rustup default stable
COPY . /usr/src/kanidm
-RUN mkdir /scratch
-RUN echo $KANIDM_BUILD_PROFILE
-ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
-RUN echo Features $KANIDM_FEATURES
-
-ENV CARGO_HOME=/scratch/.cargo
-ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.lld"
+RUN mkdir -p /usr/src/kanidm/.cargo
+RUN cp /usr/src/kanidm/cargo_vendor_config /usr/src/kanidm/.cargo/config.toml
WORKDIR /usr/src/kanidm/
+
+# Set the build profile
+ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
+ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"
+
# build the CLI
RUN if [ -z "${KANIDM_FEATURES}" ]; then \
- cargo build --bin kanidm ${KANIDM_BUILD_OPTIONS} \
+ cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \
--release; \
- cargo build --bin kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
+ cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \
--release; \
else \
- cargo build --bin kanidm ${KANIDM_BUILD_OPTIONS} \
+ cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \
--release; \
- cargo build --bin kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
+ cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
--target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \
--release; \
@@ -58,7 +61,7 @@ RUN ls -al /usr/src/kanidm/target/release
# == Construct the tools container
FROM repos
-RUN zypper install -y timezone busybox-adduser && \
+RUN zypper install -y timezone busybox-adduser openssl-3 && \
zypper clean -a
COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
diff --git a/kanidmd/Dockerfile b/kanidmd/Dockerfile
index 0f0125a7f..540abd55c 100644
--- a/kanidmd/Dockerfile
+++ b/kanidmd/Dockerfile
@@ -1,3 +1,4 @@
+# Build the main Kanidmd server
ARG BASE_IMAGE=opensuse/tumbleweed:latest
FROM ${BASE_IMAGE} AS repos
RUN zypper refresh --force
@@ -5,56 +6,59 @@ RUN zypper dup -y
# ======================
FROM repos AS builder
+ARG KANIDM_FEATURES
+ARG KANIDM_BUILD_PROFILE="container_generic"
+ARG KANIDM_BUILD_OPTIONS=""
-RUN zypper install -y \
+RUN echo Profile $KANIDM_BUILD_PROFILE
+RUN echo Features $KANIDM_FEATURES
+
+RUN zypper install -y --no-recommends \
rustup \
- wasm-pack \
- clang lld \
+ clang \
make automake autoconf \
- libopenssl-devel pam-devel \
+ libopenssl-3-devel pam-devel \
sqlite3-devel \
- gcc \
rsync \
findutils \
- which
+ which \
+ mold
+# wasm-pack \
+# lld
+
RUN zypper clean -a
RUN rustup default stable
COPY . /usr/src/kanidm
-ARG KANIDM_FEATURES
-ARG KANIDM_BUILD_PROFILE="container_generic"
-ARG KANIDM_BUILD_OPTIONS=""
-
-RUN mkdir /scratch
-RUN echo $KANIDM_BUILD_PROFILE
-RUN echo $KANIDM_FEATURES
-
-ENV CARGO_HOME=/scratch/.cargo
+RUN mkdir -p /usr/src/kanidm/.cargo
+RUN cp /usr/src/kanidm/cargo_vendor_config /usr/src/kanidm/.cargo/config.toml
# ======================
-WORKDIR /usr/src/kanidm/kanidmd_web_ui
+# WORKDIR /usr/src/kanidm/kanidmd_web_ui
# # This can't be used in the wasm build for now.
# # ENV RUSTFLAGS="-Clinker=clang"
-RUN ./build_wasm.sh
+# RUN ./build_wasm.sh
# ======================
WORKDIR /usr/src/kanidm/kanidmd/daemon
# Set the build profile
-ENV KANIDM_BUILD_PROFILE="${KANIDM_BUILD_PROFILE}"
-ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.lld"
+ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
+ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"
# Exports don't persist through RUN statements.
RUN export CC="/usr/bin/clang"; \
if [ -z "${KANIDM_FEATURES}" ]; then \
cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
+ --locked --offline \
--target-dir="/usr/src/kanidm/target/" \
--release; \
else \
cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
+ --locked --offline \
--target-dir="/usr/src/kanidm/target/" \
--features="${KANIDM_FEATURES}" \
--release; \
@@ -68,6 +72,7 @@ FROM repos
RUN zypper install -y \
timezone \
+ openssl-3 \
sqlite3 \
pam
RUN zypper clean -a