mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-04-13 22:05:38 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

build: Create daemon image from scratch ()

Browse source
This commit is contained in:
Jade Ellis 2025-02-25 04:16:08 +00:00 committed by GitHub
parent 3edee485dd
commit 266dc77536
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 35 additions and 11 deletions

1
.dockerignore
View file

@ -10,3 +10,4 @@ kanidmd/sampledata
Makefile
target
test.db
Dockerfile

45
server/Dockerfile
View file

@ -54,20 +54,43 @@ RUN --mount=type=cache,id=cargo,target=/cargo \
--release; \
sccache -s
# Find and copy dynamically linked libraries using ldd
# caveat: this actually partially runs the binary, so it doesn't work for cross-compilation
RUN <<EOF
mkdir -p /out/libs
mkdir -p /out/libs-root
ldd /usr/src/kanidm/target/release/kanidmd
ldd /usr/src/kanidm/target/release/kanidmd | grep -v 'linux-vdso.so' | awk '{print $(NF-1) " " $1}' | sort -u -k 1,1 | awk '{print "install", "-D", $1, (($2 ~ /^\//) ? "/out/libs-root" $2 : "/out/libs/" $2)}' | xargs -I {} sh -c {}
ls -Rla /out/libs
ls -Rla /out/libs-root
EOF
# ======================
FROM repos
RUN \
--mount=type=cache,id=zypp,target=/var/cache/zypp \
zypper install -y \
timezone \
openssl-3 \
sqlite3 \
pam
FROM scratch
COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
COPY --from=builder /usr/src/kanidm/server/core/static /hpkg
RUN chmod +x /sbin/kanidmd
WORKDIR /
# Copy root certs for tls into image
# You can also mount the certs from the host
# --volume /etc/ssl/certs:/etc/ssl/certs:ro
COPY --from=repos /etc/ssl/certs /etc/ssl/certs
# Copy our build
COPY --from=builder --chmod=0755 /usr/src/kanidm/target/release/kanidmd /sbin/
# Web assets
COPY --from=builder /usr/src/kanidm/server/core/static /hpkg/
# Copy fixed-path dynamic libraries to their position
COPY --from=builder /out/libs-root/ /
COPY --from=builder /out/libs/ /lib/
# Inform loader where to find libraries
# This is necessary because opensuse searches for libraries in /lib64 or /lib depending on the architecture, but we don't know which one we're on.
# Alternatively, we could symlink /lib64 to /lib, and /usr/lib64 to /usr/lib, etc.
# We could always fix this by invoking the loader on the host (which works in a cross build it seems), but this is easier.
# On debian, it always searches for libraries in /lib.
ENV LD_LIBRARY_PATH=/lib
WORKDIR /data