From da26ad781274e05de9e9eb5e05aa37651c9fac74 Mon Sep 17 00:00:00 2001 From: An0nX <80145620+An0nX@users.noreply.github.com> Date: Thu, 26 Mar 2026 00:43:55 +0300 Subject: [PATCH] Fix latest build issue --- Dockerfile | 78 +++++++++++++++++------------------------------------- 1 file changed, 25 insertions(+), 53 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1cc368e..6deeee9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,67 +1,39 @@ # syntax=docker/dockerfile:1.7 -ARG TELEMT_REPO=https://github.com/telemt/telemt.git -ARG TELEMT_REF=main +ARG TELEMT_VERSION=3.3.31 -FROM --platform=$TARGETPLATFORM dhi.io/alpine-base:3.23-dev AS build +FROM --platform=$TARGETPLATFORM alpine:latest AS fetch -ARG TELEMT_REPO -ARG TELEMT_REF +ARG TELEMT_VERSION +ARG TARGETARCH -ENV RUSTUP_HOME="/usr/local/rustup" \ - CARGO_HOME="/usr/local/cargo" \ - PATH="/usr/local/cargo/bin:${PATH}" - -RUN --mount=type=cache,target=/var/cache/apk \ - apk add --no-cache \ - ca-certificates git curl \ - build-base musl-dev pkgconf \ - openssl-dev openssl-libs-static \ - zlib-dev zlib-static \ - upx \ +RUN apk add --no-cache ca-certificates curl upx \ && update-ca-certificates RUN set -eux; \ - case "$(apk --print-arch)" in \ - x86_64) ARCH=x86_64 ;; \ - aarch64) ARCH=aarch64 ;; \ - *) echo "unsupported arch: $(apk --print-arch)"; exit 1 ;; \ + case "${TARGETARCH}" in \ + amd64) ARCH=x86_64 ;; \ + arm64) ARCH=aarch64 ;; \ + *) echo "unsupported arch: ${TARGETARCH}"; exit 1 ;; \ esac; \ - curl -fsSL "https://static.rust-lang.org/rustup/dist/${ARCH}-unknown-linux-musl/rustup-init" -o /tmp/rustup-init; \ - chmod +x /tmp/rustup-init; \ - /tmp/rustup-init -y --default-toolchain stable --profile minimal; \ - rm /tmp/rustup-init - -ENV CARGO_NET_GIT_FETCH_WITH_CLI=true \ - CARGO_TERM_COLOR=always \ - CARGO_PROFILE_RELEASE_LTO=true \ - CARGO_PROFILE_RELEASE_CODEGEN_UNITS=1 \ - CARGO_PROFILE_RELEASE_DEBUG=false \ - CARGO_PROFILE_RELEASE_STRIP=true \ - CARGO_PROFILE_RELEASE_DEBUG_ASSERTIONS=false \ - CARGO_PROFILE_RELEASE_OVERFLOW_CHECKS=false \ - CARGO_PROFILE_RELEASE_PANIC=abort \ - OPENSSL_STATIC=1 - -WORKDIR /src - -RUN --mount=type=cache,target=/root/.cache/git \ - git clone --depth=1 --branch "${TELEMT_REF}" "${TELEMT_REPO}" . \ - || (git init . && git remote add origin "${TELEMT_REPO}" \ - && git fetch --depth=1 origin "${TELEMT_REF}" \ - && git checkout --detach FETCH_HEAD) - -RUN --mount=type=cache,target=/usr/local/cargo/registry \ - --mount=type=cache,target=/usr/local/cargo/git \ - --mount=type=cache,target=/src/target \ - set -eux; \ \ - cargo build --release --bin telemt; \ + BASE_URL="https://github.com/telemt/telemt/releases/download/${TELEMT_VERSION}"; \ + TARBALL="telemt-${ARCH}-linux-musl.tar.gz"; \ \ + echo "=== Downloading ${TARBALL} ==="; \ + curl -fsSL -o "/tmp/${TARBALL}" "${BASE_URL}/${TARBALL}"; \ + curl -fsSL -o "/tmp/${TARBALL}.sha256" "${BASE_URL}/${TARBALL}.sha256"; \ + \ + echo "=== Verifying checksum ==="; \ + cd /tmp && sha256sum -c "${TARBALL}.sha256"; \ + \ + echo "=== Extracting ==="; \ mkdir -p /out; \ - install -Dm755 target/release/telemt /out/telemt; \ + tar -xzf "/tmp/${TARBALL}" -C /out; \ + chmod 755 /out/telemt; \ \ - if readelf -lW /out/telemt | grep -q "Requesting program interpreter"; then \ + echo "=== Verifying static linkage ==="; \ + if readelf -lW /out/telemt 2>/dev/null | grep -q "Requesting program interpreter"; then \ echo "ERROR: telemt is dynamically linked -> cannot run in distroless/static"; \ exit 1; \ fi @@ -76,8 +48,8 @@ FROM gcr.io/distroless/static:nonroot AS runtime STOPSIGNAL SIGINT -COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt -COPY --from=build /out/telemt /usr/local/bin/telemt +COPY --from=fetch /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=fetch /out/telemt /usr/local/bin/telemt WORKDIR /tmp