-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
46 lines (32 loc) · 1.49 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# This Dockerfile is used to build a Docker image for the seedpass application using MUSL for ARM64
# docker buildx create --use
# docker buildx inspect --bootstrap
# docker buildx build --platform linux/arm64 -t seedpass-arm64-musl --load .
# docker run --rm --platform=linux/arm64 seedpass-arm64-musl /usr/local/bin/seedpass --help
# Stage 1: Build the Rust application with MUSL targeting ARM64
FROM messense/rust-musl-cross:aarch64-musl AS builder
# Set the target for ARM64 using MUSL
ENV TARGET=aarch64-unknown-linux-musl
# Add Rust target for cross-compilation
RUN rustup target add ${TARGET}
# Prepare the working directory
WORKDIR /app
# Copy the project files
COPY . .
# Ensure Cargo is updated to the latest stable version
RUN rustup update && rustup default stable
# Compile the application with release optimizations
RUN cargo build --release --target ${TARGET}
# Stage 2: Create a lightweight final image with Alpine Linux
FROM alpine:latest
# Set security settings to prevent access to sensitive memory
RUN echo "kernel.yama.ptrace_scope=2" >> /etc/sysctl.conf \
&& echo "kernel.kptr_restrict=2" >> /etc/sysctl.conf
# Install runtime dependencies required for MUSL
RUN apk add --no-cache musl
# Copy the compiled binary from the builder stage
COPY --from=builder /app/target/aarch64-unknown-linux-musl/release/seedpass /usr/local/bin/seedpass
# Ensure the binary is executable
RUN chmod +x /usr/local/bin/seedpass
# Set the default command to show help
CMD ["/usr/local/bin/seedpass", "--help"]