forked from docker-library/ruby
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Dockerfile-alpine.template
137 lines (130 loc) · 3.98 KB
/
Dockerfile-alpine.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
FROM alpine:%%PLACEHOLDER%%
RUN apk add --no-cache \
gmp-dev
# skip installing gem documentation
RUN set -eux; \
mkdir -p /usr/local/etc; \
{ \
echo 'install: --no-document'; \
echo 'update: --no-document'; \
} >> /usr/local/etc/gemrc
ENV RUBY_MAJOR %%VERSION%%
ENV RUBY_VERSION %%FULL_VERSION%%
ENV RUBY_DOWNLOAD_SHA256 %%SHA256%%
ENV RUBYGEMS_VERSION %%RUBYGEMS%%
# some of ruby's build scripts are written in ruby
# we purge system ruby later to make sure our final image uses what we just built
# readline-dev vs libedit-dev: https://bugs.ruby-lang.org/issues/11869 and https://github.com/docker-library/ruby/issues/75
RUN set -eux; \
\
apk add --no-cache --virtual .ruby-builddeps \
autoconf \
bison \
bzip2 \
bzip2-dev \
ca-certificates \
coreutils \
dpkg-dev dpkg \
gcc \
gdbm-dev \
glib-dev \
libc-dev \
libffi-dev \
libxml2-dev \
libxslt-dev \
linux-headers \
make \
ncurses-dev \
openssl \
openssl-dev \
procps \
readline-dev \
ruby \
tar \
xz \
yaml-dev \
zlib-dev \
jemalloc-dev \
; \
\
wget -O ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.xz"; \
echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict; \
\
mkdir -p /usr/src/ruby; \
tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1; \
rm ruby.tar.xz; \
\
cd /usr/src/ruby; \
\
# https://github.com/docker-library/ruby/issues/196
# https://bugs.ruby-lang.org/issues/14387#note-13 (patch source)
# https://bugs.ruby-lang.org/issues/14387#note-16 ("Therefore ncopa's patch looks good for me in general." -- only breaks glibc which doesn't matter here)
wget -O 'thread-stack-fix.patch' 'https://bugs.ruby-lang.org/attachments/download/7081/0001-thread_pthread.c-make-get_main_stack-portable-on-lin.patch'; \
echo '3ab628a51d92fdf0d2b5835e93564857aea73e0c1de00313864a94a6255cb645 *thread-stack-fix.patch' | sha256sum --check --strict; \
patch -p1 -i thread-stack-fix.patch; \
rm thread-stack-fix.patch; \
\
# hack in "ENABLE_PATH_CHECK" disabling to suppress:
# warning: Insecure world writable dir
{ \
echo '#define ENABLE_PATH_CHECK 0'; \
echo; \
cat file.c; \
} > file.c.new; \
mv file.c.new file.c; \
\
autoconf; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
# the configure script does not detect isnan/isinf as macros
export ac_cv_func_isnan=yes ac_cv_func_isinf=yes; \
./configure \
--build="$gnuArch" \
--disable-install-doc \
--enable-shared \
--with-jemalloc \
; \
make -j "$(nproc)"; \
make install; \
\
runDeps="$( \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-network --virtual .ruby-rundeps \
$runDeps \
bzip2 \
ca-certificates \
libffi-dev \
procps \
yaml-dev \
zlib-dev \
; \
apk del --no-network .ruby-builddeps; \
\
cd /; \
rm -r /usr/src/ruby; \
# make sure bundled "rubygems" is older than RUBYGEMS_VERSION (https://github.com/docker-library/ruby/issues/246)
ruby -e 'exit(Gem::Version.create(ENV["RUBYGEMS_VERSION"]) > Gem::Version.create(Gem::VERSION))'; \
gem update --system "$RUBYGEMS_VERSION" && rm -r /root/.gem/; \
# verify we have no "ruby" packages installed
! apk --no-network list --installed \
| grep -v '^[.]ruby-rundeps' \
| grep -i ruby \
; \
[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
# rough smoke test
ruby --version; \
gem --version; \
bundle --version
# Sanity check for jemalloc
RUN ruby -r rbconfig -e "abort 'jemalloc not enabled' unless RbConfig::CONFIG['LIBS'].include?('jemalloc') || RbConfig::CONFIG['MAINLIBS'].include?('jemalloc')"
# don't create ".bundle" in all our apps
ENV GEM_HOME /usr/local/bundle
ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
BUNDLE_APP_CONFIG="$GEM_HOME"
ENV PATH $GEM_HOME/bin:$PATH
# adjust permissions of a few directories for running "gem install" as an arbitrary user
RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
CMD [ "irb" ]