Fossil SCM
Removed use of UPX in the container build process. It complicates the build for a tiny gain while breaking ARM builds. We worked around the ARM-on-ARM case earlier, but it also breaks x86 cross-compilation on ARM. Images are already compressed, and while `upx -9` is stronger compression than whatever Docker Engine is using, it's a small advantage. This does mean the static executable isn't compressed any more on x86, but if you want that, you can UPX it afterward.
Commit
da545c9e79ba70ebac353f7b6646ccaf4ab4ed800c11893dff29be728e059342
Parent
ec8ef573b31669f…
3 files changed
+4
-9
+1
-3
+4
-5
+4
-9
| --- Dockerfile | ||
| +++ Dockerfile | ||
| @@ -9,22 +9,19 @@ | ||
| 9 | 9 | WORKDIR /tmp |
| 10 | 10 | |
| 11 | 11 | ### Bake the basic Alpine Linux into a base layer so we never have to |
| 12 | 12 | ### repeat that step unless we change the package set. Although we're |
| 13 | 13 | ### going to throw this layer away below, we still pass --no-cache |
| 14 | -### because that cache is of no use in an immutable layer. Note that | |
| 15 | -### we allow the UPX step to fail: it isn't in the ARM distros. We'll | |
| 16 | -### check whether this optional piece exists before using it below. | |
| 14 | +### because that cache is of no use in an immutable layer. | |
| 17 | 15 | RUN set -x \ |
| 18 | 16 | && apk update \ |
| 19 | 17 | && apk upgrade --no-cache \ |
| 20 | 18 | && apk add --no-cache \ |
| 21 | 19 | gcc make \ |
| 22 | 20 | linux-headers musl-dev \ |
| 23 | 21 | openssl-dev openssl-libs-static \ |
| 24 | - zlib-dev zlib-static \ | |
| 25 | - ; ( apk add --no-cache upx || exit 0 ) | |
| 22 | + zlib-dev zlib-static | |
| 26 | 23 | |
| 27 | 24 | ### Bake the custom BusyBox into another layer. The intent is that this |
| 28 | 25 | ### changes only when we change BBXVER. That will force an update of |
| 29 | 26 | ### the layers below, but this is a rare occurrence. |
| 30 | 27 | ARG BBXVER="1_35_0" |
| @@ -31,12 +28,11 @@ | ||
| 31 | 28 | ENV BBXURL "https://github.com/mirror/busybox/tarball/${BBXVER}" |
| 32 | 29 | COPY containers/busybox-config /tmp/bbx/.config |
| 33 | 30 | ADD $BBXURL /tmp/bbx/src.tar.gz |
| 34 | 31 | RUN set -x \ |
| 35 | 32 | && tar --strip-components=1 -C bbx -xzf bbx/src.tar.gz \ |
| 36 | - && ( cd bbx && yes "" | make oldconfig && make -j11 ) \ | |
| 37 | - && test ! -x /usr/bin/upx || upx -9q bbx/busybox | |
| 33 | + && ( cd bbx && yes "" | make oldconfig && make -j11 ) | |
| 38 | 34 | |
| 39 | 35 | # Copy in dummied-up OS release info file for those using nspawn. |
| 40 | 36 | # Without this, it'll gripe that the rootfs dir doesn't look like |
| 41 | 37 | # it contains an OS. |
| 42 | 38 | COPY containers/os-release /etc/os-release |
| @@ -58,12 +54,11 @@ | ||
| 58 | 54 | ADD $FSLURL $FSLSTB |
| 59 | 55 | RUN set -x \ |
| 60 | 56 | && if [ -d $FSLSTB ] ; then mv $FSLSTB/src fsl ; \ |
| 61 | 57 | else tar -C fsl -xzf fsl/src.tar.gz ; fi \ |
| 62 | 58 | && m=fsl/src/src/main.mk \ |
| 63 | - && fsl/src/configure --static CFLAGS='-Os -s' $FSLCFG && make -j11 \ | |
| 64 | - && if [ -x /usr/bin/upx ] ; then upx -9q fossil ; fi | |
| 59 | + && fsl/src/configure --static CFLAGS='-Os -s' $FSLCFG && make -j11 | |
| 65 | 60 | |
| 66 | 61 | |
| 67 | 62 | ## --------------------------------------------------------------------- |
| 68 | 63 | ## STAGE 2: Pare that back to the bare essentials. |
| 69 | 64 | ## --------------------------------------------------------------------- |
| 70 | 65 |
| --- Dockerfile | |
| +++ Dockerfile | |
| @@ -9,22 +9,19 @@ | |
| 9 | WORKDIR /tmp |
| 10 | |
| 11 | ### Bake the basic Alpine Linux into a base layer so we never have to |
| 12 | ### repeat that step unless we change the package set. Although we're |
| 13 | ### going to throw this layer away below, we still pass --no-cache |
| 14 | ### because that cache is of no use in an immutable layer. Note that |
| 15 | ### we allow the UPX step to fail: it isn't in the ARM distros. We'll |
| 16 | ### check whether this optional piece exists before using it below. |
| 17 | RUN set -x \ |
| 18 | && apk update \ |
| 19 | && apk upgrade --no-cache \ |
| 20 | && apk add --no-cache \ |
| 21 | gcc make \ |
| 22 | linux-headers musl-dev \ |
| 23 | openssl-dev openssl-libs-static \ |
| 24 | zlib-dev zlib-static \ |
| 25 | ; ( apk add --no-cache upx || exit 0 ) |
| 26 | |
| 27 | ### Bake the custom BusyBox into another layer. The intent is that this |
| 28 | ### changes only when we change BBXVER. That will force an update of |
| 29 | ### the layers below, but this is a rare occurrence. |
| 30 | ARG BBXVER="1_35_0" |
| @@ -31,12 +28,11 @@ | |
| 31 | ENV BBXURL "https://github.com/mirror/busybox/tarball/${BBXVER}" |
| 32 | COPY containers/busybox-config /tmp/bbx/.config |
| 33 | ADD $BBXURL /tmp/bbx/src.tar.gz |
| 34 | RUN set -x \ |
| 35 | && tar --strip-components=1 -C bbx -xzf bbx/src.tar.gz \ |
| 36 | && ( cd bbx && yes "" | make oldconfig && make -j11 ) \ |
| 37 | && test ! -x /usr/bin/upx || upx -9q bbx/busybox |
| 38 | |
| 39 | # Copy in dummied-up OS release info file for those using nspawn. |
| 40 | # Without this, it'll gripe that the rootfs dir doesn't look like |
| 41 | # it contains an OS. |
| 42 | COPY containers/os-release /etc/os-release |
| @@ -58,12 +54,11 @@ | |
| 58 | ADD $FSLURL $FSLSTB |
| 59 | RUN set -x \ |
| 60 | && if [ -d $FSLSTB ] ; then mv $FSLSTB/src fsl ; \ |
| 61 | else tar -C fsl -xzf fsl/src.tar.gz ; fi \ |
| 62 | && m=fsl/src/src/main.mk \ |
| 63 | && fsl/src/configure --static CFLAGS='-Os -s' $FSLCFG && make -j11 \ |
| 64 | && if [ -x /usr/bin/upx ] ; then upx -9q fossil ; fi |
| 65 | |
| 66 | |
| 67 | ## --------------------------------------------------------------------- |
| 68 | ## STAGE 2: Pare that back to the bare essentials. |
| 69 | ## --------------------------------------------------------------------- |
| 70 |
| --- Dockerfile | |
| +++ Dockerfile | |
| @@ -9,22 +9,19 @@ | |
| 9 | WORKDIR /tmp |
| 10 | |
| 11 | ### Bake the basic Alpine Linux into a base layer so we never have to |
| 12 | ### repeat that step unless we change the package set. Although we're |
| 13 | ### going to throw this layer away below, we still pass --no-cache |
| 14 | ### because that cache is of no use in an immutable layer. |
| 15 | RUN set -x \ |
| 16 | && apk update \ |
| 17 | && apk upgrade --no-cache \ |
| 18 | && apk add --no-cache \ |
| 19 | gcc make \ |
| 20 | linux-headers musl-dev \ |
| 21 | openssl-dev openssl-libs-static \ |
| 22 | zlib-dev zlib-static |
| 23 | |
| 24 | ### Bake the custom BusyBox into another layer. The intent is that this |
| 25 | ### changes only when we change BBXVER. That will force an update of |
| 26 | ### the layers below, but this is a rare occurrence. |
| 27 | ARG BBXVER="1_35_0" |
| @@ -31,12 +28,11 @@ | |
| 28 | ENV BBXURL "https://github.com/mirror/busybox/tarball/${BBXVER}" |
| 29 | COPY containers/busybox-config /tmp/bbx/.config |
| 30 | ADD $BBXURL /tmp/bbx/src.tar.gz |
| 31 | RUN set -x \ |
| 32 | && tar --strip-components=1 -C bbx -xzf bbx/src.tar.gz \ |
| 33 | && ( cd bbx && yes "" | make oldconfig && make -j11 ) |
| 34 | |
| 35 | # Copy in dummied-up OS release info file for those using nspawn. |
| 36 | # Without this, it'll gripe that the rootfs dir doesn't look like |
| 37 | # it contains an OS. |
| 38 | COPY containers/os-release /etc/os-release |
| @@ -58,12 +54,11 @@ | |
| 54 | ADD $FSLURL $FSLSTB |
| 55 | RUN set -x \ |
| 56 | && if [ -d $FSLSTB ] ; then mv $FSLSTB/src fsl ; \ |
| 57 | else tar -C fsl -xzf fsl/src.tar.gz ; fi \ |
| 58 | && m=fsl/src/src/main.mk \ |
| 59 | && fsl/src/configure --static CFLAGS='-Os -s' $FSLCFG && make -j11 |
| 60 | |
| 61 | |
| 62 | ## --------------------------------------------------------------------- |
| 63 | ## STAGE 2: Pare that back to the bare essentials. |
| 64 | ## --------------------------------------------------------------------- |
| 65 |
+1
-3
| --- www/containers.md | ||
| +++ www/containers.md | ||
| @@ -363,13 +363,11 @@ | ||
| 363 | 363 | $ docker cp fossil-static-tmp:/jail/bin/fossil . |
| 364 | 364 | $ docker container rm fossil-static-tmp |
| 365 | 365 | ``` |
| 366 | 366 | |
| 367 | 367 | The resulting binary is the single largest file inside that container, |
| 368 | -at about 4 MiB. (It’s built stripped and packed with [UPX].) | |
| 369 | - | |
| 370 | -[UPX]: https://upx.github.io/ | |
| 368 | +at about 6 MiB. (It’s built stripped.) | |
| 371 | 369 | |
| 372 | 370 | |
| 373 | 371 | ## 5. <a id="args"></a>Container Build Arguments |
| 374 | 372 | |
| 375 | 373 | ### <a id="pkg-vers"></a> 5.1 Package Versions |
| 376 | 374 |
| --- www/containers.md | |
| +++ www/containers.md | |
| @@ -363,13 +363,11 @@ | |
| 363 | $ docker cp fossil-static-tmp:/jail/bin/fossil . |
| 364 | $ docker container rm fossil-static-tmp |
| 365 | ``` |
| 366 | |
| 367 | The resulting binary is the single largest file inside that container, |
| 368 | at about 4 MiB. (It’s built stripped and packed with [UPX].) |
| 369 | |
| 370 | [UPX]: https://upx.github.io/ |
| 371 | |
| 372 | |
| 373 | ## 5. <a id="args"></a>Container Build Arguments |
| 374 | |
| 375 | ### <a id="pkg-vers"></a> 5.1 Package Versions |
| 376 |
| --- www/containers.md | |
| +++ www/containers.md | |
| @@ -363,13 +363,11 @@ | |
| 363 | $ docker cp fossil-static-tmp:/jail/bin/fossil . |
| 364 | $ docker container rm fossil-static-tmp |
| 365 | ``` |
| 366 | |
| 367 | The resulting binary is the single largest file inside that container, |
| 368 | at about 6 MiB. (It’s built stripped.) |
| 369 | |
| 370 | |
| 371 | ## 5. <a id="args"></a>Container Build Arguments |
| 372 | |
| 373 | ### <a id="pkg-vers"></a> 5.1 Package Versions |
| 374 |
+4
-5
| --- www/fossil-v-git.wiki | ||
| +++ www/fossil-v-git.wiki | ||
| @@ -180,16 +180,15 @@ | ||
| 180 | 180 | |
| 181 | 181 | This policy is particularly useful when running Fossil inside a |
| 182 | 182 | restrictive container, anything from [./chroot.md | classic chroot |
| 183 | 183 | jails] to modern [https://en.wikipedia.org/wiki/OS-level_virtualization |
| 184 | 184 | | OS-level virtualization mechanisms] such as |
| 185 | -[https://en.wikipedia.org/wiki/Docker_(software) | Docker]. By using | |
| 186 | -executable compression, our | |
| 187 | -[/file?name=Dockerfile.in&ci=trunk | stock <tt>Dockerfile</tt>] | |
| 188 | -creates a container that's under 4 MiB on 64-bit Linux, including | |
| 185 | +[https://en.wikipedia.org/wiki/Docker_(software) | Docker]. | |
| 186 | +Our [/file?name=Dockerfile.in&ci=trunk | stock <tt>Dockerfile</tt>] | |
| 187 | +creates a ~4 MiB [https://opencontainers.org | OCI] image on 64-bit Linux, including | |
| 189 | 188 | a capable [https://www.busybox.net/ | Busybox] environment for live |
| 190 | -debugging of the container's innards. | |
| 189 | +diagnostics of the running container. | |
| 191 | 190 | |
| 192 | 191 | Modern Linux systems tend to make full static linking |
| 193 | 192 | [https://stackoverflow.com/questions/3430400/linux-static-linking-is-dead |
| 194 | 193 | | difficult], but our official executables do statically link to OpenSSL |
| 195 | 194 | to remove a version dependency, resulting in an executable that's around |
| 196 | 195 |
| --- www/fossil-v-git.wiki | |
| +++ www/fossil-v-git.wiki | |
| @@ -180,16 +180,15 @@ | |
| 180 | |
| 181 | This policy is particularly useful when running Fossil inside a |
| 182 | restrictive container, anything from [./chroot.md | classic chroot |
| 183 | jails] to modern [https://en.wikipedia.org/wiki/OS-level_virtualization |
| 184 | | OS-level virtualization mechanisms] such as |
| 185 | [https://en.wikipedia.org/wiki/Docker_(software) | Docker]. By using |
| 186 | executable compression, our |
| 187 | [/file?name=Dockerfile.in&ci=trunk | stock <tt>Dockerfile</tt>] |
| 188 | creates a container that's under 4 MiB on 64-bit Linux, including |
| 189 | a capable [https://www.busybox.net/ | Busybox] environment for live |
| 190 | debugging of the container's innards. |
| 191 | |
| 192 | Modern Linux systems tend to make full static linking |
| 193 | [https://stackoverflow.com/questions/3430400/linux-static-linking-is-dead |
| 194 | | difficult], but our official executables do statically link to OpenSSL |
| 195 | to remove a version dependency, resulting in an executable that's around |
| 196 |
| --- www/fossil-v-git.wiki | |
| +++ www/fossil-v-git.wiki | |
| @@ -180,16 +180,15 @@ | |
| 180 | |
| 181 | This policy is particularly useful when running Fossil inside a |
| 182 | restrictive container, anything from [./chroot.md | classic chroot |
| 183 | jails] to modern [https://en.wikipedia.org/wiki/OS-level_virtualization |
| 184 | | OS-level virtualization mechanisms] such as |
| 185 | [https://en.wikipedia.org/wiki/Docker_(software) | Docker]. |
| 186 | Our [/file?name=Dockerfile.in&ci=trunk | stock <tt>Dockerfile</tt>] |
| 187 | creates a ~4 MiB [https://opencontainers.org | OCI] image on 64-bit Linux, including |
| 188 | a capable [https://www.busybox.net/ | Busybox] environment for live |
| 189 | diagnostics of the running container. |
| 190 | |
| 191 | Modern Linux systems tend to make full static linking |
| 192 | [https://stackoverflow.com/questions/3430400/linux-static-linking-is-dead |
| 193 | | difficult], but our official executables do statically link to OpenSSL |
| 194 | to remove a version dependency, resulting in an executable that's around |
| 195 |