overmind
/
matrix-docker-ansible-deploy
镜像来自 https://github.com/spantaleev/matrix-docker-ansible-deploy
1
0
複製 0
程式碼 問題 0 版本發佈 0 Wiki 活動
Matrix Docker Ansible eploy
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11397 提交
12 分支
708 MiB
 
 
目錄樹: c4a2d93990
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 'c4a2d93990'
${ noResults }
matrix-docker-ansible-deploy/roles/custom/matrix-bridge-rustpush/templates/Dockerfile.j2

111 line
4.5 KiB
原始文件 Blame 歷史記錄 

  1. {#

  2. SPDX-FileCopyrightText: 2026 MDAD project contributors

  3. SPDX-FileCopyrightText: 2026 Jason LaGuidice

  4. 

  5. SPDX-License-Identifier: AGPL-3.0-or-later

  6. #}

  7. 

  8. # ── Stage 1: builder ─────────────────────────────────────────────────────────

  9. FROM ubuntu:24.04 AS builder

  10. 

  11. ENV DEBIAN_FRONTEND=noninteractive

  12. 

  13. RUN apt-get update && apt-get install -y --no-install-recommends \

  14.     cmake protobuf-compiler build-essential pkg-config \

  15.     git curl ca-certificates \

  16.     libolm-dev libclang-dev libssl-dev libunicorn-dev libheif-dev zlib1g-dev \

  17.     && rm -rf /var/lib/apt/lists/*

  18. 

  19. # Rust — install to default ~/.cargo so the Makefile's $(HOME)/.cargo/bin path resolves

  20. RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \

  21.     | sh -s -- -y --default-toolchain stable

  22. ENV PATH=/root/.cargo/bin:$PATH

  23. 

  24. # Go — arch-aware, fetches latest stable with fallback

  25. ARG TARGETARCH

  26. RUN set -e; \

  27.     GOARCH="${TARGETARCH:-amd64}"; \

  28.     GO_VERSION=$(curl -fsSL 'https://go.dev/dl/?mode=json' \

  29.         | grep -o '"version":"go[0-9.]*"' | head -1 \

  30.         | sed 's/"version":"//;s/"//'); \

  31.     : "${GO_VERSION:=go1.25.0}"; \

  32.     curl -fsSL "https://go.dev/dl/${GO_VERSION}.linux-${GOARCH}.tar.gz" \

  33.         | tar -C /usr/local -xz

  34. ENV PATH=/usr/local/go/bin:$PATH \

  35.     GOTOOLCHAIN=local

  36. 

  37. WORKDIR /build

  38. 

  39. # ── Rust build layers ─────────────────────────────────────────────────────────

  40. # Copy files that determine whether the clone+patch layer is valid.

  41. # Changing the SHA pin, Makefile, or open-absinthe overlay invalidates this layer.

  42. COPY third_party/rustpush-upstream.sha third_party/

  43. COPY rustpush/ rustpush/

  44. COPY Makefile .

  45. 

  46. # Clone upstream rustpush at the pinned SHA, apply all patches, overlay open-absinthe.

  47. RUN make ensure-rustpush-source

  48. 

  49. # Copy Rust crate sources. Changing these invalidates only the Rust build layer,

  50. # not the clone layer above.

  51. COPY pkg/rustpushgo/ pkg/rustpushgo/

  52. COPY nac-validation/ nac-validation/

  53. 

  54. # Build the Rust static library (~3 min; cached when Rust source is unchanged).

  55. # hardware-key enables the unicorn-based x86 NAC emulator required on Linux

  56. # (both amd64 and arm64 — unicorn supports cross-arch x86 emulation).

  57. RUN cd pkg/rustpushgo && \

  58.     cargo build --release --features hardware-key && \

  59.     cp target/release/librustpushgo.a /build/librustpushgo.a

  60. 

  61. # ── Go build layers ───────────────────────────────────────────────────────────

  62. # Download modules first so this layer is cached by go.mod/go.sum.

  63. COPY go.mod go.sum ./

  64. RUN go mod download

  65. 

  66. # Copy Go source.

  67. COPY cmd/ cmd/

  68. COPY pkg/connector/ pkg/connector/

  69. COPY imessage/ imessage/

  70. COPY ipc/ ipc/

  71. 

  72. # Build the bridge binary.

  73. ARG BUILD_VERSION=dev

  74. ARG BUILD_COMMIT=unknown

  75. RUN BUILD_TIME=$(date -u +%Y-%m-%dT%H:%M:%SZ) && \

  76.     CGO_LDFLAGS="-L/build" \

  77.     go build \

  78.     -ldflags "-X main.Tag=${BUILD_VERSION} -X main.Commit=${BUILD_COMMIT} -X main.BuildTime=${BUILD_TIME}" \

  79.     -o /build/matrix-rustpush \

  80.     ./cmd/matrix-rustpush/

  81. 

  82. # ── Stage 2: runtime ─────────────────────────────────────────────────────────

  83. FROM ubuntu:24.04

  84. 

  85. ENV DEBIAN_FRONTEND=noninteractive

  86. 

  87. # Runtime shared libraries the bridge binary needs at startup.

  88. # libunicorn2  — unicorn-engine x86 NAC emulator (hardware-key feature)

  89. # libheif1     — HEIC/HEIF conversion (linked at compile time even when disabled)

  90. # libolm3      — Matrix OLM encryption (mautrix bridgev2 framework)

  91. # libssl3      — OpenSSL (rustpush openssl crate dynamic link)

  92. # ffmpeg       — video transcoding

  93. RUN apt-get update && apt-get install -y --no-install-recommends \

  94.     libunicorn2 libheif1 libolm3 libssl3 ffmpeg \

  95.     ca-certificates openssl curl \

  96.     && curl -fsSL 'https://www.apple.com/appleca/AppleIncRootCertificate.cer' \

  97.         -o /tmp/AppleRootCA.cer \

  98.     && openssl x509 -inform DER -in /tmp/AppleRootCA.cer \

  99.         -out /usr/local/share/ca-certificates/AppleRootCA.crt \

  100.     && update-ca-certificates \

  101.     && rm /tmp/AppleRootCA.cer \

  102.     && rm -rf /var/lib/apt/lists/*

  103. 

  104. COPY --from=builder /build/matrix-rustpush /usr/local/bin/matrix-rustpush

  105. 

  106. WORKDIR /data

  107. VOLUME /data

  108. EXPOSE 29332

  109. 

  110. ENTRYPOINT ["matrix-rustpush", "-c", "/data/config.yaml"]