Closed rolinux closed 1 week ago
The openssl crate needs the openssl library. Try using the cgr.dev/chainguard/rust:latest-dev
image and adding apk add openssl-dev
to your Dockerfile. (I've not tested this).
The openssl crate needs the openssl library. Try using the
cgr.dev/chainguard/rust:latest-dev
image and addingapk add openssl-dev
to your Dockerfile. (I've not tested this).
Can confirm that this almost works.
ARG PACKAGE=myapp
FROM cgr.dev/chainguard/rust:latest-dev as build
USER root
RUN apk update && apk add openssl-dev
WORKDIR /app
COPY . .
RUN cargo build --release
FROM cgr.dev/chainguard/glibc-dynamic
COPY --from=build --chown=nonroot:nonroot /app/target/release/${PACKAGE} /usr/local/bin/${PACKAGE}
CMD ["/usr/local/bin/${PACKAGE}"]
now build the images, but the final image isn't able to run. It output an error stating that
/usr/local/bin/myapp: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory
It look like glibc-dynamic doesn't contains openssl. The only options is to use glibc-dynamic:latest-dev
to install openssl, but then it bloat up the final binary size by around 50 MBs and add unnecessary binaries.
The following Docker file works and the image generated is 68.8 MB
:
ARG PACKAGE=myapp
FROM cgr.dev/chainguard/rust:latest-dev as build
USER root
RUN apk update && apk add openssl-dev
WORKDIR /app
COPY . .
RUN cargo install --path .
FROM cgr.dev/chainguard/glibc-dynamic:latest-dev
USER root
RUN apk update && apk add openssl-dev
COPY --from=build --chown=nonroot:nonroot /root/.cargo/bin/${PACKAGE} /usr/local/bin/${PACKAGE}
USER nonroot
CMD ["/usr/local/bin/${PACKAGE}"]
Unsure if there is a better way to deal with rust compilation when openssl is required.
I found a better way to create the image. Here's my Dockerfile
FROM cgr.dev/chainguard/rust:latest-dev AS build
WORKDIR /app
COPY . .
USER root
RUN apk update && apk add libssl3 openssl-dev libcrypto3
RUN --mount=type=cache,target=/usr/local/cargo/registry \
--mount=type=cache,target=/app/target \
cargo build --release && cp /app/target/release/myapp ./myapp
FROM cgr.dev/chainguard/glibc-dynamic
COPY --from=build /usr/lib/libssl.so.3 /usr/lib/libssl.so.3
COPY --from=build /usr/lib/libcrypto.so.3 /usr/lib/libcrypto.so.3
COPY --from=build --chown=nonroot:nonroot /app/myapp /usr/local/bin/myapp
CMD ["/usr/local/bin/myapp"]
You could copy the libraries from the build
part to the final image. The process I used to figure this out include
docker run -it --rm cgr.dev/chainguard/wolfi-base /bin/sh -l
: to run base wolfi image and do apk update
apk info libssl3 -L
: run this inside the container to what files are included on the package.
(my application also required libcrypto3, but yours could be different)The final image size for me is ~20MB which is expected.
Thank you @crasite, this works as expected
Which image/versions are related to this issue/feature request?
Using the rust image:
with the
Cargo.toml
:and the example
Dockerfile
and command:Getting the following error:
Is this a problem with dependencies/crates or with the rust image? I've noticed that go has a version called go-openssl but didn't find one for rust.
Anything else I can help with to debug this further?
Thank you, Radu
Issue/Feature description
Running on x86_64