search

tomsquest / docker-radicale

Docker image for Radicale calendar and contact server :calendar: + security :closed_lock_with_key: + addons :rocket:
GNU General Public License v3.0
562 stars 80 forks source link

DecSync incompatibility libresolv.so.2 #130

Closed frisodubach closed 1 year ago

frisodubach commented 1 year ago

The current version of the docker-image is incompatible with the DecSync plugin which allows for synching with something ilke syncthing, which is due to the Alpine image used as the base of the docker-image lacking glibc.

I tried installing the decsync plugin by adding a Dockerfile that simply runs pip3 install radicale_storage_decsync, which works fine, except when actually running the container due to the missing library libresolv.so.2, which is part of the standard glibc included in most linux-distros but not Alpine due to size concerns.

i tried solving the issue by install gcompat or moving to a different alpine-glibc based image, but that still resulted in the same error of libresolv.so.2 not being present.

I suggest providing a different tag with glibc compatibility possibly based on another image, which would then sacrifice container size for improved compatibility.

I'm playing around with changing the base-image to ubuntu right, but this is my first time making my down Dockerfile, so it comes with some difficulties.

tomsquest commented 1 year ago

Hi @frisodubach ,

If you can find a distro that is based on glibc that would not increase the size of the image, we could try switching to it. Maybe Minidev.

frisodubach commented 1 year ago

Hi @tomsquest

I finished adapting the Dockerfile and docker-entrypoint.sh to move to Minideb base, and confirmed it works with radicale_decsync plugin, which satisfies my needs at least.

I did have to change su-exec to gosu as su-exec isn't packaged for Debian costing about 2MB of container space. If you are really adamant about keeping down container space, there is a GH gist I found which builds su-exec for debian: https://gist.github.com/vbankov/370a2af74977a2cd63633b02ad85f1a0 But I thought it was worth the sacrifice for keeping things simple. Especially since gosu and su-exec are 1:1 compatible as far as I can tell. Since I switched to gosu, the docker-entrypoint.sh had to be adjusted as well (only 1 line).

You can check out the results in my fork over here: https://github.com/frisodubach/docker-radicale-decsync

I originally forked the repo because I wanted to add in built in decsync in the config and Dockerfile, so I'm not sure what I'd still ike to do with that. I don't see much reason for using the minideb package apart from using plugins like this. I'm not super experienced with making docker containers, so are you away if we could optionally include the plugin through a docker-compose setting?

tomsquest commented 1 year ago

Hi @frisodubach

Thanks for the info!

Are you able to compare the sizes between alpine and minideb ?

I

frisodubach commented 1 year ago

@tomsquest The built image size is 448MB, while the latest image pulled from dockerhub is 105MB.

tomsquest commented 1 year ago

Ouch! :dancers:

tomsquest commented 1 year ago

My attempt is 448mb, even with purge, autoremove, cleanup, python3-minimal...

I don't know if we can do a miracle here... :/

FROM bitnami/minideb:latest

ARG COMMIT_ID
ENV COMMIT_ID ${COMMIT_ID}

ARG VERSION
ENV VERSION ${VERSION:-3.1.8}

ARG BUILD_UID
ENV BUILD_UID ${BUILD_UID:-2999}

ARG BUILD_GID
ENV BUILD_GID ${BUILD_GID:-2999}

ARG TAKE_FILE_OWNERSHIP
ENV TAKE_FILE_OWNERSHIP ${TAKE_FILE_OWNERSHIP:-true}

LABEL maintainer="Thomas Queste <tom@tomsquest.com>" \
      org.label-schema.name="Radicale Docker Image" \
      org.label-schema.description="Enhanced Docker image for Radicale, the CalDAV/CardDAV server" \
      org.label-schema.url="https://github.com/Kozea/Radicale" \
      org.label-schema.version=$VERSION \
      org.label-schema.vcs-ref=$COMMIT_ID \
      org.label-schema.vcs-url="https://github.com/tomsquest/docker-radicale" \
      org.label-schema.schema-version="1.0"

RUN install_packages \
        curl \
        git \
        openssh-client \
        gosu \
        wget \
        python3-minimal \
        python3-tz \
        python3-pip

RUN install_packages \
        gcc \
        python3-dev \
        libffi-dev \
        libc-dev-bin
RUN python3 -m pip install --upgrade pip
RUN python3 -m pip install radicale==$VERSION passlib[bcrypt]
RUN apt-get remove --purge -y gcc python3-dev libffi-dev libc-dev-bin
RUN apt-get -y autoremove
RUN rm -rf /var/cache/apt/archives /var/lib/apt/lists

RUN addgroup --gid $BUILD_GID radicale
RUN adduser --uid $BUILD_UID --disabled-password --disabled-login --shell /bin/false --no-create-home --ingroup radicale radicale
RUN mkdir -p /config /data
RUN chmod -R 770 /data
RUN chown -R radicale:radicale /data

COPY config /config/config

HEALTHCHECK --interval=30s --retries=3 CMD curl --fail http://localhost:5232 || exit 1
VOLUME /config /data
EXPOSE 5232

COPY docker-entrypoint.sh /usr/local/bin
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["radicale", "--config", "/config/config"]
frisodubach commented 1 year ago

What is the size you would be comfortable with? Then I'll see if I can get close to it

tomsquest commented 1 year ago

Same as the Alpine version :D

tomsquest commented 1 year ago

Ah question: what the need of Desync? (do you use it to backup: sync the data folder to somewhere where it would be backup'ed?)

frisodubach commented 1 year ago

Same as the Alpine version :D

Ah I don't think that will ever happen hahaha

I'll just maintain my own fork. I uploaded it to dockerhub so it's convenient for others to use as well.

Ah question: what the need of Desync? (do you use it to backup: sync the data folder to somewhere where it would be backup'ed?)

The idea was to use Syncthing to actually access and share the Cal & CardDAV accross devices off the my local network. Still figuring out if that's even worthwhile, but I definitely find it an interesting idea. The other option is using Tailscale, which is has some downsides particularly for use on Android taking up your VPN connection.

tomsquest commented 1 year ago

I'll just maintain my own fork. I uploaded it to dockerhub so it's convenient for others to use as well.

Sure!

The idea was to use Syncthing to actually access and share the Cal & CardDAV accross devices off the my local network. Still figuring out if that's even worthwhile, but I definitely find it an interesting idea. The other option is using Tailscale, which is has some downsides particularly for use on Android taking up your VPN connection.

I do use Syncthing but standalone. Somehow I would not trust a radicale plugin (bugs, versions, this exact problem of gilbc...) and then Syncthing could also be used to sync other stuff. And to "share" radicale, I just connect my devices (thunderbird, mobile) to Radicale with Caddy (for https).

tomsquest commented 1 year ago

Do you think I can close this issue?

frisodubach commented 1 year ago

Yeah it's okay to close now. Thanks for the back and forth!

tomsquest commented 1 year ago

:+1: