• Stars
    star
    946
  • Rank 48,319 (Top 1.0 %)
  • Language
    Rust
  • License
    MIT License
  • Created over 8 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Docker environment for building musl based static linux rust binaries

muslrust

nightly stable docker pulls

A docker environment for building static rust binaries for x86_64 and arm64 linux environments using musl. Built daily via github actions.

Binaries compiled with muslrust are light-weight, call straight into the kernel without other dynamic system library dependencies, can be shipped to most linux distributions without compatibility issues, and can be inserted as-is into lightweight docker images such as static distroless, scratch, or alpine.

The goal is to simplify the creation of small and efficient cloud containers, or stand-alone linux binary releases.

This image includes popular C libraries compiled with musl-gcc, enabling static builds even when these libraries are used.

Usage

Pull and run from a rust project root:

docker pull clux/muslrust:stable
docker run -v $PWD:/volume --rm -t clux/muslrust:stable cargo build --release

You should have a static executable in the target folder:

ldd target/x86_64-unknown-linux-musl/release/EXECUTABLE
        not a dynamic executable

Examples

The binaries and images for small apps generally end up <10MB compressed or ~20MB uncompressed without stripping.

The recommended production image is distroless static or chainguard static as these contain a non-root users + SSL certs (unlike scratch), and disallows shell access (use kubectl debug if you want this). See also kube.rs security doc on base image recommendations.

Available Tags

The standard tags are :stable or a dated :nightly-{YYYY-mm-dd}.

For pinned, or historical builds, see the available tags on dockerhub.

C Libraries

The following system libraries are compiled against musl-gcc:

We try to keep these up to date.

Developing

Clone, tweak, build, and run tests:

git clone [email protected]:clux/muslrust.git && cd muslrust
just build
just test

Tests

Before we push a new version of muslrust we test to ensure that we can use and statically link:

Caching

Local Volume Caches

Repeat builds locally are always from scratch (thus slow) without a cached cargo directory. You can set up a docker volume by just adding -v cargo-cache:/root/.cargo/registry to the docker run command.

You'll have an extra volume that you can inspect with docker volume inspect cargo-cache.

Suggested developer usage is to add the following function to your ~/.bashrc:

musl-build() {
  docker run \
    -v cargo-cache:/root/.cargo/registry \
    -v "$PWD:/volume" \
    --rm -it clux/muslrust cargo build --release
}

Then use in your project:

$ cd myproject
$ musl-build
    Finished release [optimized] target(s) in 0.0 secs

Caching on CI

On CI, you need to find a way to either store the cargo-cache referenced above, or rely on docker layer caches with layers (see cargo-chef).

Github Actions

Github actions supports both methods:

CircleCI

CircleCI supports both methods:

Troubleshooting

SSL Verification

You might need to point openssl at the location of your certificates explicitly to avoid certificate errors on https requests.

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
export SSL_CERT_DIR=/etc/ssl/certs

These can be hardcoded in your Dockerfile, or you can rely on the openssl-probe crate to detect the cert location. You should not have to do this if you are using the static variants of distroless or chainguard.

Diesel and PQ builds

Works with the older version of libpq we bundle (see #81). See the test/dieselpgcrate for specifics.

For stuff like infer_schema! to work you need to explicitly pass on -e DATABASE_URL=$DATABASE_URL to the docker run. It's probably easier to just make diesel print-schema > src/schema.rs part of your migration setup though.

Note that diesel compiles with openssl statically since 1.34.0, so you need to include the openssl crate before diesel due to pq-sys#25:

extern crate openssl;
#[macro_use] extern crate diesel;

This is true even if you connect without sslmode=require.

Filesystem permissions on local builds

When building locally, the permissions of the musl parts of the ./target artifacts dir will be owned by root and requires sudo rm -rf target/ to clear. This is an intended complexity tradeoff with user builds.

Debugging in blank containers

If you are running a plain alpine/scratch container with your musl binary in there, then you might need to compile with debug symbols, and set the RUST_BACKTRACE=full evar to see crashes.

In alpine, if this doesn't work (or fails to give you line numbers), try installing the rust package (via apk). This should not be necessary anymore though!

For easily grabbing backtraces from rust docker apps; try adding sentry. It seems to be able to grab backtraces regardless of compile options/evars.

SELinux

On SELinux enabled systems like Fedora, you will need to configure selinux labels. E.g. adding the :Z or :z flags where appropriate: -v $PWD:/volume:Z.

Extending

Extra C libraries

If you need extra C libraries, you can follow the builder pattern approach via e.g. rfcbot-rs's Dockerfile and add extra curl -> make instructions. We are unlikely to include other C libraries herein unless they are very popular.

Extra Rustup components

You can install extra components distributed via Rustup like normal:

rustup component add clippy

Binaries distributed via Cargo

If you need to install a binary crate such as ripgrep on a CI build image, you need to build it against the GNU toolchain (see #37):

CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu cargo install ripgrep

Alternatives

More Repositories

1

decay

Famous sorting algorithms based on vote popularity and time implemented for nodejs
JavaScript
374
star
2

sdp-transform

A simple parser/writer for the Session Description Protocol
JavaScript
324
star
3

webapp-rs

Rust microservice setup with postgres, and diesel + rocket in docker
Rust
58
star
4

logule

A multi-transport, peer-dependent logging library for nodejs - UNMAINTAINED
JavaScript
35
star
5

symlink

npm link helper for npm@^2
JavaScript
33
star
6

modul8

NO LONGER MAINTAINED - browserify is too similar and is better (see issues)
JavaScript
22
star
7

loggerv

A minimalistic stdout/stderr logger for rust
Rust
21
star
8

whyq

jq compatible yq implementation in rust
Rust
17
star
9

tap-pessimist

A tap consumer that filters on failed tests
JavaScript
15
star
10

diesel-cli

Minimal docker image with disel cli for migrations
Makefile
14
star
11

npm-graph

Prints a dependency graph of modules that is actually required
JavaScript
14
star
12

badgify

Rebuild readme markdown badges from package.json
JavaScript
13
star
13

cleverbot-irc

An IRC bot that defers to Cleverbot.
JavaScript
11
star
14

dotfiles

Symlinked dotfiles
Shell
11
star
15

blog-docker

Git and Markdown powered, containerised blog experiment
Rust
10
star
16

shipcat

fork mirror of shipcat up until july'21 since babylonhealth closed it soon after
Rust
10
star
17

jenq

Query jenkins job history or console output from a terminal
Rust
8
star
18

irc-stream

A duplex streaming IRC bot library built on top of `irc`
JavaScript
7
star
19

zalgolize

Uniform-clustered zalgolizer
JavaScript
6
star
20

tub

Lax streaming tap parser
JavaScript
6
star
21

provision

Arch Linux + Mac provisioning scripts
Shell
6
star
22

topiary

Produce pretty representations of tree-structured objects
JavaScript
6
star
23

magic-forest

CPU bound benchmarking of languages using the magic forest problem
Fortran
6
star
24

tournament.hs

Tournament related algorithms in Haskell
Haskell
6
star
25

wolfram-irc

An IRC bot that defers to Wolfram Alpha
JavaScript
6
star
26

dye

Minimalistic terminal coloring library
JavaScript
5
star
27

bandage

Simple generator based test library
JavaScript
4
star
28

trials

Statistical trial generator
JavaScript
4
star
29

yr-cli

Fetch specific weather forecasts from your terminal
JavaScript
4
star
30

confortable

Makes nodejs config location a little more.. pleasant.
JavaScript
3
star
31

splitter

Stream split library using new streams (node >= 0.10)
JavaScript
3
star
32

vitae

Personal HTML5 CV
HTML
3
star
33

quadratic

Quadratic reciprocity and the Jacobi Symbol for rust
Rust
3
star
34

facemaulers

face maulers 2018-2021
Just
3
star
35

gu

Streaming bot makers library with regex handlers
JavaScript
3
star
36

fsx

Simple recursive file and directory reader using synchronous node fs calls
JavaScript
2
star
37

.textadept

JavaScript and CoffeeScript settings for the textadept editor (updated at v4.2)
Lua
2
star
38

kubecon2022

kube-rs office hour slides
2
star
39

food

Food framework for future fulfilment
JavaScript
2
star
40

sulfur

Absorb log smells in your application
JavaScript
2
star
41

mumble-bot

Experiment with using the mumble client
JavaScript
2
star
42

curvefever-bot

A curvefever signup and match making bot for your chat channel
JavaScript
2
star
43

icebreaker

Deus Ex style ICE breaker web component
HTML
1
star
44

combustion

A primitive, but efficient micro-templating javascript engine
JavaScript
1
star
45

m8-templation

NOT MAINTAINED. See combustion instead.
JavaScript
1
star
46

m8-mongoose

NOT MAINTAINED. Bad/hard idea to get right. Not worth it.
CoffeeScript
1
star
47

linkr-components

Polymer component experiments for a personal link sharing site
HTML
1
star
48

deus-login

Deus Ex styled login component
HTML
1
star
49

unitednationsoftheworld

An updated and complete Nations of the World song ala Animaniacs
JavaScript
1
star
50

kubecon2020

Talk for KubeCon 2020
JavaScript
1
star
51

smell

Smelly log emitter
JavaScript
1
star
52

curvefever-stats

A statistics library and match maker for the curvefever game
JavaScript
1
star
53

tl-datademo

TrueLayer Data API test app.
Rust
1
star
54

posts

blog posts for new blog
1
star
55

jquery-timeslider

The easier, keyboard friendly way to pick the time of day.
JavaScript
1
star
56

flight-stream

A readable stream that tracks nearby aircrafts.
JavaScript
1
star
57

mddocs

A simple doc generator for gh-pages when writing documentation in markdown
JavaScript
1
star