mailu/core/base/Dockerfile

# syntax=docker/dockerfile-upstream:1.4.3

# base system image (intermediate)
ARG DISTRO=alpine:3.16.2
FROM $DISTRO as system

ENV TZ=Etc/UTC LANG=C.UTF-8

ARG MAILU_UID=1000
ARG MAILU_GID=1000

RUN set -euxo pipefail \
  ; addgroup -Sg ${MAILU_GID} mailu \
  ; adduser -Sg ${MAILU_UID} -G mailu -h /app -g "mailu app" -s /bin/bash mailu \
  ; apk add --no-cache bash ca-certificates curl python3 tzdata \
  ; machine="$(uname -m)" \
  ; ! [[ "${machine}" == x86_64 ]] \
    || apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing hardened-malloc

ENV LD_PRELOAD=/usr/lib/libhardened_malloc.so
ENV CXXFLAGS="-g -O2 -fdebug-prefix-map=/app=. -fstack-protector-strong -Wformat -Werror=format-security -fstack-clash-protection -fexceptions"
ENV CFLAGS="-g -O2 -fdebug-prefix-map=/app=. -fstack-protector-strong -Wformat -Werror=format-security -fstack-clash-protection -fexceptions"
ENV CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2"
ENV LDFLAGS="-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now"

WORKDIR /app

CMD /bin/bash


# build virtual env (intermediate)
FROM system as build

ARG MAILU_DEPS=prod

ENV VIRTUAL_ENV=/app/venv

COPY requirements-build.txt ./

RUN set -euxo pipefail \
  ; apk add --no-cache py3-pip \
  ; python3 -m venv ${VIRTUAL_ENV} \
  ; ${VIRTUAL_ENV}/bin/pip install --no-cache-dir -r requirements-build.txt \
  ; apk del -r py3-pip \
  ; rm -f /tmp/*.pem

ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"

COPY requirements-${MAILU_DEPS}.txt ./
COPY libs/ libs/

RUN set -euxo pipefail \
  ; pip install -r requirements-${MAILU_DEPS}.txt || \
    { \
      machine="$(uname -m)" \
    ; deps="build-base gcc libffi-dev python3-dev" \
    ; [[ "${machine}" != x86_64 ]] && \
        deps="${deps} cargo git libressl-dev mariadb-connector-c-dev postgresql-dev" \
    ; apk add --virtual .build-deps ${deps} \
    ; [[ "${machine}" == armv7* ]] && \
        mkdir -p /root/.cargo/registry/index && \
        git clone --bare https://github.com/rust-lang/crates.io-index.git /root/.cargo/registry/index/github.com-1285ae84e5963aae \
    ; pip install -r requirements-${MAILU_DEPS}.txt \
    ; apk del -r .build-deps \
    ; rm -rf /root/.cargo /tmp/*.pem \
  ; } \
  ; rm -rf /root/.cache


# base mailu image
FROM system

COPY --from=build /app/venv/ /app/venv/

ENV VIRTUAL_ENV=/app/venv
ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
Add base image 2 years ago			`# syntax=docker/dockerfile-upstream:1.4.3`

Move even more python deps to base image 2 years ago			`# base system image (intermediate)`
Upgrade to alpine 3.16.2 This may fix the build issues on arm 2 years ago			`ARG DISTRO=alpine:3.16.2`
Move even more python deps to base image 2 years ago			`FROM $DISTRO as system`
Add base image 2 years ago
Move all requirements*.txt to base image 2 years ago			`ENV TZ=Etc/UTC LANG=C.UTF-8`

			`ARG MAILU_UID=1000`
			`ARG MAILU_GID=1000`
Add base image 2 years ago
			`RUN set -euxo pipefail \`
Move all requirements*.txt to base image 2 years ago			`; addgroup -Sg ${MAILU_GID} mailu \`
			`; adduser -Sg ${MAILU_UID} -G mailu -h /app -g "mailu app" -s /bin/bash mailu \`
Switch to GrapheneOS's hardened_malloc This was suggested during the dev meeting of the 18/09/22. It may break things and it may make things unbearably slow 2 years ago			`; apk add --no-cache bash ca-certificates curl python3 tzdata \`
ghostwheel42's suggestion 2 years ago			`; machine="$(uname -m)" \`
Disable libhardened-malloc for non x86. @see #2541 Support is going to be a nightmare if RPI4 is not working. 2 years ago			`; ! [[ "${machine}" == x86_64 ]] \`
Revert "simplify": ghostwheel42's approach was right This reverts commit 04f6bd263390265da9357b17b9f77a4fd6a22330. 2 years ago			`\|\| apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing hardened-malloc`
doh 2 years ago
			`ENV LD_PRELOAD=/usr/lib/libhardened_malloc.so`
Fix the ARM build again 2 years ago			`ENV CXXFLAGS="-g -O2 -fdebug-prefix-map=/app=. -fstack-protector-strong -Wformat -Werror=format-security -fstack-clash-protection -fexceptions"`
			`ENV CFLAGS="-g -O2 -fdebug-prefix-map=/app=. -fstack-protector-strong -Wformat -Werror=format-security -fstack-clash-protection -fexceptions"`
			`ENV CPPFLAGS="-Wdate-time -D_FORTIFY_SOURCE=2"`
			`ENV LDFLAGS="-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now"`
Add base image 2 years ago
			`WORKDIR /app`

Move even more python deps to base image 2 years ago			`CMD /bin/bash`


			`# build virtual env (intermediate)`
			`FROM system as build`

Fix building wheels when deps need to compile 2 years ago			`ARG MAILU_DEPS=prod`
Fix and speed-up arm build. Allow chosing of prod/dev env. 2 years ago
Move even more python deps to base image 2 years ago			`ENV VIRTUAL_ENV=/app/venv`

Fix and speed-up arm build. Allow chosing of prod/dev env. 2 years ago			`COPY requirements-build.txt ./`
Move all requirements*.txt to base image 2 years ago
Move even more python deps to base image 2 years ago			`RUN set -euxo pipefail \`
			`; apk add --no-cache py3-pip \`
			`; python3 -m venv ${VIRTUAL_ENV} \`
Fix and speed-up arm build. Allow chosing of prod/dev env. 2 years ago			`; ${VIRTUAL_ENV}/bin/pip install --no-cache-dir -r requirements-build.txt \`
Fix armv7 build by manually downloading crates.io index 2 years ago			`; apk del -r py3-pip \`
			`; rm -f /tmp/*.pem`
Move even more python deps to base image 2 years ago
			`ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"`

Fix building wheels when deps need to compile 2 years ago			`COPY requirements-${MAILU_DEPS}.txt ./`
Move even more python deps to base image 2 years ago			`COPY libs/ libs/`
Add base image 2 years ago
			`RUN set -euxo pipefail \`
Fix building wheels when deps need to compile 2 years ago			`; pip install -r requirements-${MAILU_DEPS}.txt \|\| \`
			`{ \`
			`machine="$(uname -m)" \`
			`; deps="build-base gcc libffi-dev python3-dev" \`
whitelist what we know works If other people use other arch and want their builds to go faster we can whitelist them too after they have confirmed it works. 2 years ago			`; [[ "${machine}" != x86_64 ]] && \`
Fix building wheels when deps need to compile 2 years ago			`deps="${deps} cargo git libressl-dev mariadb-connector-c-dev postgresql-dev" \`
			`; apk add --virtual .build-deps ${deps} \`
This may be helpful too 2 years ago			`; [[ "${machine}" == armv7* ]] && \`
Fix building wheels when deps need to compile 2 years ago			`mkdir -p /root/.cargo/registry/index && \`
			`git clone --bare https://github.com/rust-lang/crates.io-index.git /root/.cargo/registry/index/github.com-1285ae84e5963aae \`
			`; pip install -r requirements-${MAILU_DEPS}.txt \`
			`; apk del -r .build-deps \`
			`; rm -rf /root/.cargo /tmp/*.pem \`
			`; } \`
			`; rm -rf /root/.cache`
Move even more python deps to base image 2 years ago

			`# base mailu image`
			`FROM system`

			`COPY --from=build /app/venv/ /app/venv/`

			`ENV VIRTUAL_ENV=/app/venv`
			`ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"`