diff --git a/Dockerfile b/Dockerfile index b80eb78..3024b4c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,21 @@ ARG TOOLCHAIN=stable # The OpenSSL version to use. We parameterize this because many Rust # projects will fail to build with 1.1. -ARG OPENSSL_VERSION=1.1.1f +# +# ALSO UPDATE hooks/build! +ARG OPENSSL_VERSION=1.1.1g + +# Versions for other dependencies. Here are the places to check for new +# releases: +# +# - https://github.com/rust-lang/mdBook/releases +# - https://github.com/EmbarkStudios/cargo-deny/releases +# - http://zlib.net/ +# - https://ftp.postgresql.org/pub/source/ +ARG MDBOOK_VERSION=0.3.7 +ARG CARGO_DENY_VERSION=0.6.6 +ARG ZLIB_VERSION=1.2.11 +ARG POSTGRESQL_VERSION=11.7 # Make sure we have basic dev tools for building C libraries. Our goal # here is to support the musl-libc builds and Cargo builds needed for a @@ -38,16 +52,14 @@ RUN apt-get update && \ && \ apt-get clean && rm -rf /var/lib/apt/lists/* && \ useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \ - MDBOOK_VERSION=0.3.6 && \ curl -fLO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \ tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \ mv mdbook /usr/local/bin/ && \ rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-gnu.tar.gz && \ - DENY_VERSION=0.6.6 && \ - curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$DENY_VERSION/cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ - tar xf cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ - mv cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \ - rm -rf cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$DENY_VERSION-x86_64-unknown-linux-musl.tar.gz + curl -fLO https://github.com/EmbarkStudios/cargo-deny/releases/download/$CARGO_DENY_VERSION/cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ + tar xf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz && \ + mv cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl/cargo-deny /usr/local/bin/ && \ + rm -rf cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl cargo-deny-$CARGO_DENY_VERSION-x86_64-unknown-linux-musl.tar.gz # Static linking for C++ code RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++" @@ -107,7 +119,6 @@ RUN echo "Building OpenSSL" && \ RUN echo "Building zlib" && \ cd /tmp && \ - ZLIB_VERSION=1.2.11 && \ curl -fLO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \ tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \ CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \ @@ -116,7 +127,6 @@ RUN echo "Building zlib" && \ RUN echo "Building libpq" && \ cd /tmp && \ - POSTGRESQL_VERSION=11.2 && \ curl -fLO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \ tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \ CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \ diff --git a/hooks/build b/hooks/build index 5366af5..c066546 100755 --- a/hooks/build +++ b/hooks/build @@ -8,9 +8,11 @@ set -euo pipefail # Default to using OpenSSL 1.1 now, because 1.0 has stopped receiving security -# updates. 1.1 is incompatible with the crates postgres 0.15 and openssl 0.9, -# so we do offer the option of falling back to 1.0. -OPENSSL_VERSION=1.1.1f +# updates. 1.1 is incompatible with the crates postgres 0.15 and openssl 0.9, so +# we do offer the option of falling back to 1.0. +# +# Find the latest version at https://www.openssl.org/source/ +OPENSSL_VERSION=1.1.1g # Pick an appropriate Docker tag case "$DOCKER_TAG" in @@ -19,6 +21,7 @@ case "$DOCKER_TAG" in ;; *-openssl10) DOCKER_TAG_WITHOUT_OPENSSL="${DOCKER_TAG/-openssl10/}" + # Find the latest version at https://www.openssl.org/source/old/1.0.2/ OPENSSL_VERSION=1.0.2u ;; *)