From e941b81b784cf7fd13eadaa6b388f021d3d6613a Mon Sep 17 00:00:00 2001 From: jonas Date: Wed, 31 Mar 2021 13:00:34 +0200 Subject: [PATCH] Make it possible to build for multiple architectures Our parent container is build for multiple architectures, so I think it would be nice if we followed suite. With this change we will be able to build the following platforms: - linux/amd64 - linux/386 - linux/arm64 - linux/arm/v7 - linux/mips64le - linux/s390x - linux/ppc64le However, we will only create a push function for the top 4, since the bottom 3 takes over 30 minutes to build, and none have asked for these yet. Instructions on how to set up Docker Buildx (which is required for this) can be found in [issue #28][1]. The reason for the "32-bit fix" added to the Dockerfile is a very interesting read, which can be found in [issue #30][2], but the TL;DR is that there exist a very exotic bug for some low level libraries when they try to access the filesystem while running inside a 32-bit environment that is emulated by QEMU running on a 64-bit host. For this reason we will need to pin the package version to something that is not being compiled, but this is ONLY necessary if it is inside a QEMU emulation. [1]: https://github.com/JonasAlfredsson/docker-nginx-certbot/issues/28 [2]: https://github.com/JonasAlfredsson/docker-nginx-certbot/issues/30 --- src/Dockerfile | 7 +++++++ src/Makefile | 8 +++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index e4879ee..cabf017 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -1,6 +1,8 @@ FROM nginx:1.19.8 LABEL maintainer="Jonas Alfredsson " +ARG BUILDX_QEMU_ENV + # Do a single run command to make the intermediary containers smaller. RUN set -ex && \ # Install packages necessary during the build phase (for all architectures). @@ -19,6 +21,11 @@ RUN set -ex && \ && \ # Install the latest version of PIP, Setuptools and Wheel. curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3 && \ +# Handle an extremely specific issue when building the cryptography package for +# 32-bit architectures within QEMU running on a 64-bit host (issue #30). + if [ "${BUILDX_QEMU_ENV}" = "true" -a "$(getconf LONG_BIT)" = "32" ]; then \ + pip3 install -U cryptography==3.3.2; \ + fi && \ # Install certbot. pip3 install -U cffi certbot \ && \ diff --git a/src/Makefile b/src/Makefile index 423c897..da18f12 100644 --- a/src/Makefile +++ b/src/Makefile @@ -11,8 +11,10 @@ build: Makefile Dockerfile $(DOCKER_BUILD) -t jonasal/nginx-certbot:local . @echo "Done! Use docker run jonasal/nginx-certbot:local to run" -release: - $(DOCKER_BUILD) -t jonasal/nginx-certbot --pull --no-cache . +# These commands are primarily used for development, see link for more info: +# https://github.com/JonasAlfredsson/docker-nginx-certbot/issues/28 +dev: + docker buildx build --build-arg BUILDX_QEMU_ENV=true --platform linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/mips64le,linux/s390x,linux/ppc64le --tag jonasal/nginx-certbot:dev . push: - docker push jonasal/nginx-certbot + docker buildx build --build-arg BUILDX_QEMU_ENV=true --platform linux/amd64,linux/386,linux/arm64,linux/arm/v7 --tag jonasal/nginx-certbot:dev --pull --no-cache --push .