-
Notifications
You must be signed in to change notification settings - Fork 547
/
Copy path1-build-deps
177 lines (157 loc) · 7.29 KB
/
1-build-deps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#################################################################################################
# The "build-deps" stage
# - Installs all compilers/interpreters, tools, and OS packages on the given debian or ubuntu image
#################################################################################################
# Supports debian:bullseye-slim, and ubuntu:focal
ARG image=ubuntu:focal
FROM ${image} AS build-deps
# Ocaml Version
ARG OCAML_VERSION=4.14
ARG OCAML_REVISION=.0
ARG OCAML_VARIANT=
ARG OCAML_PACKAGE=
ARG OPAM_VERSION=2.0.7
# Golang version number used to detemine tarball name
ARG GO_VERSION=1.19.11
# Go Capnp Version (for capnpc dependency)
ARG GO_CAPNP_VERSION=v3.0.0-alpha.5
# Rust Version passed into rustup-init, can also be "stable", "nightly" or similar
# This should stay in line with:
# - src/lib/crypto/kimchi_bindings/stubs/rust-toolchain.toml
# - src/lib/crypto/proof-systems/rust-toolchain.toml
ARG RUST_VERSION=1.72
# Nightly Rust Version used for WebAssembly builds
# - src/lib/crypto/kimchi_bindings/wasm/rust-toolchain.toml
ARG RUST_NIGHTLY=2023-09-01
# wasm-pack version
ARG WASM_PACK_VERSION=v0.12.1
# Rocksdb commit tag/branch to clone
ARG ROCKSDB_VERSION=v5.18.4
# --- OS package dependencies
# Organized as two alphabetized lists, first libraries and then tools/other packages
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update --quiet \
&& apt-get upgrade --quiet --yes \
&& apt-get install --no-install-recommends --quiet --yes \
libboost-dev \
libboost-program-options-dev \
libbz2-dev \
libcap-dev \
libffi-dev \
libgflags-dev \
libgmp-dev \
libgmp3-dev \
libjemalloc-dev \
liblmdb-dev \
liblmdb0 \
libpq-dev \
libprocps-dev \
libsodium-dev \
libssl-dev \
build-essential \
ca-certificates \
capnproto \
cmake \
curl \
file \
git \
git-lfs \
'(^lld-10$|^lld-11$)' \
m4 \
pkg-config \
rsync \
sudo \
unzip \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
# Symlink image-specific lld version to a single lld executable
RUN if command -v ld.lld-10 &> /dev/null; then ln -sf $(which ld.lld-10) /usr/bin/ld.lld; fi
RUN if command -v ld.lld-11 &> /dev/null; then ln -sf $(which ld.lld-11) /usr/bin/ld.lld; fi
# --- Create opam user (for later) and give sudo to make opam happy
RUN adduser --uid 65533 --disabled-password --gecos '' opam \
&& passwd -l opam \
&& chown -R opam:opam /home/opam \
&& echo 'opam ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/opam \
&& chmod 440 /etc/sudoers.d/opam \
&& chown root:root /etc/sudoers.d/opam \
&& chmod 777 /tmp
# --- Quiet git warnings about detatched head states, which are used frequently in later stages
RUN git config --global advice.detachedHead false
# --- Opam install of a given OPAM_VERSION from github release
RUN curl -sL \
"https://github.com/ocaml/opam/releases/download/${OPAM_VERSION}/opam-${OPAM_VERSION}-x86_64-linux" \
-o /usr/bin/opam \
&& chmod +x /usr/bin/opam
# --- Golang install of a given GO_VERSION (add -v for spam output of each file from the go dist)
RUN curl -s "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar -xz -C /usr/lib/
# --- Rust install via rustup-init to a given RUST_VERSION
# --- Additionally, install RUST_NIGHTLY via rustup
# For more about rustup-init see: https://github.com/rust-lang/rustup/blob/master/README.md
# As opposed to introducing another shell script here (that mostly just determines the platform)
# we just download the binary for the only platform we care about in this docker environment
USER opam
RUN curl --proto '=https' --tlsv1.2 -sSf -o /tmp/rustup-init \
https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init \
&& chmod +x /tmp/rustup-init \
&& /tmp/rustup-init -y --default-toolchain "${RUST_VERSION}" --profile minimal --component rust-src --target wasm32-unknown-unknown \
&& $HOME/.cargo/bin/rustup toolchain install "nightly-${RUST_NIGHTLY}" --profile minimal --component rust-src --target wasm32-unknown-unknown --no-self-update \
&& rm /tmp/rustup-init
USER root
# --- Install rust wasm-pack version WASM_PACK_VERSION manually via curl/tar
RUN curl -sL https://github.com/rustwasm/wasm-pack/releases/download/${WASM_PACK_VERSION}/wasm-pack-${WASM_PACK_VERSION}-x86_64-unknown-linux-musl.tar.gz \
| tar --extract --gzip --strip-components=1 --directory=/usr/bin --file=-
# --- RocksDB Installation of a given ROCKSDB_VERSION
# These flags turn some errors into warnings for running with G++ 9 or higher
# The build command below checks for the g++ major version and removes CXXFLAGS if its less than 9
ENV CXXFLAGS '-Wno-error=deprecated-copy -Wno-error=pessimizing-move -Wno-error=class-memaccess'
# This builds and installs just the rocksdb static lib for us, and cleans up after itself
# Send error output to /dev/null as its noisy with compiler warnings
RUN git clone https://github.com/facebook/rocksdb \
--depth 1 --shallow-submodules \
-b "${ROCKSDB_VERSION}" /rocksdb \
&& test $(g++ -dumpversion | cut -c 1 -) -lt 9 \
&& CXXFLAGS='' make -C /rocksdb static_lib PORTABLE=1 -j$(nproc) 2>/dev/null \
|| make -C /rocksdb static_lib PORTABLE=1 -j$(nproc) 2>/dev/null \
&& cp /rocksdb/librocksdb.a /usr/local/lib/librocksdb_coda.a \
&& rm -rf /rocksdb \
&& strip -S /usr/local/lib/librocksdb_coda.a
# Clear CXXFLAGS afterwards to avoid affecting other code
ENV CXXFLAGS=""
###########################################################################################
# Initialize opam in a minimal fashion
###########################################################################################
# Set up environment for running as opam user
WORKDIR /home/opam
USER opam
ENV HOME=/home/opam
# --- Create the following user directory configs as the Opam user:
## Add go + rust to the path, unlimit the opam user,
## unlimit stack for future shells that might use spacetime,
## disable ipv6
## disable sandboxing to allow unprivledged builds
RUN mkdir --mode=700 ~/.gnupg \
&& echo 'export PATH="$PATH:/usr/lib/go/bin:$HOME/.cargo/bin"' >> ~/.bashrc \
&& echo 'ulimit -s unlimited' >> ~/.bashrc \
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf
ENV PATH="$PATH:/usr/lib/go/bin:$HOME/.cargo/bin"
# --- Ocaml install of a given OCAML_VERSION via opam switch
# additionally initializes opam with sandboxing disabled, as we did not install bubblewrap above.
RUN git clone \
https://github.com/ocaml/opam-repository.git \
--depth 1 \
/home/opam/opam-repository \
&& opam init --disable-sandboxing -k git -a ~/opam-repository --bare \
&& opam repository add --yes --all --set-default o1-labs https://github.com/o1-labs/opam-repository.git \
&& opam switch create "${OCAML_VERSION}${OCAML_REVISION}" "${OCAML_PACKAGE}${OCAML_VERSION}${OCAML_REVISION}${OCAML_VARIANT}" \
&& opam switch "${OCAML_VERSION}${OCAML_REVISION}"
# --- Build and install capnproto go compiler
# This package was particularly tricky to get to install correctly because of how the package's source code is structured.
# To work around this, we install it as a dependency for a local go module and build the binary from the GOPATH.
RUN mkdir go-tmp \
&& cd go-tmp \
&& /usr/lib/go/bin/go mod init local/build \
&& /usr/lib/go/bin/go get capnproto.org/go/capnp/v3@$GO_CAPNP_VERSION \
&& /usr/lib/go/bin/go build -o capnpc-go capnproto.org/go/capnp/v3/capnpc-go \
&& sudo mv capnpc-go /usr/local/bin \
&& cd - \
&& sudo rm -rf go-tmp