From d742fd9bca49442e2715485f8fa0675b25d2342b Mon Sep 17 00:00:00 2001 From: wuhuizuo Date: Mon, 2 Sep 2024 10:48:47 +0000 Subject: [PATCH] fix(dockerfiles/cd/builders/tiflash): upgrade openssl with conda pre-build package Signed-off-by: wuhuizuo --- Justfile | 2 +- dockerfiles/cd/builders/tiflash/Dockerfile | 22 +++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/Justfile b/Justfile index f73c2a8c..3c47dcf8 100644 --- a/Justfile +++ b/Justfile @@ -33,7 +33,7 @@ _msb component git_url git_branch: docker build -t {{component}} -f dockerfiles-multi-stages/{{component}}/Dockerfile ../{{component}} _clone component git_url git_branch: - [ -e ../{{component}} ] || git clone --recurse-submodules {{git_url}} --branch {{git_branch}} ../{{component}} + [ -e ../{{component}} ] || git clone --recurse-submodules -j8 {{git_url}} --branch {{git_branch}} ../{{component}} ([ -e ../{{component}}/.dockerignore ] && rm ../{{component}}/.dockerignore) || true # make step depended on git metadata. _clone_without_submodules component git_url git_branch: diff --git a/dockerfiles/cd/builders/tiflash/Dockerfile b/dockerfiles/cd/builders/tiflash/Dockerfile index 093f8c4a..ecfd1b27 100644 --- a/dockerfiles/cd/builders/tiflash/Dockerfile +++ b/dockerfiles/cd/builders/tiflash/Dockerfile @@ -5,6 +5,21 @@ # - git clone --recurse-submodules https://github.com/pingcap/tiflash.git tiflash # - docker build -t tiflash -f Dockerfile ./tiflash +########### stage: extract-conda-openssl +FROM quay.io/rockylinux/rockylinux:8.10.20240528-ubi as extract-conda-openssl +RUN dnf install -y unzip wget zstd +# install openssl with conda pre-build package. +# index: in https://prefix.dev/channels/conda-forge/packages/openssl +RUN zip_url=$([ "$(arch)" = "x86_64" ] && \ + echo "https://conda.anaconda.org/conda-forge/linux-64/openssl-1.1.1w-hd590300_0.conda" || \ + echo "https://conda.anaconda.org/conda-forge/linux-aarch64/openssl-1.1.1w-h31becfc_0.conda"\ + ); \ + pkg_file=$(basename "$zip_url" .conda); \ + mkdir /output; \ + wget ${zip_url} -O /output/openssl.conda && unzip -d /output /output/openssl.conda && \ + mkdir -p /usr/local/opt/openssl && \ + tar -C /usr/local/opt/openssl -I zstd -xvf /output/pkg-${pkg_file}.tar.zst + ########### stage: builder FROM quay.io/rockylinux/rockylinux:8.10.20240528-ubi as builder LABEL org.opencontainers.image.authors "wuhui.zuo@pingcap.com" @@ -12,15 +27,16 @@ LABEL org.opencontainers.image.description "binary builder for TiFlash" LABEL org.opencontainers.image.source = "https://github.com/PingCAP-QE/artifacts" # install packages. -# openssl is not updated to 1.1.1w, just 1.1.1o RUN --mount=type=cache,target=/var/cache/dnf \ dnf upgrade-minimal -y && \ - dnf --enablerepo=powertools install -y git llvm-toolset cmake ninja-build openssl python3.12 libcurl-devel - + dnf --enablerepo=powertools install -y git llvm-toolset cmake ninja-build python3.12 libcurl-devel ENV CC clang ENV CXX clang++ ENV LD ld.lld +# install openssl +COPY --from=extract-conda-openssl /usr/local/opt/openssl /usr/local/opt/openssl + # building and install libc++ RUN --mount=type=cache,target=/tmp/llvm \ git clone https://github.com/llvm/llvm-project.git --branch llvmorg-17.0.6 --depth 1 /tmp/llvm/llvm-project && \