From 6bfc47f2346c0547bdd3d6f4d243ade8d91cea51 Mon Sep 17 00:00:00 2001 From: Nathan Flurry Date: Tue, 27 Jan 2026 20:03:50 -0800 Subject: [PATCH] fix: copy fixed Dockerfiles from release-test with OpenSSL and SKIP_INSPECTOR support --- docker/release/build.sh | 2 +- docker/release/linux-x86_64.Dockerfile | 65 +++++++++++++++++++++---- docker/release/macos-aarch64.Dockerfile | 16 ++++-- docker/release/macos-x86_64.Dockerfile | 16 ++++-- docker/release/windows.Dockerfile | 15 ++++-- 5 files changed, 95 insertions(+), 19 deletions(-) diff --git a/docker/release/build.sh b/docker/release/build.sh index fba51f2..2095591 100755 --- a/docker/release/build.sh +++ b/docker/release/build.sh @@ -7,7 +7,7 @@ case $TARGET in x86_64-unknown-linux-musl) echo "Building for Linux x86_64 musl" DOCKERFILE="linux-x86_64.Dockerfile" - TARGET_STAGE="builder" + TARGET_STAGE="x86_64-builder" BINARY="sandbox-agent-$TARGET" ;; x86_64-pc-windows-gnu) diff --git a/docker/release/linux-x86_64.Dockerfile b/docker/release/linux-x86_64.Dockerfile index 8dc7dda..8fb9807 100644 --- a/docker/release/linux-x86_64.Dockerfile +++ b/docker/release/linux-x86_64.Dockerfile @@ -1,27 +1,74 @@ # syntax=docker/dockerfile:1.10.0 -FROM rust:1.91.0 AS builder +FROM rust:1.88.0 AS base -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update -y && \ - apt-get install -y \ +# Install dependencies +RUN apt-get update && apt-get install -y \ musl-tools \ + musl-dev \ + llvm-14-dev \ + libclang-14-dev \ + clang-14 \ + libssl-dev \ pkg-config \ ca-certificates \ - git && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + g++ \ + g++-multilib \ + git \ + curl && \ + rm -rf /var/lib/apt/lists/* && \ + wget -q https://github.com/cross-tools/musl-cross/releases/latest/download/x86_64-unknown-linux-musl.tar.xz && \ + tar -xf x86_64-unknown-linux-musl.tar.xz -C /opt/ && \ + rm x86_64-unknown-linux-musl.tar.xz +# Install musl targets RUN rustup target add x86_64-unknown-linux-musl +# Set environment variables +ENV PATH="/opt/x86_64-unknown-linux-musl/bin:$PATH" \ + LIBCLANG_PATH=/usr/lib/llvm-14/lib \ + CLANG_PATH=/usr/bin/clang-14 \ + CC_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-gcc \ + CXX_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-g++ \ + AR_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-ar \ + CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=x86_64-unknown-linux-musl-gcc \ + CARGO_INCREMENTAL=0 \ + RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-static-libgcc" \ + CARGO_NET_GIT_FETCH_WITH_CLI=true + +# Set working directory WORKDIR /build + +# Build for x86_64 +FROM base AS x86_64-builder + +# Set up OpenSSL for x86_64 musl target +ENV SSL_VER=1.1.1w +RUN wget https://www.openssl.org/source/openssl-$SSL_VER.tar.gz \ + && tar -xzf openssl-$SSL_VER.tar.gz \ + && cd openssl-$SSL_VER \ + && ./Configure no-shared no-async --prefix=/musl --openssldir=/musl/ssl linux-x86_64 \ + && make -j$(nproc) \ + && make install_sw \ + && cd .. \ + && rm -rf openssl-$SSL_VER* + +# Configure OpenSSL env vars for the build +ENV OPENSSL_DIR=/musl \ + OPENSSL_INCLUDE_DIR=/musl/include \ + OPENSSL_LIB_DIR=/musl/lib \ + PKG_CONFIG_ALLOW_CROSS=1 + +# Copy the source code COPY . . +# Build for Linux with musl (static binary) - x86_64 +# SANDBOX_AGENT_SKIP_INSPECTOR=1 skips embedding the inspector frontend RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/build/target \ - RUSTFLAGS="-C target-feature=+crt-static" \ - cargo build -p sandbox-agent --release --target x86_64-unknown-linux-musl && \ + SANDBOX_AGENT_SKIP_INSPECTOR=1 cargo build -p sandbox-agent --release --target x86_64-unknown-linux-musl && \ mkdir -p /artifacts && \ cp target/x86_64-unknown-linux-musl/release/sandbox-agent /artifacts/sandbox-agent-x86_64-unknown-linux-musl +# Default command to show help CMD ["ls", "-la", "/artifacts"] diff --git a/docker/release/macos-aarch64.Dockerfile b/docker/release/macos-aarch64.Dockerfile index 5b14111..fb2d75f 100644 --- a/docker/release/macos-aarch64.Dockerfile +++ b/docker/release/macos-aarch64.Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1.10.0 -FROM rust:1.91.0 AS base +FROM rust:1.88.0 AS base -ENV DEBIAN_FRONTEND=noninteractive +# Install dependencies RUN apt-get update && apt-get install -y \ clang \ cmake \ @@ -21,8 +21,10 @@ RUN git config --global --add safe.directory '*' && \ mv MacOSX11.3.sdk.tar.xz tarballs/ && \ UNATTENDED=yes OSX_VERSION_MIN=10.7 ./build.sh +# Add osxcross to PATH ENV PATH="/root/osxcross/target/bin:$PATH" +# Tell Clang/bindgen to use the macOS SDK, and nudge Clang to prefer osxcross binutils. ENV OSXCROSS_SDK=MacOSX11.3.sdk \ SDKROOT=/root/osxcross/target/SDK/MacOSX11.3.sdk \ BINDGEN_EXTRA_CLANG_ARGS_aarch64_apple_darwin="--sysroot=/root/osxcross/target/SDK/MacOSX11.3.sdk -isystem /root/osxcross/target/SDK/MacOSX11.3.sdk/usr/include" \ @@ -37,12 +39,16 @@ ENV OSXCROSS_SDK=MacOSX11.3.sdk \ CARGO_INCREMENTAL=0 \ CARGO_NET_GIT_FETCH_WITH_CLI=true +# Set working directory WORKDIR /build +# Build for ARM64 macOS FROM base AS aarch64-builder +# Install macOS ARM64 target RUN rustup target add aarch64-apple-darwin +# Configure Cargo for cross-compilation (ARM64) RUN mkdir -p /root/.cargo && \ echo '\ [target.aarch64-apple-darwin]\n\ @@ -50,13 +56,17 @@ linker = "aarch64-apple-darwin20.4-clang"\n\ ar = "aarch64-apple-darwin20.4-ar"\n\ ' > /root/.cargo/config.toml +# Copy the source code COPY . . +# Build for ARM64 macOS +# SANDBOX_AGENT_SKIP_INSPECTOR=1 skips embedding the inspector frontend RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/build/target \ - cargo build -p sandbox-agent --release --target aarch64-apple-darwin && \ + SANDBOX_AGENT_SKIP_INSPECTOR=1 cargo build -p sandbox-agent --release --target aarch64-apple-darwin && \ mkdir -p /artifacts && \ cp target/aarch64-apple-darwin/release/sandbox-agent /artifacts/sandbox-agent-aarch64-apple-darwin +# Default command to show help CMD ["ls", "-la", "/artifacts"] diff --git a/docker/release/macos-x86_64.Dockerfile b/docker/release/macos-x86_64.Dockerfile index 32f972a..b16c6e6 100644 --- a/docker/release/macos-x86_64.Dockerfile +++ b/docker/release/macos-x86_64.Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1.10.0 -FROM rust:1.91.0 AS base +FROM rust:1.88.0 AS base -ENV DEBIAN_FRONTEND=noninteractive +# Install dependencies RUN apt-get update && apt-get install -y \ clang \ cmake \ @@ -21,8 +21,10 @@ RUN git config --global --add safe.directory '*' && \ mv MacOSX11.3.sdk.tar.xz tarballs/ && \ UNATTENDED=yes OSX_VERSION_MIN=10.7 ./build.sh +# Add osxcross to PATH ENV PATH="/root/osxcross/target/bin:$PATH" +# Tell Clang/bindgen to use the macOS SDK, and nudge Clang to prefer osxcross binutils. ENV OSXCROSS_SDK=MacOSX11.3.sdk \ SDKROOT=/root/osxcross/target/SDK/MacOSX11.3.sdk \ BINDGEN_EXTRA_CLANG_ARGS_X86_64_apple_darwin="--sysroot=/root/osxcross/target/SDK/MacOSX11.3.sdk -isystem /root/osxcross/target/SDK/MacOSX11.3.sdk/usr/include" \ @@ -37,12 +39,16 @@ ENV OSXCROSS_SDK=MacOSX11.3.sdk \ CARGO_INCREMENTAL=0 \ CARGO_NET_GIT_FETCH_WITH_CLI=true +# Set working directory WORKDIR /build +# Build for x86_64 macOS FROM base AS x86_64-builder +# Install macOS x86_64 target RUN rustup target add x86_64-apple-darwin +# Configure Cargo for cross-compilation (x86_64) RUN mkdir -p /root/.cargo && \ echo '\ [target.x86_64-apple-darwin]\n\ @@ -50,13 +56,17 @@ linker = "x86_64-apple-darwin20.4-clang"\n\ ar = "x86_64-apple-darwin20.4-ar"\n\ ' > /root/.cargo/config.toml +# Copy the source code COPY . . +# Build for x86_64 macOS +# SANDBOX_AGENT_SKIP_INSPECTOR=1 skips embedding the inspector frontend RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/build/target \ - cargo build -p sandbox-agent --release --target x86_64-apple-darwin && \ + SANDBOX_AGENT_SKIP_INSPECTOR=1 cargo build -p sandbox-agent --release --target x86_64-apple-darwin && \ mkdir -p /artifacts && \ cp target/x86_64-apple-darwin/release/sandbox-agent /artifacts/sandbox-agent-x86_64-apple-darwin +# Default command to show help CMD ["ls", "-la", "/artifacts"] diff --git a/docker/release/windows.Dockerfile b/docker/release/windows.Dockerfile index be231e0..187cbed 100644 --- a/docker/release/windows.Dockerfile +++ b/docker/release/windows.Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1.10.0 -FROM rust:1.91.0 +FROM rust:1.88.0 -ENV DEBIAN_FRONTEND=noninteractive +# Install dependencies RUN apt-get update && apt-get install -y \ llvm-14-dev \ libclang-14-dev \ @@ -18,14 +18,17 @@ RUN apt-get update && apt-get install -y \ RUN update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix && \ update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix +# Install target RUN rustup target add x86_64-pc-windows-gnu +# Configure Cargo for Windows cross-compilation RUN mkdir -p /root/.cargo && \ echo '\ [target.x86_64-pc-windows-gnu]\n\ linker = "x86_64-w64-mingw32-gcc"\n\ ' > /root/.cargo/config.toml +# Set environment variables for cross-compilation ENV CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER=x86_64-w64-mingw32-gcc \ CC_x86_64_pc_windows_gnu=x86_64-w64-mingw32-gcc \ CXX_x86_64_pc_windows_gnu=x86_64-w64-mingw32-g++ \ @@ -36,14 +39,20 @@ ENV CARGO_TARGET_X86_64_PC_WINDOWS_GNU_LINKER=x86_64-w64-mingw32-gcc \ CARGO_INCREMENTAL=0 \ CARGO_NET_GIT_FETCH_WITH_CLI=true +# Set working directory WORKDIR /build + +# Copy the source code COPY . . +# Build for Windows +# SANDBOX_AGENT_SKIP_INSPECTOR=1 skips embedding the inspector frontend RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git \ --mount=type=cache,target=/build/target \ - cargo build -p sandbox-agent --release --target x86_64-pc-windows-gnu && \ + SANDBOX_AGENT_SKIP_INSPECTOR=1 cargo build -p sandbox-agent --release --target x86_64-pc-windows-gnu && \ mkdir -p /artifacts && \ cp target/x86_64-pc-windows-gnu/release/sandbox-agent.exe /artifacts/sandbox-agent-x86_64-pc-windows-gnu.exe +# Default command to show help CMD ["ls", "-la", "/artifacts"]