feat: update openssl to v1.1.1 (LTS)

deprecated v1.0.2 according to https://www.openssl.org/policies/releasestrat.html

Author: joseluisq

README.md

@@ -2,6 +2,11 @@
 
 > Use same Docker image for compiling [Rust](https://www.rust-lang.org/) programs for Linux ([musl libc](https://doc.rust-lang.org/edition-guide/rust-2018/platform-and-target-support/musl-support-for-fully-static-binaries.html)) & macOS ([osxcross](https://github.com/tpoechtrager/osxcross)).
 
+## OpenSSL Release Notes
+
+Until `v1.42.0` of this project, one old OpenSSL release `v1.0.2` was used. 
+Now, since `v1.43.x` or greater, OpenSSL `v1.1.1` (LTS) is used which is supported until `2023-09-11`. View more at https://www.openssl.org/policies/releasestrat.html.
+
 ## Overview
 
 This is a __Linux Docker image__ based on [ekidd/rust-musl-builder](https://hub.docker.com/r/ekidd/rust-musl-builder) but using [debian:buster-slim](https://hub.docker.com/_/debian?tab=tags&page=1&name=buster-slim). It contains essential tools for compile [Rust](https://www.rust-lang.org/) projects such as __Linux__ static binaries via [musl-libc / musl-gcc](https://doc.rust-lang.org/edition-guide/rust-2018/platform-and-target-support/musl-support-for-fully-static-binaries.html) (`x86_64-unknown-linux-musl`) and __macOS__ binaries (`x86_64-apple-darwin`) via [osxcross](https://github.com/tpoechtrager/osxcross) just using the same Linux image.
@@ -18,7 +23,7 @@ By default the working directory is `/root/src`.
 docker run --rm \
     --volume "${PWD}/sample":/root/src \
     --workdir /root/src \
-    joseluisq/rust-linux-darwin-builder:1.42.0 \
+    joseluisq/rust-linux-darwin-builder:1.43.0 \
     sh -c "cargo build --release"
 ```
 
@@ -28,7 +33,7 @@ docker run --rm \
 docker run --rm \
     --volume "${PWD}/sample":/root/src \
     --workdir /root/src \
-    joseluisq/rust-linux-darwin-builder:1.42.0 \
+    joseluisq/rust-linux-darwin-builder:1.43.0 \
     sh -c "cargo build --release --target x86_64-apple-darwin"
 ```
 
@@ -37,7 +42,7 @@ docker run --rm \
 You can also use the image as a base for your own Dockerfile:
 
 ```Dockerfile
-FROM joseluisq/rust-linux-darwin-builder:1.42.0
+FROM joseluisq/rust-linux-darwin-builder:1.43.0
 ```
 
 ### Cross-compilation example
@@ -56,7 +61,7 @@ compile:
 	@docker run --rm -it \
 		-v $(PWD):/drone/src \
 		-w /drone/src \
-			joseluisq/rust-linux-darwin-builder:1.42.0 \
+			joseluisq/rust-linux-darwin-builder:1.43.0 \
 				make cross-compile
 .PHONY: compile
 
@@ -81,12 +86,12 @@ Just run the makefile `compile` target, then you will see two release binaries `
 make compile
 # 1. Cross compiling example...
 
-# rustc 1.42.0 (b8cedc004 2020-03-09)
+# rustc 1.43.0 (b8cedc004 2020-03-09)
 # binary: rustc
 # commit-hash: b8cedc00407a4c56a3bda1ed605c6fc166655447
 # commit-date: 2020-03-09
 # host: x86_64-unknown-linux-gnu
-# release: 1.42.0
+# release: 1.43.0
 # LLVM version: 9.0
 
 # 2. Compiling application (linux-musl x86_64)...

docker/tmpl.Dockerfile

@@ -1,17 +1,16 @@
-# NOTE: Most of Dockerfile and related files were borrowed from
-#       https://hub.docker.com/r/joseluisq/rust-linux-darwin-builder
+# NOTE: Most of Dockerfile and related were borrowed from
+#       https://hub.docker.com/r/ekidd/rust-musl-builder
 
-FROM debian:$DEBIAN_TAG
+FROM debian:buster-slim
 
 LABEL maintainer="Jose Quintana <git.io/joseluisq>"
 
 # The Rust toolchain to use when building our image. Set by `hooks/build`.
 ARG TOOLCHAIN=stable
 
-# The OpenSSL version to use. We parameterize this because many Rust
-# projects will fail to build with 1.1.
-# File: openssl-1.0.2u.tar.gz (2019-Dec-20 13:25:43)
-ARG OPENSSL_VERSION=1.0.2
+# OpenSSL v1.1.1
+# File: openssl-1.1.1g.tar.gz (2020-Apr-21 13:01:56)
+ARG OPENSSL_VERSION=1.1.1
 
 # Make sure we have basic dev tools for building C libraries. Our goal
 # here is to support the musl-libc builds and Cargo builds needed for a
@@ -47,35 +46,38 @@ RUN set -eux \
         zlib1g-dev \
 # Clean up local repository of retrieved packages and remove the package lists
     && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && true
 
 # Static linking for C++ code
 RUN set -eux \
     && ln -s "/usr/bin/g++" "/usr/bin/musl-g++" \
 # Create appropriate directories for current user
-    && mkdir -p /root/libs /root/src
+    && mkdir -p /root/libs /root/src \
+    && true
 
 # Set up our path with all our binary directories, including those for the
 # musl-gcc toolchain and for our Rust toolchain.
 ENV PATH=/root/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
-# Install our Rust toolchain and the `musl` target.  We patch the
+# Install our Rust toolchain and the `musl` target. We patch the
 # command-line we pass to the installer so that it won't attempt to
-# interact with the user or fool around with TTYs.  We also set the default
-# `--target` to musl so that our users don't need to keep overriding it
-# manually.
+# interact with the user or fool around with TTYs. We also set the default
+# `--target` to musl so that our users don't need to keep overriding it manually.
 RUN set -eux \
     && curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $TOOLCHAIN \
     && rustup target add x86_64-unknown-linux-musl \
     && rustup target add armv7-unknown-linux-musleabihf \
-    && rustup target add x86_64-apple-darwin
+    && rustup target add x86_64-apple-darwin \
+    && true
 ADD docker/cargo-config.toml /root/.cargo/config
 
 # Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access
 # private repositories if desired.
 ADD docker/git-credential-ghtoken /usr/local/bin
 RUN set -eux \
-    && git config --global credential.https://github.com.helper ghtoken
+    && git config --global credential.https://github.com.helper ghtoken \
+    && true
 
 # Build a static library version of OpenSSL using musl-libc.  This is needed by
 # the popular Rust `hyper` crate.
@@ -87,47 +89,51 @@ RUN set -eux \
 RUN set -eux \
     && echo "Building OpenSSL..." \
     && ls /usr/include/linux \
-    && sudo mkdir -p /usr/local/musl/include \
-    && sudo ln -s /usr/include/linux /usr/local/musl/include/linux \
-    && sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm \
-    && sudo ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic \
+    && mkdir -p /usr/local/musl/include \
+    && ln -s /usr/include/linux /usr/local/musl/include/linux \
+    && ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm \
+    && ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic \
     && cd /tmp \
-    && curl -LO "https://www.openssl.org/source/old/${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}u.tar.gz" \
-    && tar xvzf "openssl-${OPENSSL_VERSION}u.tar.gz" && cd "openssl-${OPENSSL_VERSION}u" \
+    && curl -LO "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}g.tar.gz" \
+    && tar xvzf "openssl-${OPENSSL_VERSION}g.tar.gz" && cd "openssl-${OPENSSL_VERSION}g" \
     && env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 \
     && env C_INCLUDE_PATH=/usr/local/musl/include/ make depend \
     && env C_INCLUDE_PATH=/usr/local/musl/include/ make \
-    && sudo make install \
-    && sudo rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic \
-    && rm -r /tmp/*
+    && make install \
+    && rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic \
+    && openssl version \
+    && rm -r /tmp/* \
+    && true
 
 RUN set -eux \
     && echo "Building zlib..." \
     && cd /tmp \
-    && ZLIB_VERSION=1.2.11 \
+    && env ZLIB_VERSION=1.2.11 \
     && curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" \
     && tar xzf "zlib-$ZLIB_VERSION.tar.gz" \
     && cd "zlib-$ZLIB_VERSION" \
-    && CC=musl-gcc ./configure --static --prefix=/usr/local/musl \
+    && env CC=musl-gcc ./configure --static --prefix=/usr/local/musl \
     && make \
-    && sudo make install \
-    && rm -r /tmp/*
+    && make install \
+    && rm -r /tmp/* \
+    && true
 
 RUN set -eux \
     && echo "Building libpq..." \
     && cd /tmp \
-    && POSTGRESQL_VERSION=11.2 \
+    && env POSTGRESQL_VERSION=11.2 \
     && curl -LO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" \
     && tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" \
     && cd "postgresql-$POSTGRESQL_VERSION" \
-    && CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl \
+    && env CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl \
     && cd src/interfaces/libpq \
     && make all-static-lib \
-    && sudo make install-lib-static \
+    && make install-lib-static \
     && cd ../../bin/pg_config \
     && make \
-    && sudo make install \
-    && rm -r /tmp/*
+    && make install \
+    && rm -r /tmp/* \
+    && true
 
 ENV OPENSSL_DIR=/usr/local/musl/ \
     OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
@@ -145,22 +151,26 @@ ENV OPENSSL_DIR=/usr/local/musl/ \
 # libraries needed by the most popular and common Rust crates, to avoid
 # everybody needing to build them manually.)
 
-ENV OSXCROSS_SDK_VERSION 10.11
+
+# Install OS X Cross
+# A Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android
+
+ENV MACOSX_SDK_VERSION 10.11
 
 RUN set -eux \
     && echo "Building osxcross..." \
     && cd /usr/local/ \
     && git clone --depth 1 https://github.com/tpoechtrager/osxcross \
     && cd osxcross \
-    && curl -L -o ./tarballs/MacOSX${OSXCROSS_SDK_VERSION}.sdk.tar.xz \
-    https://s3.amazonaws.com/andrew-osx-sdks/MacOSX${OSXCROSS_SDK_VERSION}.sdk.tar.xz \
+    && curl -L -o ./tarballs/MacOSX${MACOSX_SDK_VERSION}.sdk.tar.xz \
+        https://s3.amazonaws.com/andrew-osx-sdks/MacOSX${MACOSX_SDK_VERSION}.sdk.tar.xz \
     && env UNATTENDED=yes OSX_VERSION_MIN=10.7 ./build.sh \
     && rm -rf *~ taballs *.tar.xz \
-    && rm -rf /tmp/*
+    && rm -rf /tmp/* \
+    && true
 
 ENV PATH $PATH:/usr/local/osxcross/target/bin
 
-# Expect our source code to live in /root/src
 WORKDIR /root/src
 
 CMD ["bash"]