muslrust
muslrust copied to clipboard
Published
20 hours ago •
clux
clux
Add support for rustls-openssl
Response to: https://github.com/clux/muslrust/issues/153
why don't you just use rustls-openssl instead of entirely removing openssl?
There are some projects like rdkafka that use openssl but don't use rustls since it's a wrapper around a repo written in a non-Rust language like C/C++. So now I can't use TLS at all when the OpenSSL is gone, when I want to use rdkafka crate in muslrust.
Rustls-openssl is different from rust-openssl. Rustls-openssl is 100% Rust, while the one you removed (rust-openssl) has some C in it
And since you decided to support rustls, you should prob add support for rustls-openssl since it's part of the rustls ecosystem and mentioned in the rustls documentation.
this seems sensible to me. if it's 100% pure rust, we wouldn't technically need to add anything in this image, right?
this seems sensible to me. if it's 100% pure rust, we wouldn't technically need to add anything in this image, right?
I don't know the implementation details or the details of how the muslrust sourcecode works. Feel free to tinker around and run tests/analyses/etc!
what do I need to add in Dockerfile to restore OpenSSL like the earlier versions of muslrust?
Take a look at the removal change.
In particular the openssl build deps, the curl openssl && make step, and the extra evars at the end.
- I copied over the removed parts of
Dockerfile.x86_64into my Dockerfile - I ignored the
/testsfiles since they don't seem to be part of the workflow (since they're just tests) - I ignored the changes in
update_libs.pybecause I couldn't find that file inside theclux/muslrust:1.87.0-stable-2025-06-24image (after running it as a container and doingfind | grep update_libs.py) - I ignored the changes in
justfilebecause I couldn't find that file in theclux/muslrust:1.87.0-stable-2025-06-24image - I ignored the changes in
Dockerfile.arm64since it seems to be an alternative, rather than a complement, toDockerfile.x86_64 - I ignored README.md since it's just information rather than functionality
Here's my resulting Dockerfile:
musl.Dockerfile
FROM clux/muslrust:1.87.0-stable-2025-06-24 AS builder
# Required packages
RUN apt-get update && \
apt-get install -y \
xutils-dev \
libssl-dev \
libpq-dev
# Convenience list of versions and variables for compilation later on
# This helps continuing manually if anything breaks.
ENV SSL_VER="1.1.1w" \
ZLIB_VER="1.3.1" \
PQ_VER="11.12"
# Set up a prefix for musl build libraries, make the linker's job of finding them easier
# Primarily for the benefit of postgres.
# Lastly, link some linux-headers for openssl 1.1 (not used herein)
RUN echo "$PREFIX/lib" >> /etc/ld-musl-x86_64.path && \
ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/x86_64-linux-musl/asm && \
ln -s /usr/include/asm-generic /usr/include/x86_64-linux-musl/asm-generic && \
ln -s /usr/include/linux /usr/include/x86_64-linux-musl/linux
# Build openssl (used in pq)
# Would like to use zlib here, but can't seem to get it to work properly
# TODO: fix so that it works
RUN curl -sSL https://www.openssl.org/source/openssl-$SSL_VER.tar.gz | tar xz && \
cd openssl-$SSL_VER && \
./Configure no-zlib no-shared -fPIC --prefix=$PREFIX --openssldir=$PREFIX/ssl linux-x86_64 && \
env C_INCLUDE_PATH=$PREFIX/include make depend 2> /dev/null && \
make -j$(nproc) && \
make all install_sw && \
cd .. && \
rm -rf openssl-$SSL_VER
# Build libpq
RUN curl -sSL https://ftp.postgresql.org/pub/source/v$PQ_VER/postgresql-$PQ_VER.tar.gz | tar xz && \
cd postgresql-$PQ_VER && \
CC="musl-gcc -fPIE -pie" LDFLAGS="-L$PREFIX/lib" CFLAGS="-I$PREFIX/include" ./configure \
--without-readline \
--with-openssl \
--prefix=$PREFIX --host=x86_64-unknown-linux-musl && \
cd src/interfaces/libpq && \
make -s -j $(nproc) all-static-lib && \
make -s install install-lib-static && \
cd ../../bin/pg_config && \
make -j $(nproc) && \
make install && \
cd .. && \
rm -rf postgresql-$PQ_VER
# SSL cert directories get overridden by --prefix and --openssldirAdd commentMore actions
# and they do not match the typical host configurations.
# The SSL_CERT_* vars fix this, but only when inside this container
# musl-compiled binary must point SSL at the correct certs (muslrust/issues/5) elsewhere
# Postgres bindings need vars so that diesel_codegen.so uses the GNU deps at build time
# but finally links with the static libpq.a at the end.
# It needs the non-musl pg_config to set this up with libpq-dev (depending on libssl-dev)
# See https://github.com/sgrif/pq-sys/pull/18
ENV PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=true \
OPENSSL_STATIC=true \
OPENSSL_DIR=$PREFIX \
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
SSL_CERT_DIR=/etc/ssl/certs
WORKDIR /app
COPY . .
RUN cargo build --target=x86_64-unknown-linux-musl
I ran this:
docker build -f musl.Dockerfile -t musl:musl .
I get this output:
output
docker build -f musl.Dockerfile -t musl:musl .
[+] Building 64.1s (12/12) FINISHED docker:default
=> [internal] load build definition from musl.Dockerfile 0.0s
=> => transferring dockerfile: 2.85kB 0.0s
=> [internal] load metadata for docker.io/clux/muslrust:1.87.0-stable-2025-06-24 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 663B 0.0s
=> [1/8] FROM docker.io/clux/muslrust:1.87.0-stable-2025-06-24 0.0s
=> [internal] load build context 0.8s
=> => transferring context: 1.34MB 0.8s
=> CACHED [2/8] RUN apt-get update && apt-get install -y xutils-dev libssl-dev libpq-dev 0.0s
=> CACHED [3/8] RUN echo "/musl/lib" >> /etc/ld-musl-x86_64.path && ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/x86_64-linux-musl/asm && ln -s /usr/include/asm-generic /usr/include/x86_64-linux-musl/asm-generic && ln -s /usr/include/linux /usr/include/x86_64-linux-musl/linux 0.0s
=> CACHED [4/8] RUN curl -sSL https://www.openssl.org/source/openssl-1.1.1w.tar.gz | tar xz && cd openssl-1.1.1w && ./Configure no-zlib no-shared -fPIC --prefix=/musl --openssldir=/musl/ssl linux-x86_64 && env C_INCLUDE_PATH=/musl/include make depend 2> /dev/null && make -j$(nproc) && make all install_sw && cd .. && rm -rf openssl-1.1.1w 0.0s
=> CACHED [5/8] RUN curl -sSL https://ftp.postgresql.org/pub/source/v11.12/postgresql-11.12.tar.gz | tar xz && cd postgresql-11.12 && CC="musl-gcc -fPIE -pie" LDFLAGS="-L/musl/lib" CFLAGS="-I/musl/include" ./configure --without-readline --with-openssl --prefix=/musl --host=x86_64-unknown-linux-musl && cd src/interfaces/libpq && make -s -j $(nproc 0.0s
=> CACHED [6/8] WORKDIR /app 0.0s
=> CACHED [7/8] COPY . . 0.0s
=> ERROR [8/8] RUN cargo build --target=x86_64-unknown-linux-musl 63.2s
------
> [8/8] RUN cargo build --target=x86_64-unknown-linux-musl:
0.166 + cargo build --target=x86_64-unknown-linux-musl
0.294 Updating crates.io index
0.382 Updating git repository `https://github.com/ZuperZee/modbus-rs.git`
2.309 Downloading crates ...
2.619 Downloaded arrayvec v0.7.6
2.632 Downloaded time-core v0.1.4
2.635 Downloaded matchers v0.1.0
2.637 Downloaded thread_local v1.1.8
2.647 Downloaded autocfg v1.4.0
2.673 Downloaded async-trait v0.1.88
2.677 Downloaded ahash v0.7.8
2.708 Downloaded arbitrary v1.4.1
2.742 Downloaded synstructure v0.13.2
2.749 Downloaded darling_macro v0.20.11
2.756 Downloaded foreign-types v0.3.2
2.766 Downloaded cfg_aliases v0.2.1
2.769 Downloaded foreign-types-shared v0.1.1
2.828 Downloaded bytecheck_derive v0.6.12
2.837 Downloaded thiserror v2.0.12
2.843 Downloaded http-body v1.0.1
2.844 Downloaded testcontainers v0.24.0
2.872 Downloaded ident_case v1.0.1
2.887 Downloaded equivalent v1.0.2
2.898 Downloaded anyhow v1.0.98
2.901 Downloaded tinyvec_macros v0.1.1
2.902 Downloaded base64 v0.22.1
2.906 Downloaded radium v0.7.0
2.908 Downloaded float_plus v2.0.1
2.910 Downloaded either v1.15.0
2.911 Downloaded bytecheck v0.6.12
2.913 Downloaded zerofrom v0.1.6
2.958 Downloaded cfg-if v1.0.1
2.960 Downloaded json_string v0.1.14
2.961 Downloaded docker_credential v1.3.2
2.965 Downloaded dotenvy v0.15.7
2.973 Downloaded futures-executor v0.3.31
2.974 Downloaded fnv v1.0.7
2.975 Downloaded errno v0.3.13
2.977 Downloaded tap v1.0.1
2.979 Downloaded cast v0.3.0
2.982 Downloaded lru-slab v0.1.2
2.983 Downloaded itoa v1.0.15
2.987 Downloaded home v0.5.11
2.989 Downloaded ulid v1.2.1
2.993 Downloaded glob v0.3.2
2.995 Downloaded cexpr v0.6.0
3.000 Downloaded futures-io v0.3.31
3.002 Downloaded etcetera v0.10.0
3.005 Downloaded futures-sink v0.3.31
3.007 Downloaded funty v2.0.0
3.009 Downloaded futures-task v0.3.31
3.044 Downloaded utf8_iter v1.0.4
3.052 Downloaded hex v0.4.3
3.062 Downloaded toml_datetime v0.6.11
3.063 Downloaded futures-macro v0.3.31
3.070 Downloaded filetime v0.2.25
3.072 Downloaded tower-service v0.3.3
3.074 Downloaded httpdate v1.0.3
3.078 Downloaded form_urlencoded v1.2.1
3.080 Downloaded tower-layer v0.3.3
3.082 Downloaded lazy_static v1.5.0
3.085 Downloaded http-body-util v0.1.3
3.090 Downloaded idna_adapter v1.2.1
3.091 Downloaded heck v0.5.0
3.094 Downloaded want v0.3.1
3.099 Downloaded hyperlocal v0.9.1
3.128 Downloaded tracing-test-macro v0.2.5
3.133 Downloaded rustc-hash v2.1.1
3.138 Downloaded base64 v0.21.7
3.151 Downloaded serial_test v3.2.0
3.153 Downloaded serde_repr v0.1.20
3.158 Downloaded borsh-derive v1.5.7
3.174 Downloaded futures-core v0.3.31
3.186 Downloaded ipnet v2.11.0
3.194 Downloaded num-conv v0.1.0
3.197 Downloaded getrandom v0.2.16
3.202 Downloaded ptr_meta_derive v0.1.4
3.203 Downloaded jobserver v0.1.33
3.204 Downloaded lock_api v0.4.13
3.207 Downloaded futures-channel v0.3.31
3.217 Downloaded ptr_meta v0.1.4
3.233 Downloaded iana-time-zone v0.1.63
3.240 Downloaded hyper-rustls v0.27.7
3.245 Downloaded openssl-macros v0.1.1
3.249 Downloaded deranged v0.4.0
3.277 Downloaded project-root v0.2.2
3.278 Downloaded thiserror-impl v2.0.12
3.308 Downloaded litemap v0.8.0
3.330 Downloaded tokio-macros v2.5.0
3.351 Downloaded strsim v0.11.1
3.352 Downloaded smart-default v0.7.1
3.354 Downloaded signal-hook-registry v1.4.5
3.356 Downloaded serial_test_derive v3.2.0
3.357 Downloaded zerofrom-derive v0.1.6
3.357 Downloaded zeroize v1.8.1
3.358 Downloaded yoke-derive v0.8.0
3.365 Downloaded rend v0.4.2
3.368 Downloaded tracing-test v0.2.5
3.370 Downloaded tracing-log v0.2.0
3.372 Downloaded diff v0.1.13
3.378 Downloaded tinystr v0.8.1
3.392 Downloaded structmeta v0.3.0
3.393 Downloaded serde_urlencoded v0.7.1
3.398 Downloaded futures v0.3.31
3.403 Downloaded displaydoc v0.2.5
3.405 Downloaded bitflags v2.9.1
3.407 Downloaded clang-sys v1.8.1
3.411 Downloaded try-lock v0.2.5
3.413 Downloaded log v0.4.27
3.414 Downloaded indexmap v1.9.3
3.417 Downloaded num v0.4.3
3.418 Downloaded darling v0.20.11
3.421 Downloaded icu_provider v2.0.0
3.423 Downloaded httparse v1.10.1
3.426 Downloaded getrandom v0.3.3
3.481 Downloaded ryu v1.0.20
3.486 Downloaded shlex v1.3.0
3.487 Downloaded rustls-native-certs v0.8.1
3.489 Downloaded libloading v0.8.8
3.525 Downloaded bollard-stubs v1.47.1-rc.27.3.1
3.533 Downloaded slab v0.4.9
3.536 Downloaded simdutf8 v0.1.5
3.539 Downloaded sdd v3.0.8
3.542 Downloaded scopeguard v1.2.0
3.544 Downloaded rustversion v1.0.21
3.547 Downloaded darling_core v0.20.11
3.552 Downloaded num-integer v0.1.46
3.554 Downloaded percent-encoding v2.3.1
3.555 Downloaded icu_properties v2.0.1
3.558 Downloaded icu_normalizer v2.0.0
3.561 Downloaded half v2.6.0
3.563 Downloaded smol_str v0.3.2
3.565 Downloaded rand_chacha v0.3.1
3.566 Downloaded xattr v1.5.0
3.568 Downloaded structmeta-derive v0.3.0
3.574 Downloaded openssl-probe v0.1.6
3.582 Downloaded parse-display-derive v0.9.1
3.585 Downloaded rkyv_derive v0.7.45
3.587 Downloaded strum_macros v0.26.4
3.589 Downloaded serde_with_macros v3.12.0
3.590 Downloaded rand_chacha v0.9.0
3.591 Downloaded parse-display v0.9.1
3.592 Downloaded bytes v1.10.1
3.595 Downloaded smallvec v1.15.1
3.603 Downloaded pkg-config v0.3.32
3.615 Downloaded icu_normalizer_data v2.0.0
3.626 Downloaded num-iter v0.1.45
3.631 Downloaded powerfmt v0.2.0
3.633 Downloaded num_enum v0.7.3
3.639 Downloaded version_check v0.9.5
3.640 Downloaded borsh v1.5.7
3.647 Downloaded icu_locale_core v2.0.0
3.653 Downloaded icu_collections v2.0.0
3.668 Downloaded ppv-lite86 v0.2.21
3.669 Downloaded hashbrown v0.12.3
3.675 Downloaded proc-macro-crate v3.3.0
3.677 Downloaded indexmap v2.9.0
3.681 Downloaded tokio-stream v0.1.17
3.686 Downloaded socket2 v0.5.10
3.689 Downloaded serde_derive v1.0.219
3.692 Downloaded potential_utf v0.1.2
3.693 Downloaded untrusted v0.9.0
3.694 Downloaded pin-utils v0.1.0
3.695 Downloaded sharded-slab v0.1.7
3.697 Downloaded time-macros v0.2.22
3.707 Downloaded hyper-util v0.1.14
3.714 Downloaded http v1.3.1
3.720 Downloaded rustls-webpki v0.103.3
3.724 Downloaded num_enum_derive v0.7.3
3.729 Downloaded nu-ansi-term v0.46.0
3.734 Downloaded sync_wrapper v1.0.2
3.736 Downloaded rand_core v0.9.3
3.738 Downloaded subtle v2.6.1
3.739 Downloaded wyz v0.5.1
3.768 Downloaded tokio-rustls v0.26.2
3.771 Downloaded stable_deref_trait v1.2.0
3.773 Downloaded rand v0.8.5
3.779 Downloaded cc v1.2.26
3.786 Downloaded iri-string v0.7.8
3.798 Downloaded rkyv v0.7.45
3.809 Downloaded hashbrown v0.15.4
3.816 Downloaded rand_core v0.6.4
3.818 Downloaded zerovec-derive v0.11.1
3.819 Downloaded yoke v0.8.0
3.820 Downloaded itertools v0.13.0
3.826 Downloaded idna v1.0.3
3.830 Downloaded aho-corasick v1.1.3
3.835 Downloaded bollard v0.18.1
3.846 Downloaded hyper v1.6.0
3.852 Downloaded num-complex v0.4.6
3.855 Downloaded quote v1.0.40
3.860 Downloaded overload v0.1.1
3.862 Downloaded icu_properties_data v2.0.1
3.871 Downloaded scc v2.3.4
3.875 Downloaded futures-util v0.3.31
3.904 Downloaded serde_with v3.12.0
3.916 Downloaded serde_json v1.0.140
3.922 Downloaded tinyvec v1.9.0
3.924 Downloaded reqwest v0.12.20
3.932 Downloaded rustls-pemfile v2.2.0
3.934 Downloaded bitvec v1.0.1
3.951 Downloaded num-rational v0.4.2
3.952 Downloaded chrono v0.4.41
3.959 Downloaded tracing-attributes v0.1.29
3.961 Downloaded bindgen v0.71.1
3.967 Downloaded writeable v0.6.1
3.981 Downloaded syn v1.0.109
3.993 Downloaded regex v1.11.1
4.010 Downloaded proc-macro2 v1.0.95
4.013 Downloaded syn v2.0.102
4.023 Downloaded regex-syntax v0.6.29
4.029 Downloaded parking_lot_core v0.9.11
4.030 Downloaded once_cell v1.21.3
4.033 Downloaded num-traits v0.2.19
4.036 Downloaded tracing-core v0.1.34
4.038 Downloaded quinn-udp v0.5.12
4.039 Downloaded pin-project-lite v0.2.16
4.042 Downloaded parking_lot v0.12.4
4.044 Downloaded seahash v4.1.0
4.045 Downloaded uuid v1.17.0
4.053 Downloaded tokio-tar v0.3.1
4.058 Downloaded toml_edit v0.22.27
4.067 Downloaded rustls v0.23.27
4.085 Downloaded regex-syntax v0.8.5
4.099 Downloaded rustix v1.0.7
4.136 Downloaded unicode-ident v1.0.18
4.140 Downloaded zerotrie v0.2.2
4.142 Downloaded time v0.3.41
4.169 Downloaded yansi v1.0.1
4.171 Downloaded tracing v0.1.41
4.181 Downloaded rustls-pki-types v1.12.0
4.186 Downloaded regex-automata v0.4.9
4.204 Downloaded quinn v0.11.8
4.207 Downloaded pretty_assertions v1.4.1
4.210 Downloaded openssl-sys v0.9.109
4.224 Downloaded libc v0.2.172
4.244 Downloaded mio v1.0.4
4.248 Downloaded url v2.5.4
4.251 Downloaded memchr v2.7.5
4.255 Downloaded libz-sys v1.1.22
4.305 Downloaded minimal-lexical v0.2.1
4.314 Downloaded serde v1.0.219
4.317 Downloaded tower v0.5.2
4.330 Downloaded rand v0.9.1
4.337 Downloaded num-bigint v0.4.6
4.343 Downloaded tokio-util v0.7.15
4.348 Downloaded zerovec v0.11.2
4.359 Downloaded regex-automata v0.1.10
4.363 Downloaded nom v7.1.3
4.368 Downloaded ring v0.17.14
4.417 Downloaded rdkafka v0.37.0
4.428 Downloaded tower-http v0.6.6
4.461 Downloaded linux-raw-sys v0.9.4
4.518 Downloaded rust_decimal v1.37.1
4.524 Downloaded tracing-subscriber v0.3.19
4.534 Downloaded winnow v0.7.11
4.541 Downloaded quinn-proto v0.11.12
4.547 Downloaded vcpkg v0.2.15
4.576 Downloaded zerocopy v0.8.25
4.593 Downloaded openssl v0.10.73
4.601 Downloaded webpki-roots v1.0.0
4.621 Downloaded rdkafka-sys v4.8.0+2.3.0
4.715 Downloaded zstd-sys v2.0.15+zstd.1.5.7
4.745 Downloaded tokio v1.45.1
4.852 Compiling proc-macro2 v1.0.95
4.852 Compiling unicode-ident v1.0.18
4.852 Compiling libc v0.2.172
4.852 Compiling autocfg v1.4.0
4.852 Compiling shlex v1.3.0
4.855 Compiling cfg-if v1.0.1
4.855 Compiling memchr v2.7.5
4.859 Compiling pin-project-lite v0.2.16
4.862 Compiling serde v1.0.219
4.864 Compiling futures-core v0.3.31
4.864 Compiling bytes v1.10.1
4.872 Compiling itoa v1.0.15
4.889 Compiling futures-sink v0.3.31
4.889 Compiling once_cell v1.21.3
4.896 Compiling smallvec v1.15.1
4.896 Compiling stable_deref_trait v1.2.0
4.896 Compiling futures-task v0.3.31
4.896 Compiling pin-utils v0.1.0
4.913 Compiling futures-io v0.3.31
4.924 Compiling pkg-config v0.3.32
4.972 Compiling regex-syntax v0.8.5
4.973 Compiling zeroize v1.8.1
4.999 Compiling vcpkg v0.2.15
5.009 Compiling fnv v1.0.7
5.024 Compiling glob v0.3.2
5.051 Compiling futures-channel v0.3.31
5.059 Compiling writeable v0.6.1
5.061 Compiling litemap v0.8.0
5.063 Compiling ryu v1.0.20
5.085 Compiling serde_json v1.0.140
5.094 Compiling log v0.4.27
5.133 Compiling tracing-core v0.1.34
5.155 Compiling rustls-pki-types v1.12.0
5.169 Compiling httparse v1.10.1
5.220 Compiling percent-encoding v2.3.1
5.265 Compiling minimal-lexical v0.2.1
5.272 Compiling icu_properties_data v2.0.1
5.309 Compiling icu_normalizer_data v2.0.0
5.336 Compiling either v1.15.0
5.434 Compiling libloading v0.8.8
5.464 Compiling aho-corasick v1.1.3
5.514 Compiling nom v7.1.3
5.527 Compiling ident_case v1.0.1
5.542 Compiling clang-sys v1.8.1
5.555 Compiling slab v0.4.9
5.565 Compiling num-traits v0.2.19
5.581 Compiling http v1.3.1
5.659 Compiling bindgen v0.71.1
5.678 Compiling tower-service v0.3.3
5.755 Compiling untrusted v0.9.0
5.757 Compiling try-lock v0.2.5
5.779 Compiling quote v1.0.40
5.790 Compiling strsim v0.11.1
5.819 Compiling want v0.3.1
5.910 Compiling itertools v0.13.0
5.941 Compiling zerocopy v0.8.25
6.022 Compiling equivalent v1.0.2
6.102 Compiling hashbrown v0.15.4
6.137 Compiling rustls v0.23.27
6.204 Compiling bitflags v2.9.1
6.333 Compiling socket2 v0.5.10
6.384 Compiling signal-hook-registry v1.4.5
6.418 Compiling mio v1.0.4
6.499 Compiling syn v2.0.102
6.915 Compiling getrandom v0.2.16
7.279 Compiling getrandom v0.3.3
7.526 Compiling rustc-hash v2.1.1
7.707 Compiling httpdate v1.0.3
7.786 Compiling jobserver v0.1.33
7.873 Compiling base64 v0.22.1
7.965 Compiling toml_datetime v0.6.11
8.039 Compiling subtle v2.6.1
8.432 Compiling winnow v0.7.11
8.517 Compiling ipnet v2.11.0
8.607 Compiling cc v1.2.26
9.165 Compiling lock_api v0.4.13
9.261 Compiling form_urlencoded v1.2.1
9.749 Compiling http-body v1.0.1
9.892 Compiling num-integer v0.1.46
9.930 Compiling rustix v1.0.7
10.09 Compiling indexmap v2.9.0
10.25 Compiling regex-automata v0.4.9
10.25 Compiling parking_lot_core v0.9.11
10.30 Compiling utf8_iter v1.0.4
10.81 Compiling http-body-util v0.1.3
11.08 Compiling rand_core v0.9.3
11.23 Compiling webpki-roots v1.0.0
11.41 Compiling regex-syntax v0.6.29
11.51 Compiling thiserror v2.0.12
11.54 Compiling scopeguard v1.2.0
11.58 Compiling linux-raw-sys v0.9.4
11.71 Compiling anyhow v1.0.98
12.30 Compiling num-iter v0.1.45
12.32 Compiling rdkafka-sys v4.8.0+2.3.0
12.53 Compiling sync_wrapper v1.0.2
12.78 Compiling overload v0.1.1
12.81 Compiling tower-layer v0.3.3
12.99 Compiling hex v0.4.3
13.21 Compiling home v0.5.11
13.29 Compiling rustversion v1.0.21
13.33 Compiling openssl-probe v0.1.6
13.60 Compiling sdd v3.0.8
13.76 Compiling lazy_static v1.5.0
13.93 Compiling rustls-native-certs v0.8.1
14.03 Compiling sharded-slab v0.1.7
14.46 Compiling cexpr v0.6.0
14.68 Compiling scc v2.3.4
15.09 Compiling nu-ansi-term v0.46.0
15.16 Compiling parking_lot v0.12.4
15.28 Compiling filetime v0.2.25
15.37 Compiling tracing-log v0.2.0
15.89 Compiling rustls-pemfile v2.2.0
16.17 Compiling thread_local v1.1.8
16.49 Compiling rust_decimal v1.37.1
16.74 Compiling foreign-types-shared v0.1.1
16.85 Compiling num-conv v0.1.0
16.91 Compiling base64 v0.21.7
16.93 Compiling openssl v0.10.73
17.28 Compiling powerfmt v0.2.0
17.32 Compiling time-core v0.1.4
17.41 Compiling iri-string v0.7.8
17.75 Compiling time-macros v0.2.22
18.14 Compiling toml_edit v0.22.27
18.19 Compiling ppv-lite86 v0.2.21
18.41 Compiling deranged v0.4.0
18.44 Compiling foreign-types v0.3.2
18.58 Compiling etcetera v0.10.0
19.19 Compiling diff v0.1.13
19.28 Compiling rand_chacha v0.9.0
19.41 Compiling heck v0.5.0
19.69 Compiling regex v1.11.1
20.21 Compiling ring v0.17.14
20.42 Compiling openssl-sys v0.9.109
20.47 Compiling libz-sys v1.1.22
21.37 Compiling regex-automata v0.1.10
21.49 Compiling xattr v1.5.0
21.78 Compiling rand v0.9.1
21.82 Compiling iana-time-zone v0.1.63
21.97 Compiling arbitrary v1.4.1
22.11 Compiling cast v0.3.0
22.19 Compiling arrayvec v0.7.6
22.59 Compiling yansi v1.0.1
23.18 Compiling time v0.3.41
23.21 Compiling half v2.6.0
23.28 Compiling synstructure v0.13.2
23.32 Compiling darling_core v0.20.11
24.65 Compiling matchers v0.1.0
24.91 Compiling ulid v1.2.1
25.01 Compiling pretty_assertions v1.4.1
25.68 Compiling modbus v0.1.0 (https://github.com/ZuperZee/modbus-rs.git?rev=6109b272aac0582674511d3262c4ba7c97867aa9#6109b272)
26.22 Compiling project-root v0.2.2
26.51 Compiling proc-macro-crate v3.3.0
26.56 Compiling dotenvy v0.15.7
31.17 Compiling serde_derive v1.0.219
31.18 Compiling zerofrom-derive v0.1.6
31.19 Compiling yoke-derive v0.8.0
31.19 Compiling tokio-macros v2.5.0
31.19 Compiling futures-macro v0.3.31
31.19 Compiling zerovec-derive v0.11.1
31.19 Compiling displaydoc v0.2.5
31.21 Compiling tracing-attributes v0.1.29
31.23 Compiling structmeta-derive v0.3.0
31.24 Compiling thiserror-impl v2.0.12
31.25 Compiling num_enum_derive v0.7.3
31.26 Compiling serde_repr v0.1.20
31.26 Compiling serial_test_derive v3.2.0
31.29 Compiling tracing-test-macro v0.2.5
32.16 Compiling openssl-macros v0.1.1
32.46 Compiling async-trait v0.1.88
33.34 Compiling darling_macro v0.20.11
34.68 Compiling strum_macros v0.26.4
35.46 Compiling tokio v1.45.1
35.48 Compiling smart-default v0.7.1
35.95 Compiling darling v0.20.11
36.15 Compiling serde_with_macros v3.12.0
36.43 Compiling futures-util v0.3.31
38.98 Compiling structmeta v0.3.0
39.47 Compiling rustls-webpki v0.103.3
40.22 Compiling parse-display-derive v0.9.1
40.52 Compiling tracing v0.1.41
41.06 Compiling tracing-subscriber v0.3.19
41.55 Compiling num_enum v0.7.3
42.40 Compiling zerofrom v0.1.6
42.76 Compiling yoke v0.8.0
43.25 Compiling zerovec v0.11.2
43.25 Compiling zerotrie v0.2.2
45.80 Compiling zstd-sys v2.0.15+zstd.1.5.7
46.12 Compiling tinystr v0.8.1
46.12 Compiling potential_utf v0.1.2
46.32 Compiling icu_collections v2.0.0
46.54 Compiling icu_locale_core v2.0.0
46.85 Compiling tracing-test v0.2.5
48.02 Compiling icu_provider v2.0.0
48.75 Compiling icu_properties v2.0.1
48.75 Compiling icu_normalizer v2.0.0
49.15 Compiling parse-display v0.9.1
49.45 Compiling futures-executor v0.3.31
49.83 Compiling futures v0.3.31
49.93 Compiling serial_test v3.2.0
50.84 Compiling idna_adapter v1.2.1
51.15 Compiling idna v1.0.3
54.46 Compiling hyper v1.6.0
54.46 Compiling tokio-rustls v0.26.2
54.46 Compiling tokio-util v0.7.15
54.46 Compiling tower v0.5.2
54.46 Compiling tokio-stream v0.1.17
55.19 Compiling num-bigint v0.4.6
55.19 Compiling serde_urlencoded v0.7.1
55.21 Compiling url v2.5.4
55.21 Compiling num-complex v0.4.6
55.40 Compiling smol_str v0.3.2
55.52 Compiling tower-http v0.6.6
55.75 Compiling chrono v0.4.41
56.20 Compiling uuid v1.17.0
56.49 Compiling tokio-tar v0.3.1
57.94 Compiling hyper-util v0.1.14
58.38 Compiling serde_with v3.12.0
58.38 Compiling docker_credential v1.3.2
58.81 Compiling num-rational v0.4.2
59.85 Compiling num v0.4.3
59.93 Compiling float_plus v2.0.1
59.93 Compiling json_string v0.1.14
61.00 Compiling hyper-rustls v0.27.7
61.00 Compiling hyperlocal v0.9.1
61.18 error: failed to run custom build command for `zstd-sys v2.0.15+zstd.1.5.7`
61.18
61.18 Caused by:
61.18 process didn't exit successfully: `/app/target/debug/build/zstd-sys-89a9d63f415e9a16/build-script-build` (exit status: 101)
61.18 --- stdout
61.18 cargo:rerun-if-env-changed=ZSTD_SYS_USE_PKG_CONFIG
61.18 OUT_DIR = Some(/app/target/x86_64-unknown-linux-musl/debug/build/zstd-sys-7a0427e121eb0dee/out)
61.18 OPT_LEVEL = Some(0)
61.18 TARGET = Some(x86_64-unknown-linux-musl)
61.18 HOST = Some(x86_64-unknown-linux-gnu)
61.18 cargo:rerun-if-env-changed=CC_x86_64-unknown-linux-musl
61.18 CC_x86_64-unknown-linux-musl = None
61.18 cargo:rerun-if-env-changed=CC_x86_64_unknown_linux_musl
61.18 CC_x86_64_unknown_linux_musl = None
61.18 cargo:rerun-if-env-changed=TARGET_CC
61.18 TARGET_CC = None
61.18 cargo:rerun-if-env-changed=CC
61.18 CC = Some(musl-gcc)
61.18 cargo:rerun-if-env-changed=CC_KNOWN_WRAPPER_CUSTOM
61.18 CC_KNOWN_WRAPPER_CUSTOM = None
61.18 RUSTC_WRAPPER = None
61.18 cargo:rerun-if-env-changed=CC_ENABLE_DEBUG_OUTPUT
61.18 cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
61.18 CRATE_CC_NO_DEFAULTS = None
61.18 DEBUG = Some(true)
61.18 CARGO_CFG_TARGET_FEATURE = Some(fxsr,sse,sse2)
61.18 cargo:rerun-if-env-changed=CFLAGS
61.18 CFLAGS = None
61.18 cargo:rerun-if-env-changed=TARGET_CFLAGS
61.18 TARGET_CFLAGS = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64_unknown_linux_musl
61.18 CFLAGS_x86_64_unknown_linux_musl = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64-unknown-linux-musl
61.18 CFLAGS_x86_64-unknown-linux-musl = None
61.18 CARGO_ENCODED_RUSTFLAGS = Some()
61.18 OUT_DIR = Some(/app/target/x86_64-unknown-linux-musl/debug/build/zstd-sys-7a0427e121eb0dee/out)
61.18 cargo:rerun-if-env-changed=CC_ENABLE_DEBUG_OUTPUT
61.18 cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
61.18 CRATE_CC_NO_DEFAULTS = None
61.18 TARGET = Some(x86_64-unknown-linux-musl)
61.18 CARGO_CFG_TARGET_FEATURE = Some(fxsr,sse,sse2)
61.18 HOST = Some(x86_64-unknown-linux-gnu)
61.18 cargo:rerun-if-env-changed=CFLAGS
61.18 CFLAGS = None
61.18 cargo:rerun-if-env-changed=TARGET_CFLAGS
61.18 TARGET_CFLAGS = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64_unknown_linux_musl
61.18 CFLAGS_x86_64_unknown_linux_musl = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64-unknown-linux-musl
61.18 CFLAGS_x86_64-unknown-linux-musl = None
61.18 OUT_DIR = Some(/app/target/x86_64-unknown-linux-musl/debug/build/zstd-sys-7a0427e121eb0dee/out)
61.18 cargo:rerun-if-env-changed=CC_ENABLE_DEBUG_OUTPUT
61.18 cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
61.18 CRATE_CC_NO_DEFAULTS = None
61.18 TARGET = Some(x86_64-unknown-linux-musl)
61.18 CARGO_CFG_TARGET_FEATURE = Some(fxsr,sse,sse2)
61.18 HOST = Some(x86_64-unknown-linux-gnu)
61.18 cargo:rerun-if-env-changed=CFLAGS
61.18 CFLAGS = None
61.18 cargo:rerun-if-env-changed=TARGET_CFLAGS
61.18 TARGET_CFLAGS = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64_unknown_linux_musl
61.18 CFLAGS_x86_64_unknown_linux_musl = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64-unknown-linux-musl
61.18 CFLAGS_x86_64-unknown-linux-musl = None
61.18 OUT_DIR = Some(/app/target/x86_64-unknown-linux-musl/debug/build/zstd-sys-7a0427e121eb0dee/out)
61.18 cargo:rerun-if-env-changed=CC_ENABLE_DEBUG_OUTPUT
61.18 cargo:rerun-if-env-changed=CRATE_CC_NO_DEFAULTS
61.18 CRATE_CC_NO_DEFAULTS = None
61.18 TARGET = Some(x86_64-unknown-linux-musl)
61.18 CARGO_CFG_TARGET_FEATURE = Some(fxsr,sse,sse2)
61.18 HOST = Some(x86_64-unknown-linux-gnu)
61.18 cargo:rerun-if-env-changed=CFLAGS
61.18 CFLAGS = None
61.18 cargo:rerun-if-env-changed=TARGET_CFLAGS
61.18 TARGET_CFLAGS = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64_unknown_linux_musl
61.18 CFLAGS_x86_64_unknown_linux_musl = None
61.18 cargo:rerun-if-env-changed=CFLAGS_x86_64-unknown-linux-musl
61.18 CFLAGS_x86_64-unknown-linux-musl = None
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 exit status: 0
61.18 cargo:rerun-if-env-changed=AR_x86_64-unknown-linux-musl
61.18 AR_x86_64-unknown-linux-musl = None
61.18 cargo:rerun-if-env-changed=AR_x86_64_unknown_linux_musl
61.18 AR_x86_64_unknown_linux_musl = None
61.18 cargo:rerun-if-env-changed=TARGET_AR
61.18 TARGET_AR = None
61.18 cargo:rerun-if-env-changed=AR
61.18 AR = None
61.18 cargo:rerun-if-env-changed=CROSS_COMPILE
61.18 CROSS_COMPILE = None
61.18 RUSTC_LINKER = None
61.18 PATH = Some(/opt/cargo/bin:/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
61.18 cargo:rerun-if-env-changed=ARFLAGS
61.18 ARFLAGS = None
61.18 cargo:rerun-if-env-changed=TARGET_ARFLAGS
61.18 TARGET_ARFLAGS = None
61.18 cargo:rerun-if-env-changed=ARFLAGS_x86_64_unknown_linux_musl
61.18 ARFLAGS_x86_64_unknown_linux_musl = None
61.18 cargo:rerun-if-env-changed=ARFLAGS_x86_64-unknown-linux-musl
61.18 ARFLAGS_x86_64-unknown-linux-musl = None
61.18 cargo:rustc-link-lib=static=zstd
61.18 cargo:rustc-link-search=native=/app/target/x86_64-unknown-linux-musl/debug/build/zstd-sys-7a0427e121eb0dee/out
61.18 cargo:root=/app/target/x86_64-unknown-linux-musl/debug/build/zstd-sys-7a0427e121eb0dee/out
61.18 cargo:include=/opt/cargo/registry/src/index.crates.io-1949cf8c6b5b557f/zstd-sys-2.0.15+zstd.1.5.7/zstd/lib
61.18
61.18 --- stderr
61.18
61.18 thread 'main' panicked at /opt/cargo/registry/src/index.crates.io-1949cf8c6b5b557f/bindgen-0.71.1/lib.rs:604:27:
61.18 Unable to find libclang: "couldn't find any valid shared libraries matching: ['libclang.so', 'libclang-*.so', 'libclang.so.*', 'libclang-*.so.*'], set the `LIBCLANG_PATH` environment variable to a path where one of these files can be found (invalid: [])"
61.18 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
61.18 warning: build failed, waiting for other jobs to finish...
------
musl.Dockerfile:69
--------------------
67 | COPY . .
68 |
69 | >>> RUN cargo build --target=x86_64-unknown-linux-musl
70 |
--------------------
ERROR: failed to solve: process "/bin/bash -eux -o pipefail -c cargo build --target=x86_64-unknown-linux-musl" did not complete successfully: exit code: 101
What else needs to be done in the Dockerfile?
I managed to make it work when running the commands from inside the container via interactive terminal. But when I put the exact same sequence of commands in Dockerfile, it fails for some reason:
musl.Dockerfile
FROM clux/muslrust:1.87.0-stable-2025-06-24 AS builder
WORKDIR /app
Required packages
RUN apt-get update &&
apt-get install -y pkg-config clang wget build-essential musl-tools
libssl-dev build-essential wget lsb-release software-properties-common &&
wget https://apt.llvm.org/llvm.sh &&
chmod +x /app/llvm.sh &&
/app/llvm.sh 20 &&
apt-get install -y libclang-20-dev
ENV OPENSSL_INCLUDE_DIR=/usr/include ENV OPENSSL_LIB_DIR=/usr/lib/x86_64-linux-gnu
Convenience list of versions and variables for compilation later on
This helps continuing manually if anything breaks.
ENV SSL_VER="1.1.1w" ENV ZLIB_VER="1.3.1" ENV PQ_VER="11.12"
Set up a prefix for musl build libraries, make the linker's job of finding them easier
Primarily for the benefit of postgres.
Lastly, link some linux-headers for openssl 1.1 (not used herein)
RUN echo "$PREFIX/lib" >> /etc/ld-musl-x86_64.path &&
ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/x86_64-linux-musl/asm &&
ln -s /usr/include/asm-generic /usr/include/x86_64-linux-musl/asm-generic &&
ln -s /usr/include/linux /usr/include/x86_64-linux-musl/linux
Build openssl (used in pq)
Would like to use zlib here, but can't seem to get it to work properly
TODO: fix so that it works
RUN curl -sSL https://www.openssl.org/source/openssl-$SSL_VER.tar.gz | tar xz &&
cd openssl-$SSL_VER &&
./Configure no-zlib no-shared -fPIC --prefix=$PREFIX --openssldir=$PREFIX/ssl linux-x86_64 &&
env C_INCLUDE_PATH=$PREFIX/include make depend 2> /dev/null &&
make -j$(nproc) &&
make all install_sw &&
cd .. &&
rm -rf openssl-$SSL_VER
Build libpq
RUN curl -sSL https://ftp.postgresql.org/pub/source/v$PQ_VER/postgresql-$PQ_VER.tar.gz | tar xz &&
cd postgresql-$PQ_VER &&
CC="musl-gcc -fPIE -pie" LDFLAGS="-L$PREFIX/lib" CFLAGS="-I$PREFIX/include" ./configure
--without-readline
--with-openssl
--prefix=$PREFIX --host=x86_64-unknown-linux-musl &&
cd src/interfaces/libpq &&
make -s -j $(nproc) all-static-lib &&
make -s install install-lib-static &&
cd ../../bin/pg_config &&
make -j $(nproc) &&
make install &&
cd .. &&
rm -rf postgresql-$PQ_VER
SSL cert directories get overridden by --prefix and --openssldirAdd commentMore actions
and they do not match the typical host configurations.
The SSL_CERT_* vars fix this, but only when inside this container
musl-compiled binary must point SSL at the correct certs (muslrust/issues/5) elsewhere
Postgres bindings need vars so that diesel_codegen.so uses the GNU deps at build time
but finally links with the static libpq.a at the end.
It needs the non-musl pg_config to set this up with libpq-dev (depending on libssl-dev)
See https://github.com/sgrif/pq-sys/pull/18
ENV PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=true ENV OPENSSL_STATIC=true ENV OPENSSL_DIR=$PREFIX ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt ENV SSL_CERT_DIR=/etc/ssl/certs
WORKDIR /app COPY . .
RUN cargo build --target=x86_64-unknown-linux-musl
to be clear, i don't actually want openssl included in this image either. if you want openssl in the image, that's up to a fork.
if rustls-openssl works without it, then that's great. but looking at it more; rustls-openssl relies on openssl-sys and it selects a -sys library demanding extra C. maybe you could force openssl-sys to use aws-lc-rs/boring and get rdkafka features to accept that somehow, but might be difficult.
I figured out how to add openssl back. Maybe we can add this in the docs for those who want openssl?
muslrust_with_openssl.Dockerfile
FROM clux/muslrust:1.87.0-stable-2025-06-24 AS builder
WORKDIR /volume
# Required packages
RUN apt-get update && \
apt-get install -y pkg-config clang wget build-essential musl-tools \
libssl-dev build-essential wget lsb-release software-properties-common && \
wget https://apt.llvm.org/llvm.sh && \
chmod +x /volume/llvm.sh && \
/volume/llvm.sh 20 && \
apt-get install -y libclang-20-dev
# Set up a prefix for musl build libraries, make the linker's job of finding them easier
# Primarily for the benefit of postgres.
# Lastly, link some linux-headers for openssl 1.1 (not used herein)
RUN echo "$PREFIX/lib" >> /etc/ld-musl-x86_64.path && \
ln -s /usr/include/x86_64-linux-gnu/asm /usr/include/x86_64-linux-musl/asm && \
ln -s /usr/include/asm-generic /usr/include/x86_64-linux-musl/asm-generic && \
ln -s /usr/include/linux /usr/include/x86_64-linux-musl/linux
# Build openssl (used in pq)
# Would like to use zlib here, but can't seem to get it to work properly
ENV SSL_VER="1.1.1w"
RUN curl -sSL https://www.openssl.org/source/openssl-$SSL_VER.tar.gz | tar xz
WORKDIR /volume/openssl-$SSL_VER
RUN /volume/openssl-$SSL_VER/Configure no-zlib no-shared -fPIC --prefix=$PREFIX --openssldir=$PREFIX/ssl linux-x86_64 && \
env C_INCLUDE_PATH=$PREFIX/include make depend 2> /dev/null && \
make -j$(nproc) && \
make all install_sw
WORKDIR /volume
RUN rm -rf openssl-$SSL_VER
# Build libpq
ENV PQ_VER="11.12"
RUN curl -sSL https://ftp.postgresql.org/pub/source/v$PQ_VER/postgresql-$PQ_VER.tar.gz | tar xz
WORKDIR /volume/postgresql-$PQ_VER
RUN CC="musl-gcc -fPIE -pie" LDFLAGS="-L$PREFIX/lib" CFLAGS="-I$PREFIX/include" ./configure \
--without-readline \
--with-openssl \
--prefix=$PREFIX --host=x86_64-unknown-linux-musl
WORKDIR /volume/postgresql-11.12/src/interfaces/libpq
RUN make -s -j $(nproc) all-static-lib && \
make -s install install-lib-static
WORKDIR /volume/postgresql-11.12/src/bin/pg_config
RUN make -j $(nproc) && \
make install
WORKDIR /volume/postgresql-11.12/src/bin
RUN rm -rf postgresql-$PQ_VER
ENV PQ_LIB_STATIC_AARCH64_UNKNOWN_LINUX_MUSL=true \
OPENSSL_STATIC=1 \
OPENSSL_DIR=$PREFIX \
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
SSL_CERT_DIR=/etc/ssl/certs
WORKDIR /app
nice.
i don't want to advocate for it too hard because postgres 11 and openssl 1 are both almost 2 years past EOL, but happy to link to this issue or your comment.