From 6db1facb3b112875bc371c3bcedd638ab71ef99c Mon Sep 17 00:00:00 2001 From: casjay Date: Sun, 21 Jun 2026 19:24:30 -0400 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20Replace=20curl=20GitHub=20downlo?= =?UTF-8?q?ads=20with=20cargo=20install=20in=20rust-tools=20stage=20?= =?UTF-8?q?=F0=9F=94=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The build host's SSL intercept breaks system curl to *.github.com (cert SAN mismatch). Cargo uses its own bundled TLS stack and is not affected. - Dockerfile: remove sccache curl download (was failing with SSL error) - Dockerfile: remove cargo-binstall curl bootstrap (same SSL failure path) - Dockerfile: replace both with `cargo install cargo-binstall` (Rust TLS, no curl) - Dockerfile: remove curlrc IPv4 workaround (no curl calls remain in rust-tools) - Dockerfile: remove jq from apk (was only used for sccache version parsing) - Dockerfile: remove RUSTC_WRAPPER/SCCACHE_DIR exports from binstall RUN block - Dockerfile: remove sccache-native cache mount (unused without RUSTC_WRAPPER) Dockerfile --- Dockerfile | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6e0fc87..d3d0538 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,15 +40,11 @@ FROM tianon/gosu:latest AS gosu FROM --platform=$BUILDPLATFORM rust:alpine AS rust-tools ARG TARGETARCH -# Force IPv4 for all curl calls — IPv6 routing on this host intercepts -# *.github.com and presents a cert for a local domain, causing SSL SAN mismatch -RUN printf -- '-4\n' > /root/.curlrc - # zig acts as a universal C/C++ cross-compiler — ships with bundled musl headers # and stdlib for all targets, so no separate musl-cross toolchain is needed. # Wrapper scripts named aarch64-linux-musl-{gcc,g++,ar} let the CARGO_TARGET_* # env vars below work without any changes. -RUN apk add --no-cache curl jq zig \ +RUN apk add --no-cache zig \ && printf '#!/bin/sh\nexec zig cc -target aarch64-linux-musl "$@"\n' \ > /usr/local/bin/aarch64-linux-musl-gcc \ && printf '#!/bin/sh\nexec zig c++ -target aarch64-linux-musl "$@"\n' \ @@ -75,20 +71,10 @@ ENV CC_aarch64_unknown_linux_musl=aarch64-linux-musl-gcc ENV CXX_aarch64_unknown_linux_musl=aarch64-linux-musl-g++ ENV AR_aarch64_unknown_linux_musl=aarch64-linux-musl-ar -# Install native (x86_64) sccache to /usr/local/bin for use as RUSTC_WRAPPER -# during this stage; kept separate from the target-arch sccache in /rust-tools/bin -RUN set -e; \ - SCCACHE_VER="$(curl -fsSL https://api.github.com/repos/mozilla/sccache/releases/latest | jq -r '.tag_name')"; \ - SCCACHE_ASSET="sccache-${SCCACHE_VER}-x86_64-unknown-linux-musl"; \ - curl -fsSL "https://github.com/mozilla/sccache/releases/download/${SCCACHE_VER}/${SCCACHE_ASSET}.tar.gz" \ - | tar xz -C /tmp; \ - install -m 755 "/tmp/${SCCACHE_ASSET}/sccache" /usr/local/bin/sccache; \ - rm -rf "/tmp/${SCCACHE_ASSET}" - -# Bootstrap native (x86_64) cargo-binstall -RUN curl -fsSL "https://github.com/cargo-bins/cargo-binstall/releases/latest/download/cargo-binstall-x86_64-unknown-linux-musl.tgz" \ - | tar xz -C /usr/local/cargo/bin cargo-binstall && \ - chmod 755 /usr/local/cargo/bin/cargo-binstall +# Bootstrap cargo-binstall via cargo install — avoids system curl's SSL issues. +# Cargo uses its own bundled TLS stack (not affected by the host SSL intercept +# that blocks curl to *.github.com). Layer cache absorbs the one-time compile cost. +RUN cargo install cargo-binstall # All tool binaries land in /rust-tools/bin — cleanly separate from rustup shims RUN mkdir -p /rust-tools/bin @@ -100,11 +86,8 @@ ENV CARGO_INSTALL_ROOT=/rust-tools # Prebuilts are downloaded directly; source fallbacks cross-compile on amd64. RUN --mount=type=cache,id=cargo-registry-native,sharing=shared,target=/usr/local/cargo/registry \ --mount=type=cache,id=cargo-git-native,sharing=locked,target=/usr/local/cargo/git \ - --mount=type=cache,id=sccache-native,sharing=locked,target=/root/.cache/sccache \ set -o pipefail; \ RUST_TARGET="$(cat /tmp/rust-target)"; \ - export RUSTC_WRAPPER=/usr/local/bin/sccache; \ - export SCCACHE_DIR=/root/.cache/sccache; \ cargo binstall -y --target "${RUST_TARGET}" \ cargo-edit \ cargo-watch \