sccache source compilation fails for aarch64-musl (openssl-sys has no
musl cross-compile headers). With RUSTC_WRAPPER=sccache set
unconditionally, any arm64 image user who ran cargo hit an immediate
exec error. Guard the wrapper so it is only set when sccache is
actually present in PATH.
cargo-info v0.7.7 depends on openssl-sys and has no arm64-musl
prebuilt on QuickInstall or GitHub Releases. It was wasting ~15 min
of cold-cache build time before failing. Remove it from the tool list.
sccache is now installed as a separate binstall-only line (no source
fallback) so it silently skips on targets where no prebuilt exists,
rather than blocking the build for 15 minutes before failing.
- Dockerfile: remove cargo-info from bulk list; extract sccache to
standalone `cargo binstall ... 2>/dev/null || true` (prebuilt-only)
- rootfs/root/docker/setup/05-custom.sh: guard SCCACHE_DIR and
RUSTC_WRAPPER inside `if command -v sccache` block
Dockerfile
rootfs/root/docker/setup/05-custom.sh
Eliminates QEMU arm64 build (was ~15 hours) by adding a
`rust-tools` stage that mirrors the Go image's `go-tools` pattern:
runs on the build platform (amd64), cross-compiles or downloads all
~50 Rust tools for the target arch, and activates sccache throughout.
Build time for linux/arm64: ~15 hours → ~30–60 minutes.
How it works:
- `FROM --platform=$BUILDPLATFORM rust:alpine AS rust-tools` runs natively
- `cargo binstall --target $RUST_TARGET` fetches GitHub release prebuilts
(zero compilation for most tools)
- Missing prebuilts fall back to `cargo install --target` using the
`aarch64-linux-musl-gcc` cross-toolchain (no QEMU, native speed)
- Native (x86_64) sccache installed as RUSTC_WRAPPER so source-compiled
tools are cached across Docker rebuilds
- `CARGO_INSTALL_ROOT=/rust-tools` keeps tool binaries separate from
rustup shims; `COPY --from=rust-tools /rust-tools/bin/` drops them
into the build stage before `05-custom.sh` runs
Pure-Rust / no-OpenSSL feature flags where possible (CGO=0 equivalent):
- `sqlx-cli`: `--features rustls` (was native-tls)
- `sea-orm-cli`: `--features runtime-tokio-rustls` (was native-tls default)
- `trunk`: already defaults to rustls — no change needed
- `probe-rs`: prebuilt if available, silently skipped otherwise (needs libusb)
sccache is now active by default in all login shells via profile.d/rust.sh
(`RUSTC_WRAPPER=sccache`); opt out with `-e RUSTC_WRAPPER=`.
- Dockerfile: add 110-line rust-tools stage with musl cross-toolchain,
sccache, cargo-binstall, all tool installs for target arch
- Dockerfile: COPY --from=rust-tools before 05-custom.sh RUN step
- Dockerfile: set RUSTC_WRAPPER in build stage; drop unused cargo-registry
and cargo-git cache mounts (no longer needed there)
- rootfs/root/docker/setup/05-custom.sh: remove cargo-binstall bootstrap
and all cargo binstall/install blocks; add RUSTC_WRAPPER to profile.d
- README.md: document rust-tools stage, native cross-compile architecture,
expected build times, sccache-on-by-default, pure-Rust feature flags,
updated cache mount ID table
Dockerfile
README.md
rootfs/root/docker/setup/05-custom.sh
Register QEMU binfmt handlers and fix cache mounts + binstall
resilience so the image builds correctly on both platforms.
- Dockerfile: declare ARG TARGETARCH in build stage; suffix all
arch-specific cache mount ids with ${TARGETARCH} so amd64 and
arm64 get isolated apk, rustup-downloads, cargo-git, and sccache
caches — cargo-registry stays shared (source is arch-neutral)
- rootfs/root/docker/setup/05-custom.sh: append || true to the main
cargo binstall -y block so a single tool with no arm64-musl prebuilt
and a failing source fallback does not abort the entire layer; add
comment explaining the intent
Dockerfile
rootfs/root/docker/setup/05-custom.sh
Stale copies called __initialize_default_templates, __initialize_config_dir,
and __initialize_data_dir which are not in the old functions library,
causing container startup failures. Replaced with current template
versions (202606041210-git) which no longer call those missing functions.
- rootfs/usr/local/bin/entrypoint.sh: update to current template
- rootfs/usr/local/etc/docker/functions/entrypoint.sh: update to current template
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/etc/docker/functions/entrypoint.sh
--domainname on the container sets the kernel domainname, which c-ares
uses to infer a search domain even when /etc/resolv.conf has no search
line. This caused c-ares to query github.com.casjay.work AAAA and get
the host's own IPv6 address, routing all outbound HTTPS to the local
nginx instead of the real server.
Adding 'search .' and 'options ndots:0' explicitly disables search
domain inference regardless of the kernel domainname setting.
- rootfs/usr/local/etc/resolv.conf: add search . and options ndots:0
rootfs/usr/local/etc/resolv.conf
Hosts with a search domain cause containers to inherit it. When the
zone has a wildcard AAAA record, public hostnames resolve to the host's
own IPv6 address instead of the real server, breaking all outbound
HTTPS and DNS from inside the container.
The entrypoint already has a hook: if /usr/local/etc/resolv.conf
exists it replaces /etc/resolv.conf at container startup. Ship a
clean resolv.conf with Cloudflare + Google DNS and no search domain
so container DNS is always correct regardless of host configuration.
- rootfs/usr/local/etc/resolv.conf: new file — clean DNS, no search domain
rootfs/usr/local/etc/resolv.conf
Synced from casjay-dotfiles templates. Updated functions now check
for existence before copying template-files directories, skipping
gracefully when they are absent.
- rootfs/usr/local/etc/docker/functions/entrypoint.sh: updated to latest
rootfs/usr/local/etc/docker/functions/entrypoint.sh
- README rewritten from 137 → 439 lines: full tool tables, env var reference, volume/cache guide, cross-compile target matrix, sccache remote backend docs, BuildKit cache mount info
- Update image name from `casjaysdevdocker/rust` to `casjaysdev/rust` throughout
- Add `clang-dev`, `llvm-dev`, `openssl-libs-static` to build deps; add `perf` (non-fatal) for flamegraph/samply support
- Fix rustup nightly component flag syntax (split into two `--component` flags)
- Move `cargo-nextest` to fallback block with `--locked`; rename `typos` → `typos-cli` and `cargo-flamegraph` → `flamegraph` to match correct crate names
README.md
rootfs/root/docker/setup/05-custom.sh
Cache strategy: BuildKit --mount=type=cache on apk and cargo/rustup/sccache
directories so docker build never re-downloads packages between runs.
sccache is available as a compilation cache; mount /root/.cache/sccache at
runtime to persist compiled artifacts across container invocations.
Added gdb, a nightly toolchain (miri + rust-src), and a broad set of
linting, formatting, debugging, fuzzing, and analysis tools.
- Dockerfile: add # syntax=docker/dockerfile:1 pragma; add BuildKit cache
mount for /var/cache/apk on the packages RUN step; add cache mounts for
cargo/registry (shared), cargo/git, rustup/downloads, and sccache on the
custom commands RUN step; add SCCACHE_DIR and CARGO_INCREMENTAL ENV vars;
extend VOLUME to include /root/.cache/sccache
- rootfs/root/docker/setup/05-custom.sh: add gdb to system packages;
install nightly toolchain (minimal profile) with miri + rust-src; extend
binstall block with sccache, typos, taplo-cli, cargo-sort, cargo-hack,
cargo-criterion, dprint, cargo-careful, cargo-public-api,
cargo-spellcheck, cargo-geiger, grcov; add fallback cargo installs for
cargo-udeps, cargo-fuzz, cargo-minimal-versions; export SCCACHE_DIR and
CARGO_INCREMENTAL in /etc/profile.d/rust.sh; create /root/.cache/sccache
Dockerfile
rootfs/root/docker/setup/05-custom.sh
Install latest stable Rust at build time via rustup-init with SHA256
verification. Add 30 cross-compile targets, cargo-binstall, and a
comprehensive set of cargo development tools. Match the official
rust:alpine env-var convention (RUSTUP_HOME / CARGO_HOME) and declare
those paths as Docker VOLUMEs. Add the Go-image pattern: rust-workflow
runs automatically when the container is invoked with no args, while
explicit commands pass through unchanged. Copy language-agnostic
healthcheck, copy, and symlink utilities from the Go image.
- Dockerfile: WORKDIR /app in final stage; add RUSTUP_HOME, CARGO_HOME,
RUSTUP_TOOLCHAIN ENV vars; extend VOLUME to include cargo and rustup paths
- rootfs/root/docker/setup/05-custom.sh: full Rust toolchain install —
build deps (build-base musl-dev clang lld cmake openssl-dev), SHA256-
verified rustup-init, stable toolchain with rust-src/rust-analyzer/
llvm-tools-preview, 30 cross-compile targets, cargo-binstall bootstrap,
cargo tool suite via binstall, cross-linker config.toml, /usr/local/bin
symlinks, ~/.cargo and ~/.rustup home symlinks, /etc/profile.d/rust.sh
- rootfs/usr/local/bin/rust-workflow: default workflow script —
fmt --check → clippy -D warnings → test --all → build --release;
honours CARGO_WORKDIR and CARGO_BUILD_TARGET env vars
- rootfs/usr/local/bin/entrypoint.sh: __no_exit guarded by $# -eq 0 in
START_SERVICES block; * catch-all now calls rust-workflow on no args
- rootfs/usr/local/bin/healthcheck: copied from Go image (HTTP/TCP/
process/file health probe)
- rootfs/usr/local/bin/copy: copied from Go image (recursive copy utility)
- rootfs/usr/local/bin/symlink: copied from Go image (symlink utility)
Dockerfile
rootfs/root/docker/setup/05-custom.sh
rootfs/usr/local/bin/copy
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/bin/healthcheck
rootfs/usr/local/bin/rust-workflow
rootfs/usr/local/bin/symlink
Update the embedded entrypoint copies in rootfs/ to match the
upstream template change. Internal state files renamed to dotfiles
so they're not matched by `/run/*.pid` cleanup globs:
- /run/init.d/entrypoint.pid -> /run/.entrypoint.pid
- /run/no_exit.pid -> /run/.no_exit.pid
- /run/backup.pid -> /run/.backup.pid
- /run/__start_init_scripts.pid -> /run/.start_init_scripts.pid
Per-service PIDs in /run/init.d/ are unchanged.
Dockerfile
.env.scripts
rootfs/usr/local/bin/copy
rootfs/usr/local/bin/entrypoint.sh
rootfs/usr/local/bin/healthcheck
rootfs/usr/local/bin/symlink
rootfs/usr/local/etc/docker/functions/entrypoint.sh
rootfs/usr/local/etc/docker/init.d/00-rust.sh
rootfs/usr/local/share/template-files/config/env/default.sample
rootfs/usr/local/share/template-files/config/env/examples/zz-entrypoint.sh
jason
