gnosis/lighthouse
1
0
Fork 0
mirror of https://github.com/sigp/lighthouse.git synced 2026-04-20 22:38:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update reproducible build to Debian Bookworm (stable)

Browse Source 
- Rust builder: rust:1.88-bookworm (multi-arch index digest)
- Runtime: distroless/cc-debian12:nonroot (Bookworm, pinned by index digest)
- Build deps bumped to Bookworm versions:
    libclang-dev 1:14.0-55.7~deb12u1
    cmake         3.25.1-1
    libjemalloc-dev 5.3.0-1
- libz.so.1 search path updated /lib → /usr/lib (moved in Bookworm)

Co-Authored-By: Claude Sonnet 4 <noreply@anthropic.com>
This commit is contained in:
antondlr
2026-04-20 13:44:55 +02:00
parent f0500a01ee
commit d1078c02af
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Dockerfile.reproducible
View File

@@ -1,12 +1,15 @@
# Single version tag to maintain for reproducible builds.
# This multi-arch index digest resolves to the correct arch-specific image at build time.
# To update: run `docker manifest inspect rust:X.Y-bullseye --verbose` and replace the digest below.
# rust:1.88-bullseye
ARG RUST_IMAGE="rust:1.88-bullseye@sha256:60c95b78b164bc809090509235ab00797a07740fe8733b48593cd42de72b5ee1"
# To update: run `docker buildx imagetools inspect rust:X.Y-bookworm` and replace the digest below.
# rust:1.88-bookworm
ARG RUST_IMAGE="rust:1.88-bookworm@sha256:af306cfa71d987911a781c37b59d7d67d934f49684058f96cf72079c3626bfe0"
FROM ${RUST_IMAGE} AS builder
# Install specific version of the build dependencies
RUN apt-get update && apt-get install -y libclang-dev=1:11.0-51+nmu5 cmake=3.18.4-2+deb11u1 libjemalloc-dev=5.2.1-3
# Install pinned versions of the build dependencies
RUN apt-get update && apt-get install -y \
libclang-dev=1:14.0-55.7~deb12u1 \
cmake=3.25.1-1 \
libjemalloc-dev=5.3.0-1
ARG RUST_TARGET="x86_64-unknown-linux-gnu"
@@ -24,12 +27,12 @@ RUN make build-reproducible
# libz lives under an arch-specific triplet dir; normalise to /libs/ for a clean COPY below.
RUN mv /app/target/${RUST_TARGET}/release/lighthouse /lighthouse \
&& mkdir /libs \
&& find /lib -maxdepth 3 -name "libz.so.1" -exec cp {} /libs/ \;
&& find /usr/lib -maxdepth 3 -name "libz.so.1" -exec cp {} /libs/ \;
# Final image: distroless/cc-debian11 (Bullseye) — matches builder OS for ABI compatibility.
# Final image: distroless/cc-debian12 (Bookworm) — matches builder OS for ABI compatibility.
# The cc variant already includes libc, libgcc, and libstdc++.
# gcr.io/distroless/cc-debian11:nonroot
FROM gcr.io/distroless/cc-debian11:nonroot@sha256:f7fa4923556853754e9ff647df410d5711fc4d99a8dafa777ec617cf4a6700f6
# gcr.io/distroless/cc-debian12:nonroot
FROM gcr.io/distroless/cc-debian12:nonroot@sha256:e2d29aec8061843706b7e484c444f78fafb05bfe47745505252b1769a05d14f1
COPY --from=builder /libs/libz.so.1 /usr/lib/
COPY --from=builder /lighthouse /lighthouse