DEV: use consistent third-party installation method (#610)

* DEV: use consistent third-party installation method

* FIX: slim base image build on aarch64

image/base/install-imagemagick

@@ -13,11 +13,11 @@ WDIR=/tmp/imagemagick
 
 # Install build deps
 apt -y -q remove imagemagick
-apt -y -q install git make gcc pkg-config autoconf curl g++ \
-    yasm cmake \
+apt -y -q install git make gcc pkg-config autoconf curl g++ yasm cmake \
     libde265-0 libde265-dev ${LIBJPEGTURBO} x265 libx265-dev libtool \
-    libpng16-16 libpng-dev ${LIBJPEGTURBO} libwebp6 libwebp-dev libgomp1 libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils \
-    libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev
+    libpng16-16 libpng-dev ${LIBJPEGTURBO} libwebp6 libwebp-dev libgomp1 \
+    libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils \
+    libltdl7-dev libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev
 
 # Use backports instead of compiling it
 apt -y -q install -t bullseye-backports libheif1 libaom-dev libheif-dev
@@ -26,7 +26,7 @@ mkdir -p $WDIR
 cd $WDIR
 
 # Build and install ImageMagick
-wget -O $WDIR/ImageMagick.tar.gz "https://github.com/ImageMagick/ImageMagick/archive/$IMAGE_MAGICK_VERSION.tar.gz"
+wget -q -O $WDIR/ImageMagick.tar.gz "https://github.com/ImageMagick/ImageMagick/archive/$IMAGE_MAGICK_VERSION.tar.gz"
 sha256sum $WDIR/ImageMagick.tar.gz
 echo "$IMAGE_MAGICK_HASH $WDIR/ImageMagick.tar.gz" | sha256sum -c
 IMDIR=$WDIR/$(tar tzf $WDIR/ImageMagick.tar.gz --wildcards "ImageMagick-*/configure" |cut -d/ -f1)
@@ -58,3 +58,6 @@ make all && make install
 cd $HOME
 rm -rf $WDIR
 ldconfig /usr/local/lib
+
+# Validate ImageMagick install
+test $(convert -version | grep -o -e png -e tiff -e jpeg -e freetype -e heic -e webp | wc -l) -eq 6

image/base/install-jemalloc

@@ -0,0 +1,26 @@
+#!/bin/bash
+set -e
+
+# version check: https://github.com/jemalloc/jemalloc/releases
+
+# jemalloc stable
+mkdir /jemalloc-stable
+cd /jemalloc-stable
+
+wget -q https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2
+sha256sum jemalloc-3.6.0.tar.bz2
+echo "e16c2159dd3c81ca2dc3b5c9ef0d43e1f2f45b04548f42db12e7c12d7bdf84fe jemalloc-3.6.0.tar.bz2" | sha256sum -c
+tar --strip-components=1 -xjf jemalloc-3.6.0.tar.bz2
+./configure --prefix=/usr && make && make install
+cd / && rm -rf /jemalloc-stable
+
+# jemalloc new
+mkdir /jemalloc-new
+cd /jemalloc-new
+
+wget -q https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2
+sha256sum jemalloc-5.2.1.tar.bz2
+echo "34330e5ce276099e2e8950d9335db5a875689a4c6a56751ef3b1d8c537f887f6 jemalloc-5.2.1.tar.bz2" | sha256sum -c
+tar --strip-components=1 -xjf jemalloc-5.2.1.tar.bz2 
+./configure --prefix=/usr --with-install-suffix=5.2.1 && make build_lib && make install_lib
+cd / && rm -rf /jemalloc-new

image/base/install-nginx

@@ -5,17 +5,15 @@ set -e
 VERSION=1.21.6
 HASH="66dc7081488811e9f925719e34d1b4504c2801c81dee2920e5452a86b11405ae"
 
-apt install -y autoconf
-
 cd /tmp
-curl -O https://nginx.org/download/nginx-$VERSION.tar.gz
+wget -q https://nginx.org/download/nginx-$VERSION.tar.gz
 sha256sum nginx-$VERSION.tar.gz
 echo "$HASH nginx-$VERSION.tar.gz" | sha256sum -c
 tar zxf nginx-$VERSION.tar.gz
 cd nginx-$VERSION
 
 # nginx-common for boilerplate files etc.
-apt install -y nginx-common libpcre3 libpcre3-dev zlib1g zlib1g-dev
+apt install -y nginx-common
 
 cd /tmp
 # this is the reason we are compiling by hand...

image/base/install-oxipng

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+# version check: https://github.com/shssoichiro/oxipng/releases
+OXIPNG_VERSION="5.0.1"
+OXIPNG_FILE="oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz"
+OXIPNG_HASH="89240cfd863f8007ab3ad95d88dc2ce15fc003a0421508728d73fec1375f19b6"
+
+# Install other deps
+apt -y -q install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng
+
+mkdir /oxipng-install
+cd /oxipng-install
+
+wget -q https://github.com/shssoichiro/oxipng/releases/download/v${OXIPNG_VERSION}/${OXIPNG_FILE}
+sha256sum ${OXIPNG_FILE}
+echo "${OXIPNG_HASH} ${OXIPNG_FILE}" | sha256sum -c
+
+tar --strip-components=1 -xzf $OXIPNG_FILE
+cp -v ./oxipng /usr/local/bin
+cd / && rm -fr /oxipng-install

image/base/install-redis

@@ -7,7 +7,7 @@ REDIS_HASH="5b2b8b7a50111ef395bf1c1d5be11e6e167ac018125055daa8b5c2317ae131ab"
 
 cd /tmp
 # Prepare Redis source.
-wget http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz
+wget -q http://download.redis.io/releases/redis-$REDIS_VERSION.tar.gz
 sha256sum redis-$REDIS_VERSION.tar.gz
 echo "$REDIS_HASH redis-$REDIS_VERSION.tar.gz" | sha256sum -c
 

image/base/install-ruby

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+RUBY_VERSION="2.7.5"
+
+mkdir /src 
+git -C /src clone https://github.com/rbenv/ruby-build.git
+cd /src/ruby-build && ./install.sh
+cd / && rm -fr /src
+
+ruby-build ${RUBY_VERSION} /usr/local

image/base/slim.Dockerfile

@@ -11,11 +11,9 @@ ENV RAILS_ENV production
 RUN echo 2.0.`date +%Y%m%d` > /VERSION
 
 RUN echo 'deb http://deb.debian.org/debian bullseye-backports main' > /etc/apt/sources.list.d/bullseye-backports.list
-RUN apt update && apt install -y gnupg sudo curl
 RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
-RUN apt update && apt -y install fping
+RUN apt update && apt -y install gnupg sudo curl fping
 RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt update || true"
-RUN apt -y install software-properties-common
 RUN apt-mark hold initscripts
 RUN apt -y upgrade
 
@@ -34,9 +32,10 @@ RUN apt -y update
 # install these without recommends to avoid pulling in e.g.
 # X11 libraries, mailutils
 RUN apt -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
-RUN apt -y install build-essential ca-certificates rsync \
+RUN apt -y install autoconf build-essential ca-certificates rsync \
                        libxslt-dev libcurl4-openssl-dev \
                        libssl-dev libyaml-dev libtool \
+                       libpcre3 libpcre3-dev zlib1g zlib1g-dev \
                        libxml2-dev gawk parallel \
                        postgresql-${PG_MAJOR} postgresql-client-${PG_MAJOR} \
                        postgresql-contrib-${PG_MAJOR} libpq-dev libreadline-dev \
@@ -59,47 +58,30 @@ RUN cd / &&\
     npm install -g terser &&\
     npm install -g uglify-js
 
+ADD install-imagemagick /tmp/install-imagemagick
+RUN /tmp/install-imagemagick
+
+ADD install-jemalloc /tmp/install-jemalloc
+RUN /tmp/install-jemalloc
+
 ADD install-nginx /tmp/install-nginx
 RUN /tmp/install-nginx
 
-RUN apt -y install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng
-
-RUN mkdir /oxipng-install && cd /oxipng-install &&\
-      wget https://github.com/shssoichiro/oxipng/releases/download/v5.0.1/oxipng-5.0.1-x86_64-unknown-linux-musl.tar.gz &&\
-      tar -xzf oxipng-5.0.1-x86_64-unknown-linux-musl.tar.gz && cd oxipng-5.0.1-x86_64-unknown-linux-musl &&\
-      cp oxipng /usr/local/bin &&\
-      cd / && rm -rf /oxipng-install
-
-RUN mkdir /jemalloc-stable && cd /jemalloc-stable &&\
-      wget https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2 &&\
-      tar -xjf jemalloc-3.6.0.tar.bz2 && cd jemalloc-3.6.0 && ./configure --prefix=/usr && make && make install &&\
-      cd / && rm -rf /jemalloc-stable
-
-RUN mkdir /jemalloc-new && cd /jemalloc-new &&\
-      wget https://github.com/jemalloc/jemalloc/releases/download/5.2.1/jemalloc-5.2.1.tar.bz2 &&\
-      tar -xjf jemalloc-5.2.1.tar.bz2 && cd jemalloc-5.2.1 && ./configure --prefix=/usr --with-install-suffix=5.2.1 && make build_lib && make install_lib &&\
-      cd / && rm -rf /jemalloc-new
-
-RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
-    mkdir /src && git -C /src clone https://github.com/rbenv/ruby-build.git &&\
-    cd /src/ruby-build && ./install.sh &&\
-    cd / && rm -rf /src/ruby-build && (ruby-build 2.7.5 /usr/local)
-
-RUN gem update --system
-
-RUN gem install bundler pups --force &&\
-    mkdir -p /pups/bin/ &&\
-    ln -s /usr/local/bin/pups /pups/bin/pups &&\
-    rm -rf /usr/local/share/ri/2.7.5/system
+ADD install-oxipng /tmp/install-oxipng
+RUN /tmp/install-oxipng
 
 ADD install-redis /tmp/install-redis
 RUN /tmp/install-redis
 
-ADD install-imagemagick /tmp/install-imagemagick
-RUN /tmp/install-imagemagick
+ADD install-ruby /tmp/install-ruby
+RUN /tmp/install-ruby
 
-# Validate install
-RUN ruby -Eutf-8 -e "v = \`convert -version\`; %w{png tiff jpeg freetype heic}.each { |f| unless v.include?(f); STDERR.puts('no ' + f +  ' support in imagemagick'); exit(-1); end }"
+RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
+    gem update --system
+
+RUN gem install bundler pups --force &&\
+    mkdir -p /pups/bin/ &&\
+    ln -s /usr/local/bin/pups /pups/bin/pups
 
 # This tool allows us to disable huge page support for our current process
 # since the flag is preserved through forks and execs it can be used on any
@@ -108,41 +90,32 @@ ADD thpoff.c /src/thpoff.c
 RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c
 
 # clean up for docker squash
-RUN   rm -fr /usr/share/man &&\
-      rm -fr /usr/share/doc &&\
-      rm -fr /usr/share/vim/vim74/tutor &&\
-      rm -fr /usr/share/vim/vim74/doc &&\
-      rm -fr /usr/share/vim/vim74/lang &&\
-      rm -fr /usr/local/share/doc &&\
-      rm -fr /usr/local/share/ruby-build &&\
-      rm -fr /root/.gem &&\
-      rm -fr /root/.npm &&\
-      rm -fr /tmp/* &&\
-      rm -fr /usr/share/vim/vim74/spell/en*
-
+RUN rm -fr /usr/share/man &&\
+    rm -fr /usr/share/doc &&\
+    rm -fr /usr/share/vim/vim74/doc &&\
+    rm -fr /usr/share/vim/vim74/lang &&\
+    rm -fr /usr/share/vim/vim74/spell/en* &&\
+    rm -fr /usr/share/vim/vim74/tutor &&\
+    rm -fr /usr/local/share/doc &&\
+    rm -fr /usr/local/share/ri &&\
+    rm -fr /usr/local/share/ruby-build &&\
+    rm -fr /var/lib/apt/lists/* &&\
+    rm -fr /root/.gem &&\
+    rm -fr /root/.npm &&\
+    rm -fr /tmp/*
 
 # this can probably be done, but I worry that people changing PG locales will have issues
 # cd /usr/share/locale && rm -fr `ls -d */ | grep -v en`
 
-RUN mkdir -p /etc/runit/3.d
+# this is required for aarch64 which uses buildx
+# see https://github.com/docker/buildx/issues/150
+RUN rm -f /etc/service
 
-ADD runit-1 /etc/runit/1
-ADD runit-1.d-cleanup-pids /etc/runit/1.d/cleanup-pids
-ADD runit-1.d-anacron /etc/runit/1.d/anacron
-ADD runit-1.d-00-fix-var-logs /etc/runit/1.d/00-fix-var-logs
-ADD runit-2 /etc/runit/2
-ADD runit-3 /etc/runit/3
-ADD boot /sbin/boot
-
-ADD cron /etc/service/cron/run
-ADD rsyslog /etc/service/rsyslog/run
-ADD cron.d_anacron /etc/cron.d/anacron
+COPY etc/  /etc
+COPY sbin/ /sbin
 
 # Discourse specific bits
 RUN useradd discourse -s /bin/bash -m -U &&\
-    mkdir -p /var/www &&\
-    cd /var/www &&\
-    git clone --depth 1 https://github.com/discourse/discourse.git &&\
-    cd discourse &&\
-    git remote set-branches --add origin tests-passed &&\
-    chown -R discourse:discourse /var/www/discourse
+    install -dm 0755 -o discourse -g discourse /var/www/discourse &&\
+    sudo -u discourse git clone --depth 1 https://github.com/discourse/discourse.git /var/www/discourse &&\
+    sudo -u discourse git -C /var/www/discourse remote set-branches --add origin tests-passed