docker: Fix for cryptography v42 upgrade (#7475)

- **Poetry Issue:** The Docker build for `linux/arm/v7` failed in recent RC releases on the Poetry installation step in the `builder-python` stage. This issue occurred because the `builder-python` stage builds on target's arch but poetry was unable to install on arm/v7 without rust >= v1.56.1. - **Solution:** Instead of installing poetry on the `builder-python` stage, we leveraged the existing multi-arch `builder` stage, which already had Poetry. Now, we export the dependencies from `pyproject.toml` to `requirements.txt` within the `builder` stage and then copy `requirements.txt` to the `builder-python` stage for pip installation. - **Cryptography installation Issue:** python installations for `pyln-proto` started failing due to Cryptography upgrade from v41 to v42 . It is because now Cryptography needs cargo/rust also. - **Solution:** Installing cargo in `builder-python` stage also. - **Configure Prefix Issue:** Previously, we used `RUN ./configure --prefix=/tmp/lightning_install --enable-static` in the `builder` image and then copied `/tmp/lightning_install` from the `builder` stage to `/usr/local` in the `final` stage. However, this approach is now causing errors due to missing binaries/plugins at their default locations. - **Solution:** We are now configuring the installation to use the default location (`/usr/local`). To prevent the local image size from increasing by up to 87MB, instead of copying the entire `/usr/local/` directory, we are explicitly copying only the core lightning binaries. Changelog-Fixed: Fixes failing Docker build for `arm32` arch.
ElementsProject · Aug 20, 2024 · 7ebcaaf · 7ebcaaf
1 parent 58e6ee4
commit 7ebcaaf
Showing 1 changed file with 45 additions and 37 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,28 +1,29 @@
 # This Dockerfile is used by buildx to build ARM64, AMD64, and ARM32 Docker images from an AMD64 host.
 # To speed up the build process, we are cross-compiling rather than relying on QEMU.
 # There are four main stages:
-# * downloader: Downloads specific binaries needed for c-lightning for each architecture.
+# * downloader: Downloads specific binaries needed for core lightning for each architecture.
 # * builder: Cross-compiles for each architecture.
-# * builder-python: Builds Python dependencies for cln-rest with QEMU.
+# * builder-python: Builds Python dependencies for clnrest & wss-proxy with QEMU.
 # * final: Creates the runtime image.
 
+ARG DEFAULT_TARGETPLATFORM="linux/amd64"
 ARG BASE_DISTRO="debian:bullseye-slim"
 
-FROM --platform=$BUILDPLATFORM ${BASE_DISTRO} as base-downloader
+FROM --platform=$BUILDPLATFORM ${BASE_DISTRO} AS base-downloader
 RUN set -ex \
 	&& apt-get update \
 	&& apt-get install -qq --no-install-recommends ca-certificates dirmngr wget qemu-user-static binfmt-support
 
-FROM base-downloader as base-downloader-linux-amd64
+FROM base-downloader AS base-downloader-linux-amd64
 ENV TARBALL_ARCH_FINAL=x86_64-linux-gnu
 
-FROM base-downloader as base-downloader-linux-arm64
+FROM base-downloader AS base-downloader-linux-arm64
 ENV TARBALL_ARCH_FINAL=aarch64-linux-gnu
 
-FROM base-downloader as base-downloader-linux-arm
+FROM base-downloader AS base-downloader-linux-arm
 ENV TARBALL_ARCH_FINAL=arm-linux-gnueabihf
 
-FROM base-downloader-${TARGETOS}-${TARGETARCH} as downloader
+FROM base-downloader-${TARGETOS}-${TARGETARCH} AS downloader
 
 RUN set -ex \
 	&& apt-get update \
@@ -54,7 +55,7 @@ RUN mkdir /opt/litecoin && cd /opt/litecoin \
     && tar -xzvf litecoin.tar.gz litecoin-$LITECOIN_VERSION/bin/litecoin-cli --strip-components=1 --exclude=*-qt \
     && rm litecoin.tar.gz
 
-FROM --platform=linux/amd64 ${BASE_DISTRO} as base-builder
+FROM --platform=${DEFAULT_TARGETPLATFORM} ${BASE_DISTRO} AS base-builder
 RUN apt-get update -qq && \
     apt-get install -qq -y --no-install-recommends \
         autoconf \
@@ -86,6 +87,7 @@ RUN apt-get update -qq && \
         unzip \
         tclsh
 
+ENV PATH="/root/.local/bin:$PATH"
 ENV PYTHON_VERSION=3
 RUN curl -sSL https://install.python-poetry.org | python3 -
 RUN update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
@@ -100,14 +102,13 @@ RUN git clone --recursive /tmp/lightning . && \
     git checkout $(git --work-tree=/tmp/lightning --git-dir=/tmp/lightning/.git rev-parse HEAD)
 
 # Do not build python plugins (clnrest & wss-proxy) here, python doesn't support cross compilation.
-RUN sed -i '/^clnrest\|^wss-proxy/d' pyproject.toml && \
-    /root/.local/bin/poetry export -o requirements.txt --without-hashes
+RUN sed -i '/^clnrest\|^wss-proxy/d' pyproject.toml && poetry export -o requirements.txt --without-hashes
 RUN pip3 install -r requirements.txt && pip3 cache purge
 WORKDIR /
 
-FROM base-builder as base-builder-linux-amd64
+FROM base-builder AS base-builder-linux-amd64
 
-FROM base-builder as base-builder-linux-arm64
+FROM base-builder AS base-builder-linux-arm64
 ENV target_host=aarch64-linux-gnu \
     target_host_rust=aarch64-unknown-linux-gnu \
     target_host_qemu=qemu-aarch64-static
@@ -133,7 +134,7 @@ ENV \
 ZLIB_CONFIG="--prefix=${QEMU_LD_PREFIX}" \
 SQLITE_CONFIG="--host=${target_host} --prefix=$QEMU_LD_PREFIX"
 
-FROM base-builder as base-builder-linux-arm
+FROM base-builder AS base-builder-linux-arm
 
 ENV target_host=arm-linux-gnueabihf \
     target_host_rust=armv7-unknown-linux-gnueabihf \
@@ -160,7 +161,7 @@ ENV \
 ZLIB_CONFIG="--prefix=${QEMU_LD_PREFIX}" \
 SQLITE_CONFIG="--host=${target_host} --prefix=$QEMU_LD_PREFIX"
 
-FROM base-builder-${TARGETOS}-${TARGETARCH} as builder
+FROM base-builder-${TARGETOS}-${TARGETARCH} AS builder
 
 ENV LIGHTNINGD_VERSION=master
 
@@ -179,7 +180,7 @@ RUN unzip sqlite.zip \
     && make install && cd .. && rm sqlite.zip && rm -rf sqlite-*
 
 ENV RUST_PROFILE=release
-ENV PATH=$PATH:/root/.cargo/bin/
+ENV PATH="/root/.cargo/bin:/root/.local/bin:$PATH"
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y ${RUSTUP_INSTALL_OPTS}
 RUN rustup toolchain install stable --component rustfmt --allow-downgrade
 
@@ -196,15 +197,20 @@ RUN ( ! [ "${target_host}" = "arm-linux-gnueabihf" ] ) || \
 
 # Ensure that the desired grpcio-tools & protobuf versions are installed
 # https://github.com/ElementsProject/lightning/pull/7376#issuecomment-2161102381
-RUN /root/.local/bin/poetry lock --no-update && \
-    /root/.local/bin/poetry install
+RUN poetry lock --no-update && poetry install
 
-RUN ./configure --prefix=/tmp/lightning_install --enable-static && \
-    make && \
-    /root/.local/bin/poetry run make install
+RUN ./configure --enable-static && make && poetry run make install
+
+# Export the requirements for the plugins so we can install them in builder-python stage
+WORKDIR /opt/lightningd/plugins/clnrest
+RUN poetry export -o requirements.txt --without-hashes
+WORKDIR /opt/lightningd/plugins/wss-proxy
+RUN poetry export -o requirements.txt --without-hashes
+WORKDIR /opt/lightningd
+RUN echo 'RUSTUP_INSTALL_OPTS="${RUSTUP_INSTALL_OPTS}"' > /tmp/rustup_install_opts.txt
 
 # We need to build python plugins on the target's arch because python doesn't support cross build
-FROM ${BASE_DISTRO} as builder-python
+FROM ${BASE_DISTRO} AS builder-python
 RUN apt-get update -qq && \
     apt-get install -qq -y --no-install-recommends \
         git \
@@ -222,27 +228,28 @@ RUN apt-get update -qq && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-RUN curl -sSL https://install.python-poetry.org | python3 -
 RUN update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
-
 ENV PYTHON_VERSION=3
-WORKDIR /opt/lightningd
+RUN pip3 install --upgrade pip setuptools wheel
+
+# Copy rustup_install_opts.txt file from builder & setup ENV $RUSTUP_INSTALL_OPTS for this stage
+COPY --from=builder /tmp/rustup_install_opts.txt /tmp/rustup_install_opts.txt
+RUN export $(cat /tmp/rustup_install_opts.txt)
+ENV PATH="/root/.cargo/bin:$PATH"
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y ${RUSTUP_INSTALL_OPTS}
 
-COPY plugins/clnrest/pyproject.toml plugins/clnrest/pyproject.toml
-COPY plugins/wss-proxy/pyproject.toml plugins/wss-proxy/pyproject.toml
+WORKDIR /opt/lightningd/plugins/clnrest
+COPY --from=builder /opt/lightningd/plugins/clnrest/requirements.txt .
+RUN pip3 install -r requirements.txt
 
-RUN cd plugins/clnrest && \
-    /root/.local/bin/poetry export -o requirements.txt --without-hashes && \
-    pip3 install -r requirements.txt && \
-    cd /opt/lightningd
+WORKDIR /opt/lightningd/plugins/wss-proxy
+COPY --from=builder /opt/lightningd/plugins/wss-proxy/requirements.txt .
+RUN pip3 install -r requirements.txt
 
-RUN cd plugins/wss-proxy && \
-    /root/.local/bin/poetry export -o requirements.txt --without-hashes && \
-    pip3 install -r requirements.txt && \
-    cd /opt/lightningd && \
-    pip3 cache purge
+WORKDIR /opt/lightningd
+RUN pip3 cache purge
 
-FROM ${BASE_DISTRO} as final
+FROM ${BASE_DISTRO} AS final
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -265,7 +272,8 @@ RUN mkdir $LIGHTNINGD_DATA && \
     touch $LIGHTNINGD_DATA/config
 VOLUME [ "/root/.lightning" ]
 
-COPY --from=builder /tmp/lightning_install/ /usr/local/
+COPY --from=builder /usr/local/bin/lightning-cli /usr/local/bin/lightning-hsmtool /usr/local/bin/lightningd /usr/local/bin/reckless /usr/local/bin/
+COPY --from=builder /usr/local/share /usr/local/man /usr/local/libexec /usr/local/
 COPY --from=builder-python /usr/local/lib/python3.9/dist-packages/ /usr/local/lib/python3.9/dist-packages/
 COPY --from=downloader /opt/bitcoin/bin /usr/bin
 COPY --from=downloader /opt/litecoin/bin /usr/bin