From eb36de8d914aee7d3e9087b9046b83de705233dd Mon Sep 17 00:00:00 2001 From: Ivan Gabaldon Date: Tue, 3 Jun 2025 21:24:47 +0200 Subject: [PATCH] [mod] container: revert to alpine (#4893) I'm not too pleased to reverse this, but issues like https://github.com/searxng/searxng/issues/4792 have not been foreseen, and we can't just turn away. It has become apparent over the last weeks that there are still quite a few people with an incompatible CPU or having SearXNG on some random VM provider who can't (or won't) modify the configuration of their machines to expose the features needed for x86_64v2 march. As I don't want to trash the work with apko and base images, I thought about trying building Alpine again now that we have all the container related workflow refactored. There will still be the discussion of whether to use musl and its drawbacks, but right now I don't know any other alternatives. The nice part of this is that both Dockerfiles (mainline and legacy) can now be unified under the same umbrella again. Closes https://github.com/searxng/searxng/issues/4792 Closes https://github.com/searxng/searxng/issues/4753 --- .github/workflows/container.yml | 2 +- container/base-builder.yml | 16 +++-- container/base.yml | 14 +++-- container/legacy/Dockerfile | 107 -------------------------------- utils/lib_sxng_container.sh | 2 +- 5 files changed, 21 insertions(+), 120 deletions(-) delete mode 100644 container/legacy/Dockerfile diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 0285bcd5c..f1e25aaa8 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -149,7 +149,7 @@ jobs: uses: actions/cache@v4 with: # yamllint disable-line rule:line-length - key: "container-mounts-${{ matrix.arch }}-${{ hashFiles('./container/Dockerfile', './container/legacy/Dockerfile') }}" + key: "container-mounts-${{ matrix.arch }}-${{ hashFiles('./container/Dockerfile') }}" restore-keys: "container-mounts-${{ matrix.arch }}-" path: | /var/tmp/buildah-cache/ diff --git a/container/base-builder.yml b/container/base-builder.yml index db84ae2f5..17086116b 100644 --- a/container/base-builder.yml +++ b/container/base-builder.yml @@ -1,14 +1,19 @@ contents: - keyring: - - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub repositories: - - https://packages.wolfi.dev/os + - https://mirrors.edge.kernel.org/alpine/edge/main + - https://mirrors.edge.kernel.org/alpine/edge/community packages: - - wolfi-base + - alpine-base - build-base - - python-3.13-dev + - python3-dev - py3-pip - brotli + # lxml (armv7) + - libxml2-dev + - libxslt-dev + - zlib-dev + # uwsgi + - libffi-dev entrypoint: command: /bin/sh -l @@ -23,3 +28,4 @@ environment: archs: - x86_64 - aarch64 + - armv7 diff --git a/container/base.yml b/container/base.yml index 55fff617a..49341d18e 100644 --- a/container/base.yml +++ b/container/base.yml @@ -1,16 +1,17 @@ contents: - keyring: - - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub repositories: - - https://packages.wolfi.dev/os + - https://mirrors.edge.kernel.org/alpine/edge/main packages: - - wolfi-baselayout + - alpine-baselayout - ca-certificates-bundle - busybox - - python-3.13 + - python3 # healthcheck - wget + # lxml (armv7) + - libxslt # uwsgi + - libxml2 - mailcap entrypoint: @@ -40,7 +41,7 @@ paths: type: directory uid: 977 gid: 977 - permissions: 0o755 + permissions: 0o555 # Config volume - path: /etc/searxng/ @@ -59,3 +60,4 @@ paths: archs: - x86_64 - aarch64 + - armv7 diff --git a/container/legacy/Dockerfile b/container/legacy/Dockerfile deleted file mode 100644 index 3afaa3b4c..000000000 --- a/container/legacy/Dockerfile +++ /dev/null @@ -1,107 +0,0 @@ -FROM docker.io/library/python:3.13-slim AS builder - -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - build-essential \ - brotli \ - # lxml - libxml2-dev \ - libxslt1-dev \ - zlib1g-dev \ - # uwsgi - libpcre3-dev \ - && rm -rf /var/lib/apt/lists/* - -WORKDIR /usr/local/searxng/ - -COPY ./requirements.txt ./requirements.txt - -RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \ - && . ./venv/bin/activate \ - && pip install -r requirements.txt \ - && pip install "uwsgi~=2.0" - -COPY ./searx/ ./searx/ - -ARG TIMESTAMP_SETTINGS=0 - -RUN python -m compileall -q searx \ - && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \ - && find /usr/local/searxng/searx/static \ - \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \ - -type f -exec gzip -9 -k {} + -exec brotli --best {} + - -ARG SEARXNG_UID=977 -ARG SEARXNG_GID=977 - -RUN grep -m1 root /etc/group > /tmp/.searxng.group \ - && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \ - && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \ - && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd - -FROM docker.io/library/python:3.13-slim - -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - # healthcheck - wget \ - # lxml (ARMv7) - libxslt1.1 \ - # uwsgi - libpcre3 \ - libxml2 \ - mailcap \ - && rm -rf /var/lib/apt/lists/* - -COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd -COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group - -ARG LABEL_DATE="0001-01-01T00:00:00Z" -ARG GIT_URL="unspecified" -ARG SEARXNG_GIT_VERSION="unspecified" -ARG LABEL_VCS_REF="unspecified" -ARG LABEL_VCS_URL="unspecified" - -WORKDIR /usr/local/searxng/ - -COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/ -COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/ -COPY --chown=searxng:searxng ./container/config/ ./.template/ -COPY --chown=searxng:searxng ./container/entrypoint.sh ./entrypoint.sh - -ARG TIMESTAMP_UWSGI="0" - -RUN touch -c --date=@$TIMESTAMP_UWSGI ./.template/uwsgi.ini - -LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \ - org.opencontainers.image.created=$LABEL_DATE \ - org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \ - org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \ - org.opencontainers.image.licenses="AGPL-3.0-or-later" \ - org.opencontainers.image.revision=$LABEL_VCS_REF \ - org.opencontainers.image.source=$LABEL_VCS_URL \ - org.opencontainers.image.title="searxng" \ - org.opencontainers.image.url=$LABEL_VCS_URL \ - org.opencontainers.image.version=$SEARXNG_GIT_VERSION - -ENV CONFIG_PATH=/etc/searxng \ - DATA_PATH=/var/cache/searxng - -ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \ - INSTANCE_NAME=searxng \ - AUTOCOMPLETE="" \ - BASE_URL="" \ - BIND_ADDRESS=[::]:8080 \ - SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \ - UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \ - UWSGI_WORKERS=%k \ - UWSGI_THREADS=4 - -VOLUME $CONFIG_PATH -VOLUME $DATA_PATH - -EXPOSE 8080 - -HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1 - -ENTRYPOINT ["/usr/local/searxng/entrypoint.sh"] diff --git a/utils/lib_sxng_container.sh b/utils/lib_sxng_container.sh index fd0d072e2..825eb2b88 100644 --- a/utils/lib_sxng_container.sh +++ b/utils/lib_sxng_container.sh @@ -54,7 +54,7 @@ container.build() { platform="linux/$arch" ;; "ARMV7" | "armhf" | "armv7l" | "armv7") - dockerfile="legacy/Dockerfile" + dockerfile="Dockerfile" arch="arm" variant="v7" platform="linux/$arch/$variant"