Crystal-docker-quickstart, and HN discussion about Crystal

I just noticed that Crystal is on the homepage of Hacker News right now:

In response, I decided to quickly toss together a crystal-docker-quickstart repository that provides a barebones environment for letting someone new to Crystal quickly try it, without jumping through any hoops to actually install the compiler locally. If you have Docker installed, this lets you start your own Crystal project quite quickly. It’s based on crystallang/crystal:1.5.0-alpine.

For example, you may do:

    git clone my_app
    cd my_app
    # docker container spins up in a few seconds... within the container's bash shell, try:
    make spec
    make && out/my_app
    # outside container, you may edit src/, save it, and then again within container:
    make && out/my_app

Curious to hear what you think. For many, I think this might be an easier new-user “install” process than the current ones described on Install - The Crystal Programming Language


pretty good idea.

Following is my own version Dockerfile for build a musl static linked binary use alpine, hope can help.

# -*- mode: dockerfile; -*-

FROM crystallang/crystal:1.5.0-alpine-build AS base

RUN sed -i "s/" /etc/apk/repositories

RUN addgroup -g 1000 docker && \
    adduser -u 1000 -G docker -h /home/docker -s /bin/sh -D docker

USER docker:docker


RUN --mount=type=cache,target=/var/cache/apk \
    set -eux; \
    apk upgrade

RUN wget -O - | tar zxvf - -C /usr/local/bin

RUN USER=docker && \
    GROUP=docker && \
    chown root:root /usr/local/bin/fixuid && \
    chmod 4755 /usr/local/bin/fixuid && \
    mkdir -p /etc/fixuid && \
    printf "user: $USER\ngroup: $GROUP\n" > /etc/fixuid/config.yml

USER docker:docker

ENTRYPOINT ["fixuid", "shards", "build", "--link-flags=-Wl,-z,relro,-z,now,-L/app", "--progress", "--static"]
CMD ["--production", "--release", "--no-debug", "--link-flags=-s"]

build and link is really easy.

docker build -t crystal_build_static_binary -f Dockerfile .

docker run -it -u $(id -u):$(id -g) -v $PWD:/app crystal_build_static_binary $@

Very cool @zw963 . Thanks for sharing!

fixuid looks helpful for development.

The --link-flags=-Wl,-z,relro,-z,now looks like an easy security hardening but I haven’t tried it yet.

What does --link-flags=-s do?

Ref: Support for Full RELRO · Issue #11046 · crystal-lang/crystal · GitHub

Remove all symbol table and relocation information from the executable.

AFAIK basically what --no-debug does.