Crystal-docker-quickstart, and HN discussion about Crystal

I just noticed that Crystal is on the homepage of Hacker News right now: https://news.ycombinator.com/item?id=32683473

In response, I decided to quickly toss together a crystal-docker-quickstart repository that provides a barebones environment for letting someone new to Crystal quickly try it, without jumping through any hoops to actually install the compiler locally. If you have Docker installed, this lets you start your own Crystal project quite quickly. It’s based on crystallang/crystal:1.5.0-alpine.

For example, you may do:

    git clone https://github.com/compumike/crystal-docker-quickstart.git my_app
    cd my_app
    ./d_dev
    # docker container spins up in a few seconds... within the container's bash shell, try:
    make spec
    make && out/my_app
    # outside container, you may edit src/main.cr, save it, and then again within container:
    make && out/my_app

Curious to hear what you think. For many, I think this might be an easier new-user “install” process than the current ones described on Install - The Crystal Programming Language

2 Likes

pretty good idea.

Following is my own version Dockerfile for build a musl static linked binary use alpine, hope can help.

# -*- mode: dockerfile; -*-

FROM crystallang/crystal:1.5.0-alpine-build AS base

RUN sed -i "s/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g" /etc/apk/repositories

RUN addgroup -g 1000 docker && \
    adduser -u 1000 -G docker -h /home/docker -s /bin/sh -D docker

USER docker:docker

WORKDIR /app

RUN --mount=type=cache,target=/var/cache/apk \
    set -eux; \
    apk upgrade

RUN wget https://github.com/boxboat/fixuid/releases/download/v0.5.1/fixuid-0.5.1-linux-amd64.tar.gz -O - | tar zxvf - -C /usr/local/bin

RUN USER=docker && \
    GROUP=docker && \
    chown root:root /usr/local/bin/fixuid && \
    chmod 4755 /usr/local/bin/fixuid && \
    mkdir -p /etc/fixuid && \
    printf "user: $USER\ngroup: $GROUP\n" > /etc/fixuid/config.yml

USER docker:docker

ENTRYPOINT ["fixuid", "shards", "build", "--link-flags=-Wl,-z,relro,-z,now,-L/app", "--progress", "--static"]
CMD ["--production", "--release", "--no-debug", "--link-flags=-s"]

build and link is really easy.

docker build -t crystal_build_static_binary -f Dockerfile .

docker run -it -u $(id -u):$(id -g) -v $PWD:/app crystal_build_static_binary $@
3 Likes

Very cool @zw963 . Thanks for sharing!

fixuid looks helpful for development.

The --link-flags=-Wl,-z,relro,-z,now looks like an easy security hardening but I haven’t tried it yet.

What does --link-flags=-s do?

Ref: Support for Full RELRO · Issue #11046 · crystal-lang/crystal · GitHub

Remove all symbol table and relocation information from the executable.

AFAIK basically what --no-debug does.

2 Likes