iartamonov/matrix-docker-ansible-deploy
1
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-06-25 01:21:25 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
424c323d03f09338d9f6622652d6bdfe4217a241
matrix-docker-ansible-deploy/roles/custom/matrix-bridge-rustpush/templates/Dockerfile.j2
T
Jason LaGuidice 11cd178cb2 Add matrix-rustpush-bridge (iMessage) 
Add the matrix-rustpush-bridge role, a Matrix <-> iMessage bridge built
on the mautrix-go bridgev2 framework using RustPush (OpenBubbles backend).

Unlike the existing mautrix-imessage/wsproxy bridge, it talks directly to
Apple's push notification service, so it needs neither a running Mac nor a
wsproxy on the homeserver. Each user supplies a hardware key extracted from a
Mac through the bridge bot's login flow.

The bridge uses its own bot username and puppet namespace (rustpushbot,
rustpush_*) so it does not collide with the wsproxy iMessage bridge.

This bridge is in early development and may have stability issues.
2026-06-24 11:17:09 +03:00

111 lines
4.5 KiB
Docker
Raw Blame History

{#
SPDX-FileCopyrightText: 2026 MDAD project contributors
SPDX-FileCopyrightText: 2026 Jason LaGuidice
SPDX-License-Identifier: AGPL-3.0-or-later
#}
# ── Stage 1: builder ─────────────────────────────────────────────────────────
FROM ubuntu:24.04 AS builder
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
cmake protobuf-compiler build-essential pkg-config \
git curl ca-certificates \
libolm-dev libclang-dev libssl-dev libunicorn-dev libheif-dev zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
# Rust — install to default ~/.cargo so the Makefile's $(HOME)/.cargo/bin path resolves
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
| sh -s -- -y --default-toolchain stable
ENV PATH=/root/.cargo/bin:$PATH
# Go — arch-aware, fetches latest stable with fallback
ARG TARGETARCH
RUN set -e; \
GOARCH="${TARGETARCH:-amd64}"; \
GO_VERSION=$(curl -fsSL 'https://go.dev/dl/?mode=json' \
| grep -o '"version":"go[0-9.]*"' | head -1 \
| sed 's/"version":"//;s/"//'); \
: "${GO_VERSION:=go1.25.0}"; \
curl -fsSL "https://go.dev/dl/${GO_VERSION}.linux-${GOARCH}.tar.gz" \
| tar -C /usr/local -xz
ENV PATH=/usr/local/go/bin:$PATH \
GOTOOLCHAIN=local
WORKDIR /build
# ── Rust build layers ─────────────────────────────────────────────────────────
# Copy files that determine whether the clone+patch layer is valid.
# Changing the SHA pin, Makefile, or open-absinthe overlay invalidates this layer.
COPY third_party/rustpush-upstream.sha third_party/
COPY rustpush/ rustpush/
COPY Makefile .
# Clone upstream rustpush at the pinned SHA, apply all patches, overlay open-absinthe.
RUN make ensure-rustpush-source
# Copy Rust crate sources. Changing these invalidates only the Rust build layer,
# not the clone layer above.
COPY pkg/rustpushgo/ pkg/rustpushgo/
COPY nac-validation/ nac-validation/
# Build the Rust static library (~3 min; cached when Rust source is unchanged).
# hardware-key enables the unicorn-based x86 NAC emulator required on Linux
# (both amd64 and arm64 — unicorn supports cross-arch x86 emulation).
RUN cd pkg/rustpushgo && \
cargo build --release --features hardware-key && \
cp target/release/librustpushgo.a /build/librustpushgo.a
# ── Go build layers ───────────────────────────────────────────────────────────
# Download modules first so this layer is cached by go.mod/go.sum.
COPY go.mod go.sum ./
RUN go mod download
# Copy Go source.
COPY cmd/ cmd/
COPY pkg/connector/ pkg/connector/
COPY imessage/ imessage/
COPY ipc/ ipc/
# Build the bridge binary.
ARG BUILD_VERSION=dev
ARG BUILD_COMMIT=unknown
RUN BUILD_TIME=$(date -u +%Y-%m-%dT%H:%M:%SZ) && \
CGO_LDFLAGS="-L/build" \
go build \
-ldflags "-X main.Tag=${BUILD_VERSION} -X main.Commit=${BUILD_COMMIT} -X main.BuildTime=${BUILD_TIME}" \
-o /build/matrix-rustpush \
./cmd/matrix-rustpush/
# ── Stage 2: runtime ─────────────────────────────────────────────────────────
FROM ubuntu:24.04
ENV DEBIAN_FRONTEND=noninteractive
# Runtime shared libraries the bridge binary needs at startup.
# libunicorn2 — unicorn-engine x86 NAC emulator (hardware-key feature)
# libheif1 — HEIC/HEIF conversion (linked at compile time even when disabled)
# libolm3 — Matrix OLM encryption (mautrix bridgev2 framework)
# libssl3 — OpenSSL (rustpush openssl crate dynamic link)
# ffmpeg — video transcoding
RUN apt-get update && apt-get install -y --no-install-recommends \
libunicorn2 libheif1 libolm3 libssl3 ffmpeg \
ca-certificates openssl curl \
&& curl -fsSL 'https://www.apple.com/appleca/AppleIncRootCertificate.cer' \
-o /tmp/AppleRootCA.cer \
&& openssl x509 -inform DER -in /tmp/AppleRootCA.cer \
-out /usr/local/share/ca-certificates/AppleRootCA.crt \
&& update-ca-certificates \
&& rm /tmp/AppleRootCA.cer \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /build/matrix-rustpush /usr/local/bin/matrix-rustpush
WORKDIR /data
VOLUME /data
EXPOSE 29332
ENTRYPOINT ["matrix-rustpush", "-c", "/data/config.yaml"]
Reference in New Issue View Git Blame Copy Permalink