ARG PLEX_VER=1.24.5.5173-8dcc73a59 ARG PLEX_SHA=42753c9a80706867709cddadefc2520334cf12c9 ARG BUSYBOX_VER=1.33.0 ARG SU_EXEC_VER=0.4 ARG TINI_VER=0.19.0 ARG ZLIB_VER=1.2.11 ARG LIBXML2_VER=v2.9.10 ARG LIBXSLT_VER=v1.1.34 ARG XMLSTAR_VER=1.6.1 ARG OPENSSL_VER=1.1.1l ARG CURL_VER=curl-7_78_0 ARG OUTPUT=/output ARG DESTDIR=/prefix ARG CFLAGS="-O2 -pipe -fstack-protector-strong -D_FORTIFY_SOURCE=2 -flto" ARG LDFLAGS="$CFLAGS -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now" # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM spritsail/alpine:3.13 AS builder RUN apk add --no-cache \ autoconf \ automake \ binutils \ cmake \ curl \ dpkg \ file \ gcc \ git \ libtool \ linux-headers \ make \ musl-dev \ nghttp2-dev \ pkgconfig \ xxd # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM builder AS plex ARG PLEX_VER ARG PLEX_SHA ARG OUTPUT WORKDIR $OUTPUT # Fetch Plex and required libraries RUN curl -fsSL -o plexmediaserver.deb https://downloads.plex.tv/plex-media-server-new/${PLEX_VER}/debian/plexmediaserver_${PLEX_VER}_amd64.deb \ && echo "$PLEX_SHA plexmediaserver.deb" | sha1sum -c - \ && dpkg-deb -x plexmediaserver.deb . \ \ && rm -r \ etc/ usr/share/ \ plexmediaserver.deb \ \ && cd usr/lib/plexmediaserver \ && rm \ lib/libcrypto.so* \ lib/libcurl.so* \ lib/libssl.so* \ lib/libnghttp2.so* \ lib/libxml2.so* \ lib/libxslt.so* \ lib/libexslt.so* \ lib/plexmediaserver.* \ etc/ld-musl-x86_64.path \ Resources/start.sh \ \ # Place shared libraries in usr/lib so they can be actually shared && mv lib/*.so* lib/dri ../ \ && rmdir lib etc \ && ln -sv ../ lib \ # Replace hardlink with a symlink; these files are the same && cd .. && ln -sfvn ld-musl-x86_64.so.1 libc.so # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM builder AS busybox ARG BUSYBOX_VER ARG SU_EXEC_VER ARG TINI_VER ARG CFLAGS ARG LDFLAGS ARG MAKEFLAGS ARG OUTPUT WORKDIR /tmp/busybox RUN curl -fsSL https://busybox.net/downloads/busybox-${BUSYBOX_VER}.tar.bz2 \ | tar xj --strip-components=1 \ && make defconfig \ && make \ && install -Dm755 busybox "$OUTPUT/usr/bin/busybox" \ # "Install" busybox, creating symlinks to all binaries it provides && mkdir -p "$OUTPUT/usr/bin" "$OUTPUT/usr/sbin" \ && ./busybox --list-full | sed -E 's@^(s?bin)@usr/\1@' | xargs -i ln -Tsv /usr/bin/busybox "$OUTPUT/{}" WORKDIR /tmp/su-exec RUN curl -fL https://github.com/frebib/su-exec/archive/v${SU_EXEC_VER}.tar.gz \ | tar xz --strip-components=1 \ && make \ && install -Dm755 su-exec "$OUTPUT/usr/sbin/su-exec" WORKDIR /tmp/tini RUN curl -fL https://github.com/krallin/tini/archive/v${TINI_VER}.tar.gz \ | tar xz --strip-components=1 \ && cmake . \ && make tini \ && install -Dm755 tini "$OUTPUT/usr/sbin/tini" # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM builder AS zlib ARG ZLIB_VER ARG CFLAGS ARG LDFLAGS ARG MAKEFLAGS ARG OUTPUT ARG DESTDIR WORKDIR /tmp/zlib RUN curl -sSf https://www.zlib.net/zlib-$ZLIB_VER.tar.xz \ | tar xJ --strip-components=1 \ && ./configure \ --prefix=/usr \ --shared \ && make DESTDIR="$DESTDIR" install \ && mkdir -p "$OUTPUT/usr/lib" \ && cp -a "$DESTDIR"/usr/lib/*.so* "$OUTPUT/usr/lib" # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM builder AS xml ARG LIBXML2_VER ARG LIBXSLT_VER ARG XMLSTAR_VER ARG CFLAGS ARG LDFLAGS ARG MAKEFLAGS ARG OUTPUT ARG DESTDIR COPY --from=zlib "$DESTDIR" "$DESTDIR" WORKDIR /tmp/libxml2 RUN git clone https://gitlab.gnome.org/GNOME/libxml2.git --branch $LIBXML2_VER --depth 1 . \ && ./autogen.sh \ --prefix=/usr \ --with-zlib="$DESTDIR/usr" \ --without-catalog \ --without-docbook \ --without-ftp \ --without-http \ --without-iconv \ --without-iso8859x \ --without-legacy \ --without-modules \ --without-python \ && make DESTDIR="$DESTDIR" install \ && mkdir -p "$OUTPUT/usr/lib" \ && cp -a "$DESTDIR"/usr/lib/*.so* "$OUTPUT/usr/lib" WORKDIR /tmp/libxslt RUN git clone https://gitlab.gnome.org/GNOME/libxslt.git --branch $LIBXSLT_VER --depth 1 . \ && ./autogen.sh \ --prefix=/usr \ --with-libxml-src=../libxml2 \ --without-crypto \ --without-plugins \ --without-python \ && make DESTDIR="$DESTDIR" install \ && mkdir -p "$OUTPUT/usr/lib" \ && cp -a "$DESTDIR"/usr/lib/*.so* "$OUTPUT/usr/lib" ADD xmlstarlet-*.patch /tmp WORKDIR /tmp/xmlstarlet RUN git clone git://git.code.sf.net/p/xmlstar/code --branch $XMLSTAR_VER --depth 1 . \ && git apply /tmp/xmlstarlet*.patch \ && autoreconf -sif \ && ./configure \ --prefix=/usr \ --disable-build-docs \ --with-libxml-prefix="$DESTDIR/usr" \ --with-libxslt-prefix="$DESTDIR/usr" \ && make DESTDIR="$DESTDIR" install \ && install -Dm755 "$DESTDIR/usr/bin/xml" "$OUTPUT/usr/bin/xmlstarlet" # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM builder AS curl ARG OPENSSL_VER ARG CURL_VER ARG CFLAGS ARG LDFLAGS ARG MAKEFLAGS ARG OUTPUT ARG DESTDIR COPY --from=zlib "$DESTDIR" "$DESTDIR" WORKDIR /tmp/openssl RUN curl -sSL https://openssl.org/source/openssl-${OPENSSL_VER}.tar.gz \ | tar xz --strip-components=1 \ && ./config \ --prefix=/usr \ --libdir=lib \ --with-zlib-lib="$DESTDIR/usr/lib" \ --with-zlib-include="$DESTDIR/usr/include" \ shared \ zlib-dynamic \ no-engine \ no-rc5 \ no-ssl3-method \ && make build_libs \ && make build_programs \ && make DESTDIR="$DESTDIR" \ install_sw \ install_ssldirs \ && mkdir -p "$OUTPUT/usr/lib" \ && cp -a "$DESTDIR"/usr/lib/*.so* "$OUTPUT/usr/lib" \ && sed -i "s@prefix=/usr@prefix=$DESTDIR/usr@g" "$DESTDIR"/usr/lib/pkgconfig/*.pc # /usr/lib # curl --version # curl 7.74.0-DEV (x86_64-pc-linux-musl) libcurl/7.73.0-DEV OpenSSL/1.1.1i zlib/1.2.11 nghttp2/1.41.0 # Protocols: http https # Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz SSL UnixSockets WORKDIR /tmp/curl RUN git clone https://github.com/curl/curl.git --branch $CURL_VER --depth 1 . \ && autoreconf -sif \ && ./configure \ --prefix=/usr \ --enable-http \ --enable-ipv6 \ --enable-largefile \ --enable-proxy \ --enable-unix-sockets \ --with-ssl="$DESTDIR/usr" \ --with-zlib="$DESTDIR/usr" \ --enable-optimize \ --enable-symbol-hiding \ --enable-versioned-symbols \ --enable-threaded-resolver \ --disable-cookies \ --disable-crypto-auth \ --disable-curldebug \ --disable-dependency-tracking \ --disable-dict \ --disable-file \ --disable-ftp \ --disable-gopher \ --disable-imap \ --disable-ldap \ --disable-ldaps \ --disable-libcurl-option \ --disable-manual \ --disable-mqtt \ --disable-ntlm-wb \ --disable-pop3 \ --disable-rtsp \ --disable-smb \ --disable-smtp \ --disable-sspi \ --disable-telnet \ --disable-tftp \ --disable-tls-srp \ --disable-verbose \ --without-axtls \ --without-libpsl \ --without-librtmp \ --without-winidn \ && make DESTDIR="$DESTDIR" install \ && install -Dm755 "$DESTDIR/usr/bin/curl" "$OUTPUT/usr/bin/curl" \ # Cheat and "borrow" libnghttp2 from Alpine && mkdir -p "$OUTPUT/usr/lib" \ && cp -a "$DESTDIR"/usr/lib/*.so* /usr/lib/libnghttp2.so* "$OUTPUT/usr/lib" # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM builder AS combine ARG OUTPUT WORKDIR $OUTPUT COPY --from=plex "$OUTPUT" . COPY --from=busybox "$OUTPUT" . COPY --from=zlib "$OUTPUT" . COPY --from=xml "$OUTPUT" . COPY --from=curl "$OUTPUT" . RUN install -m 1777 -o root -g root -d tmp \ && ln -sv /usr/lib /usr/bin /usr/sbin . \ # Link Plex ca-certificates as system store so curl and others can use them too && mkdir -p etc/ssl/certs \ && ln -sv /usr/lib/plexmediaserver/Resources/cacert.pem etc/ssl/certs/ca-certificates.crt \ # Strip all unneeded symbols for optimum size && find . -type f -exec sh -c 'file "{}" | grep -q ELF && strip --strip-debug "{}"' \; ADD --chmod=755 \ entrypoint \ claim-server.sh \ gen-config.sh \ plex-util.sh \ usr/bin/ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FROM scratch ARG PLEX_VER ARG XMLSTAR_VER ARG BUSYBOX_VER ARG SU_EXEC_VER ARG TINI_VER ARG OPENSSL_VER ARG CURL_VER ARG OUTPUT LABEL maintainer="Spritsail " \ org.label-schema.vendor="Spritsail" \ org.label-schema.name="Plex Media Server" \ org.label-schema.url="https://www.plex.tv/downloads/" \ org.label-schema.description="Tiny Docker image for Plex Media Server, built on busybox" \ org.label-schema.version=${PLEX_VER} \ io.spritsail.version.plex=${PLEX_VER} \ io.spritsail.version.xmlstarlet=${XMLSTAR_VER} \ io.spritsail.version.busybox=${BUSYBOX_VER} \ io.spritsail.version.su-exec=${SU_EXEC_VER} \ io.spritsail.version.tini=${TINI_VER} \ io.spritsail.version.openssl=${OPENSSL_VER} \ io.spritsail.version.curl=${CURL_VER} WORKDIR /usr/lib/plexmediaserver COPY --from=combine "$OUTPUT" / ENV SUID=900 SGID=900 \ PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS="6" \ PLEX_MEDIA_SERVER_MAX_STACK_SIZE="3000" \ PLEX_MEDIA_SERVER_TMPDIR="/tmp" \ PLEX_MEDIA_SERVER_HOME="/usr/lib/plexmediaserver" \ PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR="/var/lib/plexmediaserver" HEALTHCHECK --interval=10s --timeout=5s \ CMD [ "wget", "-O", "/dev/null", "-T", "10", "-q", "localhost:32400/identity" ] EXPOSE 32400 VOLUME ["/config", "/transcode"] RUN mkdir -p "$PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR" \ && ln -sfv /config "$PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR/Plex Media Server" ENTRYPOINT ["/sbin/tini", "--"] CMD ["/usr/bin/entrypoint"]