musl | musl libc experiment | Binary Executable Format library

As it so happened, I ran into this issue today and found your question in an attempt to find a solution.

After trying a few different things, I discovered that using version 4.1.2 of http-auth (instead of the current 4.1.4, which is what your package.json has set in your GitHub repo) worked for me. So it seems to be a bug with the newer http-auth versions. I ran your code in your github repo but with version 4.1.2 of http-auth and it ran successfully.

You'd need to

• use apt-get instead
• find the equivalents of those packages in the Debian repositories

Some of these will likely be wrong, but you get the gist.

you need to add the Time for waiting in your command:

This might be related to linking problem, which appears as 'not found' many times in Alpine Linux when something is wrong with symlinks. When you build your numpy dependencies in the Debian based distro, it is linked to glibc in specific path. Usually, similar paths are also in Alpine. I'm not sure how this works with venv.

I would suggest that, as you managed (I think) to install numpy directly in Alpine based container, to use Alpine distro as builder as well. Otherwise you might need to change some linked paths manually.

If you look for example folder /lib64 in Alpine, the ld-linux-x86-64.so.2 should be in there, so it is not totally missing. (after installing libc6-compat package).

But in general, Alpine is not the best choice for Python as the programming language is based on C, and musl is not perfect. Alpine could be also much slower for Python

The key difference between these is that older versions of the busybox image statically linked busybox against glibc (current versions dynamically link busybox against glibc due to use of libnss even in static configuration), whereas the alpine image dynamically links against musl libc.

Going into the weighting factors used to choose between these in detail would be off-topic here (software recommendation requests), but some key points:

Comparing glibc against musl libc, a few salient points (though there are certainly many other factors as well):

• glibc is built for performance and portability over size (often adding special-case performance optimizations that take a large amount of code).
• musl libc is built for correctness and size over performance (it's willing to be somewhat slower to have a smaller code size and to run in less RAM); and it's much more aggressive about having correct error reporting (instead of just exiting immediately) in the face of resource exhaustion.
• glibc is more widely used, so bugs that manifest against its implementation tend to be caught more quickly. Often, when one is the first person to build a given piece of software against musl, one will encounter bugs (typically in that software, not in musl) or places where the maintainer explicitly chose to use GNU extensions instead of sticking to the libc standard.
• glibc is licensed under LGPL terms; only software under GPL-compatible terms can be statically linked against it; whereas musl is under a MIT license, and usable with fewer restrictions.

Comparing the advantages of a static build against a dynamic build:

• If your system image will only have a single binary executable (written in C or otherwise using a libc), a static build is always better, as it discards any parts of your libraries that aren't actually used by that one executable.
• If your system image is intended to have more binaries added that are written in C, using dynamic linking will keep the overall size down, since it allows those binaries to use the libc that's already there.
• If your system image is intended to have more binaries added in a language that doesn't use libc (this can be the case for Go and Rust, f/e), then you don't benefit from dynamic linking; you don't need the unused parts of libc there because you won't be using them anyhow.

Honestly, these two images don't between themselves cover the whole matrix space of possibilities; there are situations where neither of them is optimal. There would be value to having an image with only busybox that statically links against musl libc (if everything you're going to add is in a non-C language), or an image with busybox that dynamically links against glibc (if you're going to add more binaries that need libc and aren't compatible with musl).

a few suggestions:

• do not run uwsgi as root
• threaded-logger = true is defined 2 times
• log under /app/log, and mount it as a volume, with the proper permissions for the user
• alpine images can run #!/bin/sh

regards, matzy

You have exposed ports 80 and 5432, but not the port 5000 which is listened by backend application.

Expose port 5000 and set baseUrl to :5000

If you're compiling against glibc, you'll need to have at least some dynamic linking. While it is possible to statically link glibc, that isn't a supported configuration since the name service switch won't work in such a case.

In general, you should expect a build-dependency on cc or pkg-config to be an indicator of the use of a C or C++ library. That isn't a guarantee either way, but it is probably going to be the case the vast majority of the time. Some of those libraries will be able to be linked statically, but of course if you do that you must recompile your code every time any of your dependencies has a security update or you'll have a vulnerability. There's unfortunately no clear way to tell whether static linking is an option in such a case other than looking at the build.rs or the documentation of the crate.

Let's fix this.

I've managed to run wkhtmltopdf isolated on a docker container.

Dockerfile: