docker-postfix/build-scripts/sasl-build.sh

#!/usr/bin/env bash
set -e

# Build the sasl2 library with the sasl-xoauth2 plugin.
#
# The sasl-xoauth2 plugin is a SASL plugin that provides support for XOAUTH2 (OAuth 2.0) authentication.
#
# The build is done in /sasl-xoauth2/build.
#
# This script clones the sasl-xoauth2 repository, applies patches to:
# - remove the build of the documentation
# - fix the path to the python interpreter in the sasl-xoauth2-tool
# - fix the path to the library when building on Alpine
#
# After building and installing the sasl2 library with the sasl-xoauth2 plugin, the
# postfix-sasl-xoauth2-update-ca-certs script is installed into the /etc/ca-certificates/update.d directory.
# This script is run by the update-ca-certificates command to update the list of trusted certificates.
build_sasl2() {
	git clone --depth 1 --branch ${SASL_XOAUTH2_GIT_REF} ${SASL_XOAUTH2_REPO_URL} /sasl-xoauth2
	cd /sasl-xoauth2
	mkdir build
	cd build
	# Documentation build (now) requires pandoc, which is not available on multiple
	# architectures. Since we're are building an image that we want it to be as slim as possible,
	# we're removing the build of documentation instead of complicating things with pandoc.
	patch -p1 -d .. < /build-scripts/sasl-xoauth2-01.patch

	# Ensure that the sasl-xoauth2-tool uses python from the virtual environment into which we
	# installed the msal library.
	patch -p1 -d .. < /build-scripts/sasl-xoauth2-03.patch

	if [ -f /etc/alpine-release ]; then
		patch -p1 -d .. < /build-scripts/sasl-xoauth2-02.patch
		cmake -DCMAKE_INSTALL_PREFIX=/ ..
	else
		cmake -DCMAKE_INSTALL_PREFIX=/usr ..
	fi
	make
	make install
	install ../scripts/postfix-sasl-xoauth2-update-ca-certs /etc/ca-certificates/update.d
	update-ca-certificates
}

# Installs rust. Debian bookwork comes with an old version of rust, so we can't use the one from the repository.
# Rust is needed, though for installation of msal library. On some architectures, we cannot use pre-compiled packages
# (because they don't exist in the PIP repositories) and "pip install" will fail without rust. Specifically, when
# compiling cryptographic libraries.
setup_rust() {
	curl --proto '=https' --tlsv1.3 https://sh.rustup.rs -sSf | sh -s -- -y --profile minimal
	export PATH="$HOME/.cargo/bin:$PATH"
	. "$HOME/.cargo/env"
}

# Create a virtual environment and install the msal library for the
# sasl-xoauth2-tool.
setup_python_venv() {
	python3 -m venv /sasl
	. /sasl/bin/activate
	if [[ "$(uname -m)"!= "386" ]] && [[ "$(uname -m)"!= "i386" ]]; then
		pip3 install msal
	fi
}

# Installs the base components into the docker image:
#
# 1. sasl2 using the sasl-xoauth2 plugin
# 2. a python virtual environment with the msal library
base_install() {
	build_sasl2
	setup_python_venv
}


[ -f /etc/lsb-release ] && . /etc/lsb-release
[ -f /etc/os-release ] && . /etc/os-release

# Determine the base installation method based on the OS.
# Alpine Linux has a different package management system than Debian-based systems.
if [ -f /etc/alpine-release ]; then
	# Install necessary libraries
	LIBS="git cmake clang make gcc g++ libc-dev pkgconfig curl-dev jsoncpp-dev cyrus-sasl-dev patch libffi-dev python3-dev rust cargo"
	apk add --upgrade curl
	apk add --upgrade --virtual .build-deps ${LIBS}

	# Run compilation and installation
	base_install

	# Cleanup. This is important to ensure that we don't keep unnecessary files laying around and thus increasing the size of the image.
	apk del .build-deps;
else
	# Install necessary libraries
	apt-get update -y -qq
	LIBS="git build-essential cmake pkg-config libcurl4-openssl-dev libssl-dev libjsoncpp-dev libsasl2-dev python3-dev python3-venv"
	apt-get install -y --no-install-recommends ${LIBS}

	# Run compilation and installation
	setup_rust
	base_install
	rustup self uninstall -y

	# Cleanup. This is important to ensure that we don't keep unnecessary files laying around and thus increasing the size of the image.
	apt-get remove --purge -y ${LIBS} python3-venv
	apt-get autoremove --yes
	apt-get clean autoclean
fi