Skip to content

Add Rust-based rabbitmqadmin-ng and remove Python #780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michaelklishin merged 1 commit into from
Dec 11, 2025
Merged

Add Rust-based rabbitmqadmin-ng and remove Python #780

michaelklishin merged 1 commit into from
Dec 11, 2025

Conversation

@lukebakken
Copy link
Collaborator

@lukebakken lukebakken commented Dec 2, 2025
edited
Loading

Fixes #768

The RabbitMQ management images now include the Rust-based rabbitmqadmin-ng CLI tool when possible. The deprecated Python version of rabbitmqadmin will no longer be available.

This change adds a two-stage build to Dockerfile-management.template:

  • Download stage: Attempts to download rabbitmqadmin-ng from GitHub release for the target architecture on Ubuntu only.
  • Final stage: Copies the Rust binary if download succeeded.

The versions.sh script fetches the latest rabbitmqadmin-ng release tag from the GitHub API and calculates SHA256 checksums and download URLs for the release artifacts for x86_64 and aarch64 architectures into versions.json and templated into the generated management Dockerfiles.

@lukebakken lukebakken changed the title Add rabbitmqadmin-ng build stage to Ubuntu Dockerfiles Add rabbitmqadmin-ng build stage to Dockerfiles Dec 2, 2025
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch 2 times, most recently from da577d7 to 612343e Compare December 2, 2025 16:55
@lukebakken lukebakken self-assigned this Dec 2, 2025
@lukebakken lukebakken changed the title Add rabbitmqadmin-ng build stage to Dockerfiles Add rabbitmqadmin-ng build stage to Dockerfile-management.template Dec 2, 2025
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch 3 times, most recently from 432a7f1 to 75f8e3e Compare December 2, 2025 17:14
@lukebakken lukebakken changed the title Add rabbitmqadmin-ng build stage to Dockerfile-management.template Add Rust-based rabbitmqadmin-ng with Python fallback Dec 2, 2025
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch from 75f8e3e to e5aec78 Compare December 2, 2025 17:24
@lukebakken lukebakken marked this pull request as ready for review December 2, 2025 17:29
@lukebakken lukebakken marked this pull request as draft December 2, 2025 17:44
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch from ce7f657 to 6f0223b Compare December 2, 2025 17:50
@michaelklishin
Copy link
Collaborator

michaelklishin commented Dec 2, 2025

I'd leave the Python version behind entirely. It's no longer maintained.

Plus this tool is entirely optional. The OCI can be used without it.

@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch 3 times, most recently from 171dafe to 64e0428 Compare December 2, 2025 18:51
@lukebakken lukebakken mentioned this pull request Dec 2, 2025
Closed
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch 3 times, most recently from 33786ab to a70d772 Compare December 2, 2025 19:48
@lukebakken lukebakken marked this pull request as ready for review December 2, 2025 20:04
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch from a70d772 to 32daba6 Compare December 2, 2025 20:13
michaelklishin
michaelklishin reviewed Dec 3, 2025
View reviewed changes
Copy link
Collaborator

@michaelklishin michaelklishin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would remove rabbitmqadmin v1, or rather, not drag it along.

It is no longer maintained besides truly exceptional issues like security vulnerabilities (which are unlikely to be reported for such a tool).

One of the goals of rabbitmqadmin v2 as a native binary was to avoid numerous [older] Python CVEs that plagued several RabbitMQ images due to the inclusion of rabbitmqadmin v1.

Finally, there are some breaking changes in rabbitmqadmin v2 but the users seem to be adapting to them without any complaints, and rabbitmqadmin v2 is so far ahead in terms of features and test coverage that it feels like shipping two different tools at this point.

rabbitmqadmin v2 is a nice-to-have in this image. If the Rust toolchain does not support a particular platform, well, it won't be available but everything else that this image offers will be.

@lukebakken lukebakken changed the title Add Rust-based rabbitmqadmin-ng with Python fallback Add Rust-based rabbitmqadmin-ng and remove Python Dec 3, 2025
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch from 32daba6 to 5f3f9c0 Compare December 3, 2025 20:45
@michaelklishin
Copy link
Collaborator

michaelklishin commented Dec 3, 2025

@yosifkit @tianon this PR should really have a review from one of you folks (or both!)

@tianon
Copy link
Member

tianon commented Dec 10, 2025

❤️

Am I reading correctly that where we've ended up here is roughly equivalent to the official released binaries on https://github.com/rabbitmq/rabbitmqadmin-ng/releases/tag/v2.17.0, but I guess also with support for Alpine/musl? 😅

While I do appreciate that you've managed to get this working, I now wonder if we should instead just be downloading those official release binaries, and if Alpine/musl support really is important enough that we need to keep it, we see if Michael would be open to releasing binaries for that platform over there? 🙈

Personally, I think we can make a pretty compelling case that the Alpine variants even exist in the first place primarily for the size consideration, so it's pretty reasonable for them to not include this, but I'd probably couple that with waiting to remove the Python-based version until at least the next patch release if not the next minor/major? 🤔

@lukebakken
Copy link
Collaborator Author

lukebakken commented Dec 10, 2025

roughly equivalent to the official released binaries

By compiling from source I'd like to think we'd support more architectures than the official binaries. But, if we just want to have Ubuntu x86_64 and aarch64 that makes this PR a lot simpler.

@michaelklishin
Copy link
Collaborator

michaelklishin commented Dec 10, 2025
edited
Loading

FWIW when I hear arguments for using the Alpine variant, it always comes down to the perceived security aspect. I understand that there is a connection between how much stuff you cram into an image and its attach surface but rabbitmqadmin is the kind of tool that is very unlikely to become a common attack vector.

Either way, this is a nice-to-have and limiting it to the Ubuntu variant with fewer platforms supported is fine with me. The only limiting factor to how many platforms are currently covered by the binary releases of rabbitmqadmin is the availability of aarch64 runners on pubic GitHub Actions out of the box.

@lukebakken
Copy link
Collaborator Author

lukebakken commented Dec 10, 2025

I'll modify the PR to the following:

  • Download the latest version of rabbitmqadmin-ng from GitHub (verifying checksum, of course) on Ubuntu x86_64 and aarch64 builds only.
  • Remove it entirely from other architectures and Alpine.

@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch 2 times, most recently from 831da08 to 26649e8 Compare December 10, 2025 16:22
@lukebakken
Copy link
Collaborator Author

lukebakken commented Dec 10, 2025

@michaelklishin @tianon OK, all set. It's much simpler now 😸

@lukebakken
Add Rust-based rabbitmqadmin-ng and remove Python
dac149a 
The RabbitMQ management images now include the Rust-based
`rabbitmqadmin-ng` CLI tool when possible. The deprecated Python version
of `rabbitmqadmin` will no longer be available.

This change adds a two-stage build to `Dockerfile-management.template`:
- **Download stage**: Attempts to download `rabbitmqadmin-ng` from
  GitHub release for the target architecture on Ubuntu only.
- **Final stage**: Copies the Rust binary if download succeeded.

The `versions.sh` script fetches the latest `rabbitmqadmin-ng` release
tag from the GitHub API and calculates SHA256 checksums and download
URLs for the release artifacts for x86_64 and aarch64 architectures.
@lukebakken lukebakken force-pushed the lukebakken/gh-768-rabbitmqadmin-ng branch from 26649e8 to dac149a Compare December 10, 2025 17:03
@michaelklishin michaelklishin merged commit 8e6c07c into docker-library:master Dec 11, 2025
14 checks passed
@michaelklishin
Copy link
Collaborator

michaelklishin commented Dec 11, 2025

Hooray!

docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Dec 11, 2025
@docker-library-bot
Update rabbitmq
4454d0c 
Changes:

- docker-library/rabbitmq@8e6c07c: Merge pull request docker-library/rabbitmq#780 from lukebakken/lukebakken/docker-librarygh-768-rabbitmqadmin-ng
- docker-library/rabbitmq@dac149a: Add Rust-based `rabbitmqadmin-ng` and remove Python
- docker-library/rabbitmq@14b8a4a: Update 4.0 to openssl 3.5.4
- docker-library/rabbitmq@7264d76: Update 4.0 to openssl 3.5.3
- docker-library/rabbitmq@c879782: Update 4.0 to 4.0.9
- docker-library/rabbitmq@85ee627: Update 4.0 to 4.0.8
- docker-library/rabbitmq@1519c4c: Merge pull request docker-library/rabbitmq#779 from lukebakken/lukebakken/fix-warnings
@lukebakken lukebakken deleted the lukebakken/gh-768-rabbitmqadmin-ng branch December 11, 2025 17:30
@tianon tianon mentioned this pull request Dec 11, 2025
Merged
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Dec 11, 2025
@docker-library-bot
Update rabbitmq
adbf303 
Changes:

- docker-library/rabbitmq@0d65bb3: Merge pull request docker-library/rabbitmq#783 from infosiftr/refactor
- docker-library/rabbitmq@c57ff6e: Slightly refactor new `rabbitmqadmin` code
- docker-library/rabbitmq@8e6c07c: Merge pull request docker-library/rabbitmq#780 from lukebakken/lukebakken/docker-librarygh-768-rabbitmqadmin-ng
- docker-library/rabbitmq@dac149a: Add Rust-based `rabbitmqadmin-ng` and remove Python
- docker-library/rabbitmq@14b8a4a: Update 4.0 to openssl 3.5.4
- docker-library/rabbitmq@7264d76: Update 4.0 to openssl 3.5.3
- docker-library/rabbitmq@c879782: Update 4.0 to 4.0.9
- docker-library/rabbitmq@85ee627: Update 4.0 to 4.0.8
- docker-library/rabbitmq@1519c4c: Merge pull request docker-library/rabbitmq#779 from lukebakken/lukebakken/fix-warnings
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Dec 12, 2025
@docker-library-bot
Update rabbitmq
fa75b02 
Changes:

- docker-library/rabbitmq@b9786fd: Merge pull request docker-library/rabbitmq#784 from infosiftr/alpine3.23
- docker-library/rabbitmq@f5aa704: Update to Alpine 3.23
- docker-library/rabbitmq@0d65bb3: Merge pull request docker-library/rabbitmq#783 from infosiftr/refactor
- docker-library/rabbitmq@c57ff6e: Slightly refactor new `rabbitmqadmin` code
- docker-library/rabbitmq@8e6c07c: Merge pull request docker-library/rabbitmq#780 from lukebakken/lukebakken/docker-librarygh-768-rabbitmqadmin-ng
- docker-library/rabbitmq@dac149a: Add Rust-based `rabbitmqadmin-ng` and remove Python
- docker-library/rabbitmq@14b8a4a: Update 4.0 to openssl 3.5.4
- docker-library/rabbitmq@7264d76: Update 4.0 to openssl 3.5.3
- docker-library/rabbitmq@c879782: Update 4.0 to 4.0.9
- docker-library/rabbitmq@85ee627: Update 4.0 to 4.0.8
- docker-library/rabbitmq@1519c4c: Merge pull request docker-library/rabbitmq#779 from lukebakken/lukebakken/fix-warnings
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Dec 12, 2025
@docker-library-bot
Update rabbitmq
595da0b 
Changes:

- docker-library/rabbitmq@8991001: Update 4.2 to rabbitmqadmin 2.18.0
- docker-library/rabbitmq@9b8508a: Update 4.1 to rabbitmqadmin 2.18.0
- docker-library/rabbitmq@a541e82: Update 4.0 to rabbitmqadmin 2.18.0
- docker-library/rabbitmq@7496c53: Update 3.13 to rabbitmqadmin 2.18.0
- docker-library/rabbitmq@b9786fd: Merge pull request docker-library/rabbitmq#784 from infosiftr/alpine3.23
- docker-library/rabbitmq@f5aa704: Update to Alpine 3.23
- docker-library/rabbitmq@0d65bb3: Merge pull request docker-library/rabbitmq#783 from infosiftr/refactor
- docker-library/rabbitmq@c57ff6e: Slightly refactor new `rabbitmqadmin` code
- docker-library/rabbitmq@8e6c07c: Merge pull request docker-library/rabbitmq#780 from lukebakken/lukebakken/docker-librarygh-768-rabbitmqadmin-ng
- docker-library/rabbitmq@dac149a: Add Rust-based `rabbitmqadmin-ng` and remove Python
- docker-library/rabbitmq@14b8a4a: Update 4.0 to openssl 3.5.4
- docker-library/rabbitmq@7264d76: Update 4.0 to openssl 3.5.3
- docker-library/rabbitmq@c879782: Update 4.0 to 4.0.9
- docker-library/rabbitmq@85ee627: Update 4.0 to 4.0.8
- docker-library/rabbitmq@1519c4c: Merge pull request docker-library/rabbitmq#779 from lukebakken/lukebakken/fix-warnings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelklishin michaelklishin michaelklishin approved these changes

@yosifkit yosifkit Awaiting requested review from yosifkit

@tianon tianon Awaiting requested review from tianon

Assignees

@lukebakken lukebakken

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update Alpine-based rabbitmq images to fix SQLite CVE-2025-6965

3 participants

@lukebakken @michaelklishin @tianon