Plain musl builds break when native crates get involved. Statix doesn't.

Statix is a Docker build environment that bundles the Rust toolchain, musl GCC, static system libraries, CMake, and LLVM/libclang. It handles Rust projects where native C/C++ crates make plain x86_64-unknown-linux-musl builds unreliable.

Repository Latest release Validation matrix Build notes

Public status

The source repository, project page, and GHCR image are public. The release image below was published by the tag-driven workflow after P0 smoke tests passed.

Repository: public minionsx-ai/Statix
Source release: latest v0.1.0
Checks: protected dockerfile-check
Container image: published ghcr.io/minionsx-ai/statix:v0.1.0

Quick start from GHCR

docker pull ghcr.io/minionsx-ai/statix:v0.1.0

docker run --rm -it -v "$PWD:/workspace" -w /workspace \
  ghcr.io/minionsx-ai/statix:v0.1.0

cargo build --release --target x86_64-unknown-linux-musl

Version: v0.1.0
Image: ghcr.io/minionsx-ai/statix:v0.1.0
Digest: ghcr.io/minionsx-ai/statix@sha256:0094c4db34228b652ea854d4daf5cb7e78915340cd5599c334d110626e38f9d2
Target: x86_64-unknown-linux-musl

Validation

The useful signal is not one large build. Statix tracks small smoke fixtures and native dependency failures separately, then keeps slower large workloads manual.

Track	Targets	Status	Why it exists
P0 smoke	hello-static, tokio-cli, reqwest-rustls, crypto-signing, rusqlite-bundled	runtime passed	Basic Rust, async, HTTPS, crypto, and bundled SQLite paths.
P1 native dependencies	openssl-sys-demo, rdkafka-vendored-ssl, rust-rocksdb-demo	runtime passed	OpenSSL, CMake, libclang, C++, librdkafka, and RocksDB behavior.
P2 database/runtime	diesel-sqlite, diesel-postgres	runtime passed	Runtime loading and static link behavior around SQLite and libpq.
Manual large workload	Optional snarkOS v4.6.3 run	manual, patched	Stress evidence for a large native-heavy Rust application; not an upstream support claim.

Image contents

The default image favors a complete, conservative build path over small image size. CMake and LLVM/libclang are source-built on purpose.

Toolchain: Rust 1.95.0, musl 1.2.5, GCC 15.1.0, musl-cross-make.
Native libraries: Static zlib, libffi, ncurses, OpenSSL, curl, PostgreSQL/libpq.
Build tooling: CMake, LLVM/clang, libclang paths, pkg-config defaults, CA bundle settings.

Known limits

These are intentional boundaries for the current release line.

Only x86_64-unknown-linux-musl is supported.
The image is large and slow to build because GCC, CMake, and LLVM are built from source.
Some upstream projects still need source-level musl compatibility patches.
Checksum coverage and SBOM output are planned for a later release.

Roadmap

Done in v0.1: Baseline full-musl builder, public source release, smoke fixtures, and native dependency validation.
Next: GHCR public pull verification, source checksums, SBOM direction, digest pinning docs, and release-image hygiene.
Later: More crate recipes, additional failure-mode docs, and possible target or image variants.