use shared libs, enabling openssl in init

Dockerfile

@@ -1,12 +1,12 @@
 from rust:1.88.0-alpine as rust
 
-run apk add --no-cache git musl-dev libudev-zero-dev # pkgconfig cryptsetup-dev lvm2-dev clang-dev clang-static
+run apk add --no-cache git musl-dev libudev-zero-dev openssl-dev cryptsetup-dev lvm2-dev clang-libs clang-dev
 
 workdir /src
 copy . .
 run --mount=type=cache,id=novit-rs,target=/usr/local/cargo/registry \
     --mount=type=cache,id=novit-rs-target,sharing=private,target=/src/target \
-    cargo build --release && cp target/release/init /
+    RUSTFLAGS="-C target-feature=-crt-static" cargo install --path . --root /dist
 
 # ------------------------------------------------------------------------
 from alpine:3.22.0 as initrd
@@ -17,24 +17,25 @@ workdir /system
 run . /etc/os-release \
  && wget -O- https://dl-cdn.alpinelinux.org/alpine/v${VERSION_ID%.*}/releases/x86_64/alpine-minirootfs-${VERSION_ID}-x86_64.tar.gz |tar zxv
 
-run apk add --no-cache --update -p . musl coreutils \
+run apk add --no-cache --update -p . musl libgcc coreutils \
  lvm2 lvm2-extra lvm2-dmeventd udev cryptsetup \
  e2fsprogs lsblk openssl openssh-server wireguard-tools-wg-quick \
  && rm -rf usr/share/apk var/cache/apk etc/motd
 
 copy etc/sshd_config etc/ssh/sshd_config
 
-run mkdir /layer \
- && mv dev /layer \
-# && find |cpio -H newc -o |lz4 >/layer/system.alz4
+copy --from=rust /dist/bin/init /system/init
+
+run mv dev /layer \
+ && chroot . ldd /init |sed -e 's,.*>\s,,' -e 's,^\s*,,' -e 's,\s.*,,' -e 's,^/,,' |sort |uniq >/required_libs \
+ && tar c init -T /required_libs | tar xv -C /layer |xargs rm -v \
  && find |cpio -H newc -o |zstd -19 >/layer/system.azstd
 
 workdir /layer
-copy --from=rust /init init
 run mkdir -p bin run var/log; cd bin && for cmd in init-version init-connect bootstrap; do ln -s ../init $cmd; done
 
 # check viability
-run chroot . init-version
+run ldd bin/init-version; chroot . init-version
 
 run find * |cpio -H newc -oF /initrd