From d6053b6ab7722bbc6ea01e3d3627d55162b5462c Mon Sep 17 00:00:00 2001 From: Matteo Merli Date: Mon, 4 Mar 2024 12:04:00 -0800 Subject: [PATCH] Added scripts to build glibc packages for Alpine --- docker/glibc-package/Dockerfile | 70 +++++++++++++++++++ docker/glibc-package/README.md | 39 +++++++++++ docker/glibc-package/scripts/APKBUILD | 50 +++++++++++++ .../scripts/glibc-bin.trigger} | 18 +---- docker/glibc-package/scripts/ld.so.conf | 23 ++++++ docker/pulsar/Dockerfile | 10 +-- 6 files changed, 190 insertions(+), 20 deletions(-) create mode 100644 docker/glibc-package/Dockerfile create mode 100644 docker/glibc-package/README.md create mode 100644 docker/glibc-package/scripts/APKBUILD rename docker/{pulsar/scripts/install-glibc-compat.sh => glibc-package/scripts/glibc-bin.trigger} (62%) create mode 100644 docker/glibc-package/scripts/ld.so.conf diff --git a/docker/glibc-package/Dockerfile b/docker/glibc-package/Dockerfile new file mode 100644 index 0000000000000..935162c113a4f --- /dev/null +++ b/docker/glibc-package/Dockerfile @@ -0,0 +1,70 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + + +ARG GLIBC_VERSION=2.38 + +FROM ubuntu:22.04 as build +ARG GLIBC_VERSION + +RUN apt-get -q update \ + && apt-get -qy install \ + bison \ + build-essential \ + gawk \ + gettext \ + openssl \ + python3 \ + texinfo \ + wget + +# Build GLibc +RUN wget -qO- https://ftpmirror.gnu.org/libc/glibc-${GLIBC_VERSION}.tar.gz | tar zxf - +RUN mkdir /glibc-build +WORKDIR /glibc-build +RUN /glibc-${GLIBC_VERSION}/configure \ + --prefix=/usr/glibc-compat \ + --libdir=/usr/glibc-compat/lib \ + --libexecdir=/usr/glibc-compat/lib \ + --enable-multi-arch \ + --enable-stack-protector=strong +RUN make -j$(nproc) +RUN make install +RUN tar --dereference --hard-dereference -zcf /glibc-bin.tar.gz /usr/glibc-compat + + +################################################ +## Build the APK package +FROM alpine:3.19 +ARG GLIBC_VERSION + +RUN apk add abuild sudo build-base + +RUN mkdir /build +WORKDIR build + +COPY --from=build /glibc-bin.tar.gz /build + +COPY ./scripts /build + +RUN echo "pkgver=\"${GLIBC_VERSION}\"" >> /build/APKBUILD +RUN echo "sha512sums=\"$(sha512sum glibc-bin.tar.gz ld.so.conf)\"" >> /build/APKBUILD + +RUN abuild-keygen -a -i -n +RUN abuild -F -c -r diff --git a/docker/glibc-package/README.md b/docker/glibc-package/README.md new file mode 100644 index 0000000000000..ee1f643705ad2 --- /dev/null +++ b/docker/glibc-package/README.md @@ -0,0 +1,39 @@ + + +# GLibc compatibility package + +This directory includes the Docker scripts to build an image with GLibc compiled for Alpine Linux. + +This is used to ensure plugins that are going to be used in the Pulsar image and that are depeding on GLibc, will +still be working correctly in the Alpine Image. (eg: Netty Tc-Native and Kinesis Producer Library). + +This image only needs to be re-created when we want to upgrade to a newer version of GLibc. + +# Steps + +1. Change the version in the Dockerfile for this directory. +2. Rebuild the image and push it to Docker Hub: +``` +docker buildx build --platform=linux/amd64,linux/arm64 -t apachepulsar/glibc-base:2.38 . --push +``` + +The image tag is then used in `docker/pulsar/Dockerfile`. diff --git a/docker/glibc-package/scripts/APKBUILD b/docker/glibc-package/scripts/APKBUILD new file mode 100644 index 0000000000000..484bdbf34e9f0 --- /dev/null +++ b/docker/glibc-package/scripts/APKBUILD @@ -0,0 +1,50 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +pkgname="glibc" +pkgrel="0" +pkgdesc="GNU C Library compatibility layer" +arch="all" +url="https:/pulsar.apache.org" +license="LGPL" +options="!check" +source="glibc-bin.tar.gz +ld.so.conf" +subpackages="${pkgname}-bin ${pkgname}-dev" +triggers="glibc-bin.trigger=/lib:/usr/lib:/usr/glibc-compat/lib" +depends="gcompat libuuid" + +package() { + mkdir -p $pkgdir/lib $pkgdir/usr/glibc-compat/lib/locale $pkgdir/usr/glibc-compat/lib64 $pkgdir/etc $pkgdir/usr/glibc-compat/etc/ + cp -a $srcdir/usr $pkgdir + cp $srcdir/ld.so.conf $pkgdir/usr/glibc-compat/etc/ld.so.conf + cd $pkgdir/usr/glibc-compat + rm -rf etc/rpc bin sbin lib/gconv lib/getconf lib/audit share var include + ln -s /usr/glibc-compat/lib/ld-linux-$(uname -m).so.1 $pkgdir/lib + ln -s /usr/glibc-compat/lib/ld-linux-$(uname -m).so.1 $pkgdir/usr/glibc-compat/lib64 + ln -s /usr/glibc-compat/etc/ld.so.cache $pkgdir/etc/ld.so.cache +} + +bin() { + depends="$pkgname bash libc6-compat libgcc" + mkdir -p $subpkgdir/usr/glibc-compat + cp -a $srcdir/usr/glibc-compat/bin $subpkgdir/usr/glibc-compat + cp -a $srcdir/usr/glibc-compat/sbin $subpkgdir/usr/glibc-compat +} + diff --git a/docker/pulsar/scripts/install-glibc-compat.sh b/docker/glibc-package/scripts/glibc-bin.trigger similarity index 62% rename from docker/pulsar/scripts/install-glibc-compat.sh rename to docker/glibc-package/scripts/glibc-bin.trigger index f871847ddd655..5bae5d7ca2bda 100755 --- a/docker/pulsar/scripts/install-glibc-compat.sh +++ b/docker/glibc-package/scripts/glibc-bin.trigger @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/sh # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file @@ -18,18 +18,4 @@ # under the License. # -set -e -x - -ARCH=$(uname -m) -if [ "$ARCH" == "x86_64" ] -then - cd /tmp - echo 'https://storage.sev.monster/alpine/edge/testing' | tee -a /etc/apk/repositories - wget https://storage.sev.monster/alpine/edge/testing/x86_64/sevmonster-keys-1-r0.apk - apk add --no-cache --allow-untrusted ./sevmonster-keys-1-r0.apk - apk update - apk add gcompat libuuid - rm /lib/ld-linux-x86-64.so.2 - apk add --no-cache --force-overwrite glibc glibc-bin - rm *.apk -fi +/usr/glibc-compat/sbin/ldconfig \ No newline at end of file diff --git a/docker/glibc-package/scripts/ld.so.conf b/docker/glibc-package/scripts/ld.so.conf new file mode 100644 index 0000000000000..6548b9300bb9c --- /dev/null +++ b/docker/glibc-package/scripts/ld.so.conf @@ -0,0 +1,23 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +/usr/local/lib +/usr/glibc-compat/lib +/usr/lib +/lib diff --git a/docker/pulsar/Dockerfile b/docker/pulsar/Dockerfile index 74eabdceb76e1..83d1647f8f137 100644 --- a/docker/pulsar/Dockerfile +++ b/docker/pulsar/Dockerfile @@ -79,6 +79,8 @@ RUN echo networkaddress.cache.ttl=1 >> /opt/jvm/conf/security/java.security RUN echo networkaddress.cache.negative.ttl=1 >> /opt/jvm/conf/security/java.security +FROM merlimat/glibc-base:2.38 as glibc + ## Create final stage from Alpine image ## and add OpenJDK and Python dependencies (for Pulsar functions) FROM alpine:3.19.1 @@ -91,6 +93,10 @@ RUN apk add --no-cache \ py3-pip \ ca-certificates +# Install GLibc compatibility library +COPY --from=glibc /root/packages /root/packages +RUN apk add --allow-untrusted --force-overwrite /root/packages/$(uname -m)/glibc-${GLIBC_VERSION}-r0.apk /root/packages/$(uname -m)/glibc-bin-${GLIBC_VERSION}-r0.apk + COPY --from=jvm /opt/jvm /opt/jvm ENV JAVA_HOME=/opt/jvm @@ -101,10 +107,6 @@ ENV PULSAR_ROOT_LOGGER=INFO,CONSOLE COPY --from=pulsar /pulsar /pulsar -## Netty TC native and Kinesis producer library are based on a C/C++ binary linked with Glibc -## Install compatibility library -RUN /pulsar/bin/install-glibc-compat.sh - WORKDIR /pulsar ENV PATH=$PATH:$JAVA_HOME/bin:/pulsar/bin