feat: glibc extension

jfroy · frezbo · commit c7eb3771943e · 2024-10-18T21:13:04.000+05:30
The extension is mostly copied from the package that is in the nvidia toolkit extensions, but with a few notable changes. - A symbolic link to `ldconfig` is installed at `/sbin/ldconfig`. This allows the nvidia gpu-operator to work without modification. A patch to the extension validation logic is required to allow the new path. - The `/usr/local/glibc` subtree is now structured as a [merged `/usr` root](https://systemd.io/THE_CASE_FOR_THE_USR_MERGE/). This improves compatbility with ld-linux.so.2 for library discovery. Signed-off-by: Jean-Francois Roy <jf@devklog.net> Signed-off-by: Noel Georgi <git@frezbo.dev>
diff --git a/.kres.yaml b/.kres.yaml
@@ -14,6 +14,7 @@ spec:
     - ecr-credential-provider
     - fuse3
     - gasket-driver
+    - glibc
     - gvisor
     - gvisor-debug
     - hello-world-service
diff --git a/Makefile b/Makefile
@@ -65,6 +65,7 @@ TARGETS += drbd
 TARGETS += ecr-credential-provider
 TARGETS += fuse3
 TARGETS += gasket-driver
+TARGETS += glibc
 TARGETS += gvisor
 TARGETS += gvisor-debug
 TARGETS += hello-world-service
diff --git a/README.md b/README.md
@@ -79,9 +79,10 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi
 
 ### Miscellaneous
 
-| Name                            | Image                                                                                                 | Description                 | Version Format  |
-| ------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------- | --------------- |
-| [binfmt-misc](misc/binfmt-misc) | [ghcr.io/siderolabs/binfmt-misc](https://github.com/siderolabs/extensions/pkgs/container/binfmt-misc) | Miscellaneous Binary Format | `talos version` |
+| Name                            | Image                                                                                                 | Description                 | Version Format     |
+| ------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------- | ------------------ |
+| [binfmt-misc](misc/binfmt-misc) | [ghcr.io/siderolabs/binfmt-misc](https://github.com/siderolabs/extensions/pkgs/container/binfmt-misc) | Miscellaneous Binary Format | `talos version`    |
+| [glibc](misc/glibc)             | [ghcr.io/siderolabs/glibc](https://github.com/siderolabs/extensions/pkgs/container/glibc)             | glibc                       | `upstream version` |
 
 ### Network
 
diff --git a/internal/base/pkg.yaml b/internal/base/pkg.yaml
@@ -4,7 +4,7 @@ shell: /toolchain/bin/bash
 dependencies:
   - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/base:{{ .BUILD_ARG_PKGS }}"
   - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/ca-certificates:{{ .BUILD_ARG_PKGS }}"
-  - image: ghcr.io/siderolabs/extensions-validator:4313acf
+  - image: ghcr.io/siderolabs/extensions-validator:aa3b467
 finalize:
   - from: /
     to: /
diff --git a/misc/glibc/ld.so.conf b/misc/glibc/ld.so.conf
@@ -0,0 +1 @@
+/usr/local/glibc/usr/lib
diff --git a/misc/glibc/manifest.yaml b/misc/glibc/manifest.yaml
@@ -0,0 +1,10 @@
+version: v1alpha1
+metadata:
+  name: glibc
+  version: "$VERSION"
+  author: Jean-Francois Roy
+  description: |
+    This system extension provides glibc.
+  compatibility:
+    talos:
+      version: ">= v1.9.0"
diff --git a/misc/glibc/pkg.yaml b/misc/glibc/pkg.yaml
@@ -11,11 +11,13 @@ dependencies:
   - image: cgr.dev/chainguard/wolfi-base@{{ .WOLFI_BASE_REF }}
 steps:
   - sources:
-      - url: https://src.fedoraproject.org/lookaside/pkgs/glibc/glibc-{{ .GLIBC_VERSION }}-9-g132a72f93c.tar.xz/sha512/f88ffb4ab47104640c88504ca2619cdca0795565173daf98a37d624333e14ab96699f662597fe51ba94a274c4cc7001bd2c8cc29fd5df012733298049e533bf4/glibc-{{ .GLIBC_VERSION }}-9-g132a72f93c.tar.xz
+      - url: https://src.fedoraproject.org/lookaside/pkgs/glibc/glibc-{{ .GLIBC_VERSION }}-9-g132a72f93c.tar.xz/sha512/f88ffb4ab47104640c88504ca2619cdca0795565173daf98a37d624333e14ab96699f662597fe51ba94a274c4cc7001bd2c8cc29fd5df012733298049e533bf4/glibc-{{ .VERSION }}-9-g132a72f93c.tar.xz
         destination: glibc.tar.xz
         sha256: 49cd4eed693ffa9010d81e1c75ab33a278a7cbb404a01564b2e287e04ec3d4d3
         sha512: f88ffb4ab47104640c88504ca2619cdca0795565173daf98a37d624333e14ab96699f662597fe51ba94a274c4cc7001bd2c8cc29fd5df012733298049e533bf4
     prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
       - |
         tar -xf glibc.tar.xz --strip-components=1
 
@@ -24,8 +26,8 @@ steps:
 
         ../configure \
           --prefix=/usr/local/glibc \
-          --libdir=/usr/local/glibc/lib \
-          --libexecdir=/usr/local/glibc/lib \
+          --libdir=/usr/local/glibc/usr/lib \
+          --libexecdir=/usr/local/glibc/usr/lib \
           --enable-stack-protection=strong \
           --disable-werror
     build:
@@ -34,13 +36,25 @@ steps:
         make -j $(nproc)
     install:
       - |
-        mkdir -p /rootfs/lib64
+        mkdir -p \
+          /rootfs/usr/local/glibc/usr/bin \
+          /rootfs/usr/local/glibc/usr/lib \
+          /rootfs/usr/local/glibc/usr/lib32 \
+          /rootfs/usr/local/glibc/usr/sbin
+        ln -s usr/bin/ /rootfs/usr/local/glibc/bin
+        ln -s usr/lib/ /rootfs/usr/local/glibc/lib
+        ln -s usr/lib/ /rootfs/usr/local/glibc/lib64
+        ln -s usr/sbin/ /rootfs/usr/local/glibc/sbin
+        ln -s lib/ /rootfs/usr/local/glibc/usr/lib64
 
         cd build
         make install DESTDIR=/rootfs
 
         cp /pkg/ld.so.conf /rootfs/usr/local/glibc/etc/ld.so.conf
-        ln -s /usr/local/glibc/lib/ld-linux-x86-64.so.2 /rootfs/lib64/ld-linux-x86-64.so.2
+
+        mkdir -p /rootfs/lib64 /rootfs/sbin
+        ln -s /usr/local/glibc/usr/lib/ld-linux-x86-64.so.2 /rootfs/lib64/ld-linux-x86-64.so.2
+        ln -s /usr/local/glibc/usr/sbin/ldconfig /rootfs/sbin/ldconfig
 
         # cleanup
         rm -rf /rootfs/usr/local/glibc/include
@@ -49,3 +63,5 @@ steps:
 finalize:
   - from: /rootfs
     to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /
diff --git a/misc/glibc/vars.yaml b/misc/glibc/vars.yaml
@@ -0,0 +1,4 @@
+# renovate: datasource=docker versioning=docker depName=cgr.dev/chainguard/wolfi-base
+WOLFI_BASE_REF: sha256:72c8bfed3266b2780243b144dc5151150015baf5a739edbbde53d154574f1607
+
+VERSION: {{ .GLIBC_VERSION }}
diff --git a/misc/vars.yaml b/misc/vars.yaml
@@ -0,0 +1,2 @@
+# renovate: datasource=git-tags extractVersion=^glibc-(?<version>.*)$ depName=https://sourceware.org/git/glibc.git
+GLIBC_VERSION: 2.40
diff --git a/nvidia-gpu/nvidia-container-toolkit/glibc/ld.so.conf b/nvidia-gpu/nvidia-container-toolkit/glibc/ld.so.conf
diff --git a/nvidia-gpu/vars.yaml b/nvidia-gpu/vars.yaml
@@ -11,8 +11,6 @@ LIBNVIDIA_CONTAINER_VERSION: v1.16.1
 LIBNVIDIA_CONTAINER_REF: 4c2494f16573b585788a42e9c7bee76ecd48c73d
 # renovate: datasource=docker versioning=docker depName=cgr.dev/chainguard/wolfi-base
 WOLFI_BASE_REF: sha256:72c8bfed3266b2780243b144dc5151150015baf5a739edbbde53d154574f1607
-# renovate: datasource=git-tags extractVersion=^glibc-(?<version>.*)$ depName=https://sourceware.org/git/glibc.git
-GLIBC_VERSION: 2.40
 # renovate: datasource=github-tags extractVersion=^v(?<version>.*)$ depName=seccomp/libseccomp
 LIBSECCOMP_VERSION: 2.5.5
 # renovate: datasource=git-tags extractVersion=^libcap-(?<version>.*)$ depName=git://git.kernel.org/pub/scm/libs/libcap/libcap.git
diff --git a/reproducibility/pkg.yaml b/reproducibility/pkg.yaml
@@ -23,6 +23,8 @@ dependencies:
   - stage: fuse3
   # gasket-driver can be ignored from reproducibility test since it's kernel modules copied from pkgs
   # - stage: gasket-driver
+
+  - stage: glibc
   - stage: gvisor
   - stage: gvisor-debug
   - stage: hello-world-service

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# renovate: datasource=git-tags extractVersion=^glibc-(?<version>.*)$ depName=https://sourceware.org/git/glibc.git`
	`2`	`+GLIBC_VERSION: 2.40`