Compiled releases are dynamically linked #83

keymon · 2016-01-05T14:24:15Z

The releases published in this repo are dynamically linked:

$ file spruce
spruce: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), not stripped

This can be a problem in scenarios like docker alpine. For instance, this Dockerfile, if you build it:

cat <<EOF > Dockerfile
FROM alpine:3.3

ENV SPRUCE_VERSION 0.13.0

RUN apk add --update wget ca-certificates \
  && wget https://github.com/geofffranks/spruce/releases/download/v${SPRUCE_VERSION}/spruce_${SPRUCE_VERSION}_linux_amd64.tar.gz \
  && tar -xvzf spruce_${SPRUCE_VERSION}_linux_amd64.tar.gz \
  && mv spruce_${SPRUCE_VERSION}_linux_amd64/spruce /usr/local/bin/ \
  && rm -rf spruce_${SPRUCE_VERSION}_linux_amd64* \
  && apk del wget ca-certificates \
  && rm -rf /var/cache/apk/*
EOF
docker build -t alpine-spruce .
docker run -i -t alpine-spruce ldd /usr/local/bin/spruce

It fails:

$ docker run -i -t alpine-spruce ldd /usr/local/bin/spruce
    /lib64/ld-linux-x86-64.so.2 (0x557b2cfc0000)
    libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x557b2cfc0000)
    libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x557b2cfc0000)
Error relocating /usr/local/bin/spruce: __vfprintf_chk: symbol not found

In this thread they discuss the topic and it seems that the magic solution is compile the binary with:

go build -tags netgo -installsuffix netgo .

Which indeed generates a static file:

$ file spruce 
spruce: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), statically linked, not stripped

The text was updated successfully, but these errors were encountered:

keymon · 2016-01-05T14:34:04Z

It seems that go1.5 stabilises this:

$ go version
go version go1.5 linux/amd64
$ CGO_ENABLED=0 go build .
$ file spruce 
spruce: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), statically linked, not stripped

More info: https://golang.org/cmd/cgo/

jhunt · 2016-01-11T18:49:52Z

I believe this is a disparity between how gox and go build do things, and how goxc (used by release pipelines) does things:

$ gox -osarch linux/amd64
...
$ file spruce_linux_amd64
spruce_linux_amd64: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped

@keymon: what happens if you just go build (without the -tags) on a Linux platform?

keymon · 2016-01-12T10:17:06Z

With both Go 1.4 and Go 1.5 it compiles dynamically:

$ cd $GOPATH/src/github.com/geofffranks/spruce
$ go build ./...
$ file spruce 
spruce: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), not stripped

But with GO 1.5, you can get a static binary if you set the environment variable CGO_ENABLED=0:

$ go version
go version go1.5 linux/amd64
$ CGO_ENABLED=0 go build ./...
$ file spruce 
spruce: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), statically linked, not stripped

Instead, with go 1.4, that environment variable does not work, and the workaround is using the -tags

$ go version
go version go1.4 linux/amd64
$ CGO_ENABLED=0 go build ./...
$ file spruce 
spruce: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
$ rm spruce 
$ go build -tags netgo -installsuffix netgo ./...
$ file spruce 
spruce: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), statically linked, not stripped

keymon · 2016-01-12T10:17:47Z

So, basically, if you compile it with Go 1.5 and export CGO_ENABLED=0, we should be fine.

Fixes #83

We have been using the version 0.13.0 of spruce, but compiling it in the Dockerfile because the release binary version did link to the debian/ubuntu libc. We were not pinning the git commit of the spruce code. But the upstream project has some changes that makes fail the build, probably new dependencies added which require the use of godep. As since geofffranks/spruce#83 the binary in the releases is OK and can work in a plain alpine, we can create a container pulling the binary release. This will simplify our container, make it smaller and pin the version number.

keymon changed the title ~~Releases compiled dynamically linked~~ Compiled releases are dynamically linked Jan 5, 2016

keymon mentioned this issue Jan 5, 2016

[#109060102] Add new container curl-ssl alphagov/paas-docker-cloudfoundry-tools#7

Merged

jhunt self-assigned this Jan 12, 2016

jhunt added a commit that referenced this issue Jan 12, 2016

Switch to Go 1.5 during release pipelines

016a5b7

Fixes #83

jhunt mentioned this issue Jan 12, 2016

Switch to Go 1.5 during release pipelines #87

Merged

geofffranks closed this as completed in #87 Jan 13, 2016

keymon mentioned this issue Mar 8, 2016

[#115258555] Use the latest spruce 1.1.2 from release alphagov/paas-docker-cloudfoundry-tools#31

Closed

wangkuiyi mentioned this issue Sep 28, 2016

在 Ubuntu 16.04 下 go install 的 binary 运行于基于 golang:alpine 的 container 中出错 k8sp/sextant#260

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Compiled releases are dynamically linked #83

Compiled releases are dynamically linked #83

keymon commented Jan 5, 2016

keymon commented Jan 5, 2016

jhunt commented Jan 11, 2016

keymon commented Jan 12, 2016

keymon commented Jan 12, 2016

Compiled releases are dynamically linked #83

Compiled releases are dynamically linked #83

Comments

keymon commented Jan 5, 2016

keymon commented Jan 5, 2016

jhunt commented Jan 11, 2016

keymon commented Jan 12, 2016

keymon commented Jan 12, 2016