Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Statically Generated jq via Docker immediately segfaults #2088

Closed
kloospirent opened this issue Mar 27, 2020 · 8 comments
Closed

Statically Generated jq via Docker immediately segfaults #2088

kloospirent opened this issue Mar 27, 2020 · 8 comments
Labels
Milestone

Comments

@kloospirent
Copy link

kloospirent commented Mar 27, 2020

Describe the bug
I am trying to build a statically linked jq using Docker. The build completes, but if I try to run jq, I get an immediate Segmentation Fault (core dumped).

To Reproduce
Build a docker using:

FROM debian:9

ENV installdir /opt
ENV outdir /code

ENV DEBIAN_FRONTEND=noninteractive
DEBCONF_NONINTERACTIVE_SEEN=true
LC_ALL=C.UTF-8
LANG=C.UTF-8

RUN mkdir -p ${installdir}
RUN mkdir -p ${outdir}

RUN cd ${installdir} &&
apt-get update &&
apt-get install -y
build-essential
autoconf
libtool
git
bison
flex
python3
python3-pip
wget &&
pip3 install pipenv &&
git clone https://github.com/SpirentOrion/jq.git &&
cd jq &&
git submodule update --init &&
autoreconf -fi &&
./configure --with-oniguruma=builtin --disable-docs &&
make -j8 LDFLAGS=-all-static &&
#make check &&
make install &&
apt-get purge -y
build-essential
autoconf
libtool
bison
git
flex
python3
python3-pip &&
apt-get autoremove -y

Run the jq binary

Expected behavior
jq should output usage

Environment (please complete the following information):
Ubuntu running a Debian Docker container

Additional context
Starting program:
No executable file specified.
Use the "file" or "exec-file" command.
(gdb) file jq
Reading symbols from /mnt/spirent/tmp/jq...done.
(gdb) run
Starting program: /mnt/spirent/tmp/jq

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) quit()
A debugging session is active.

    Inferior 1 [process 24786] will be killed.

Quit anyway? (y or n) y
A syntax error in expression, near `)'.
(gdb) quit
A debugging session is active.

    Inferior 1 [process 24786] will be killed.
@ydcool
Copy link

ydcool commented Oct 27, 2020

Get the same error, any progress?

@xkortex
Copy link

xkortex commented Nov 18, 2020

I'm also interested in a static jq I can easily stick in arbitrary docker containers. I tried messing around with the flags a bit but it seems so long as you have make LDFLAGS=-all-static or ./configure --enable-all-static, it segfaults.

I was able to get a static binary which seems to work for all my purposes with tag jq-1.5 and this dockerfile (you could consolidate the RUN lines but since we are multi-staging it shouldn't really matter and this is faster to debug):

FROM debian:9

ENV DEBIAN_FRONTEND=noninteractive \
    DEBCONF_NONINTERACTIVE_SEEN=true \
    LC_ALL=C.UTF-8 \
    LANG=C.UTF-8

RUN apt-get update && \
    apt-get install -y \
        build-essential \
        autoconf \
        libtool \
        git \
        bison \
        flex \
        wget && \
    rm -rf /var/lib/apt/lists/*

RUN git clone --depth 1 --branch jq-1.5 https://github.com/stedolan/jq.git /app
## have to skip building docs but I don't need them for my use case 
RUN  cd /app && \
        git submodule init && \
        git submodule update && \
        autoreconf -i && \
        ./configure --disable-valgrind --enable-all-static --prefix=/usr/local && \
        make LDFLAGS=-all-static -j`nproc`

# testing onigurama will fail, this line just shows the error 
RUN      make check || echo "check failed"

FROM busybox
COPY --from=0 /app/jq /bin/jq

@wtlangford
Copy link
Contributor

Can you share details about the segfault you're getting?

@wader
Copy link
Member

wader commented Sep 23, 2021

Same issue for me, here is backtrace after running the image and install gdb in it:

...
(gdb) r
Starting program: /usr/local/bin/jq
warning: Error disabling address space randomization: Operation not permitted

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) b
Breakpoint 1 at 0x0
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x000000000049ee16 in __register_frame_info.part.4 ()
#2  0x0000000000402e3d in frame_dummy ()
#3  0x000000000049ffb7 in __libc_csu_init ()
#4  0x000000000049f54b in generic_start_main ()
#5  0x000000000049f962 in __libc_start_main ()
#6  0x0000000000402d6a in _start ()
(gdb) quit

Maybe a more stable option could be to build image using alpine which is more static binary friendly. Here is Dockerfile i use:

FROM alpine:3.14 AS builder
RUN apk add --no-cache \
    coreutils \
    build-base \
    autoconf \
    automake \
    libtool \
    git
COPY . /app
WORKDIR /app
RUN git submodule init && \
    git submodule update && \
    autoreconf -i && \
    ./configure --disable-valgrind --enable-all-static --prefix=/usr/local && \
    make -j$(nproc) && \
    make install

FROM scratch
COPY --from=builder /usr/local/bin/jq /
RUN ["/jq", "--version"]
ENTRYPOINT ["/jq"]

I skipped the python parts, note sure if they are needed? is the current Dockerfile meant to also work as a developer environtment?

@woodgear
Copy link

find same problem when build static jq on ubuntu 20.04

@itchyny itchyny added the docker label Jun 3, 2023
@itchyny itchyny added this to the 1.7 release milestone Jul 3, 2023
@itchyny
Copy link
Contributor

itchyny commented Jul 4, 2023

I cannot reproduce this issue with the latest version.

@wader
Copy link
Member

wader commented Jul 4, 2023

@itchyny i think this might be the same issue as i mentioned here #2620 (comment) my guess is some versions of pthreads really don't like to be statically linked, i've run into this before when there are weak symbols etc that don't get resolved for some reason.

So if we do static builds using glibc and libpthread i think we need to be a bit careful when updating versions to make sure it still produces working binaries. Now the dockerfile does that (test runs in scratch container) but maybe we should add something to the CI/release tests also?

@itchyny
Copy link
Contributor

itchyny commented Jul 4, 2023

@wader Thank you for explanation. Yes, testing in scratch sounds good to validate the executable. Closing the issue anyway.

@itchyny itchyny closed this as completed Jul 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

7 participants