From 67ff7e72fee6a220e7216b0119a51cde57d0f419 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 31 Aug 2023 01:07:49 +0000 Subject: [PATCH] _build.sh: add linux glibc TODO This problem did not improve much in the last 20 years. The `patchelf` trick as v0.18.0 (2023-04) is broken due to: https://github dot com/NixOS/patchelf/issues/284 https://github dot com/NixOS/patchelf/pull/374 https://github dot com/NixOS/patchelf/pull/394 It also looks like a rather fragile and accidental hack. The only real solution is to somehow install older glibc headers and libs and force-build against them. The force-load it when running `curl -V` after the build. There seems to be no out-of-the box way of doing these on Linux. The common solution is to build on a Linux that is older than everyone else's who wants to run the binaries bulit. This is inconvenient, and forces to use old toolchains, possibly with security and performance consequences. Another is to use a tool like crosstool-ng, that involves building the complete toolchain from scratch and also means to deal with a whole lot of supply chain issues, esp. considering the tendency that such tools often pull sources unverified and/or via cleartext HTTP over the internet. Components are often outdated and use custom patches. Plus resources needed for building these. Or possibly using NixOS could help here? Or deploy with Docker, snap, flatpak, which is another thick layer of complexity on top. Links: https://github.com/phusion/holy-build-box#problem-introduction https://mesonbuild.com/Creating-Linux-binaries.html https://andrewkelley.me/post/zig-cc-powerful-drop-in-replacement-gcc-clang.html https://developers.redhat.com/blog/2019/08/01/how-the-gnu-c-library-handles-backward-compatibility arm64: ``` U __libc_start_main@GLIBC_2.34 U fstat64@GLIBC_2.33 U fstat@GLIBC_2.33 U pthread_create@GLIBC_2.34 U pthread_detach@GLIBC_2.34 U pthread_getspecific@GLIBC_2.34 U pthread_join@GLIBC_2.34 U pthread_key_create@GLIBC_2.34 U pthread_key_delete@GLIBC_2.34 U pthread_once@GLIBC_2.34 U pthread_rwlock_destroy@GLIBC_2.34 U pthread_rwlock_init@GLIBC_2.34 U pthread_rwlock_rdlock@GLIBC_2.34 U pthread_rwlock_unlock@GLIBC_2.34 U pthread_rwlock_wrlock@GLIBC_2.34 U pthread_setspecific@GLIBC_2.34 U stat64@GLIBC_2.33 U stat@GLIBC_2.33 ``` amd64: ``` U __explicit_bzero_chk@GLIBC_2.25 U __libc_start_main@GLIBC_2.34 U fcntl64@GLIBC_2.28 U fstat64@GLIBC_2.33 U fstat@GLIBC_2.33 w getentropy@GLIBC_2.25 U getrandom@GLIBC_2.25 U pthread_create@GLIBC_2.34 U pthread_detach@GLIBC_2.34 U pthread_getspecific@GLIBC_2.34 U pthread_join@GLIBC_2.34 U pthread_key_create@GLIBC_2.34 U pthread_key_delete@GLIBC_2.34 U pthread_once@GLIBC_2.34 U pthread_rwlock_destroy@GLIBC_2.34 U pthread_rwlock_init@GLIBC_2.34 U pthread_rwlock_rdlock@GLIBC_2.34 U pthread_rwlock_unlock@GLIBC_2.34 U pthread_rwlock_wrlock@GLIBC_2.34 U pthread_setspecific@GLIBC_2.34 U stat64@GLIBC_2.33 U stat@GLIBC_2.33 ``` --- _build.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/_build.sh b/_build.sh index 06f8f0da8..ad435ede4 100755 --- a/_build.sh +++ b/_build.sh @@ -76,6 +76,7 @@ set -o xtrace -o errexit -o nounset; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o p # TODO: # - Change default TLS to BoringSSL (with OPENSSL_SMALL?) or LibreSSL? # - linux: use musl. +# - linux: fix/mitigate missing GLIBC versioned symbols on systems older than the build machine # - mac: Test -DSHARE_LIB_OBJECT=ON with curl 8.3.0. # - Rename _BRANCH to CW_CONFIG internally. # - Replace .zip with .tar.gz for all-packages artifact (in _ul.sh)?