Skip to content

Commit

Permalink
_build.sh: add linux glibc TODO
Browse files Browse the repository at this point in the history
This problem did not improve much in the last 20 years.

The `patchelf` trick as v0.18.0 (2023-04) is broken due to:
https://github dot com/NixOS/patchelf/issues/284
https://github dot com/NixOS/patchelf/pull/374
https://github dot com/NixOS/patchelf/pull/394

It also looks like a rather fragile and accidental hack.

The only real solution is to somehow install older glibc
headers and libs and force-build against them. The force-load
it when running `curl -V` after the build. There seems to be
no out-of-the box way of doing these on Linux.

The common solution is to build on a Linux that is older than
everyone else's who wants to run the binaries bulit. This is
inconvenient, and forces to use old toolchains, possibly with
security and performance consequences.

Another is to use a tool like crosstool-ng, that involves
building the complete toolchain from scratch and also means
to deal with a whole lot of supply chain issues, esp. considering
the tendency that such tools often pull sources unverified
and/or via cleartext HTTP over the internet. Components are
often outdated and use custom patches. Plus resources needed
for building these.

Or possibly using NixOS could help here?

Or deploy with Docker, snap, flatpak, which is another thick
layer of complexity on top.

Links:
https://github.com/phusion/holy-build-box#problem-introduction
https://mesonbuild.com/Creating-Linux-binaries.html
https://andrewkelley.me/post/zig-cc-powerful-drop-in-replacement-gcc-clang.html
https://developers.redhat.com/blog/2019/08/01/how-the-gnu-c-library-handles-backward-compatibility

arm64:
```
U __libc_start_main@GLIBC_2.34
U fstat64@GLIBC_2.33
U fstat@GLIBC_2.33
U pthread_create@GLIBC_2.34
U pthread_detach@GLIBC_2.34
U pthread_getspecific@GLIBC_2.34
U pthread_join@GLIBC_2.34
U pthread_key_create@GLIBC_2.34
U pthread_key_delete@GLIBC_2.34
U pthread_once@GLIBC_2.34
U pthread_rwlock_destroy@GLIBC_2.34
U pthread_rwlock_init@GLIBC_2.34
U pthread_rwlock_rdlock@GLIBC_2.34
U pthread_rwlock_unlock@GLIBC_2.34
U pthread_rwlock_wrlock@GLIBC_2.34
U pthread_setspecific@GLIBC_2.34
U stat64@GLIBC_2.33
U stat@GLIBC_2.33
```

amd64:
```
U __explicit_bzero_chk@GLIBC_2.25
U __libc_start_main@GLIBC_2.34
U fcntl64@GLIBC_2.28
U fstat64@GLIBC_2.33
U fstat@GLIBC_2.33
w getentropy@GLIBC_2.25
U getrandom@GLIBC_2.25
U pthread_create@GLIBC_2.34
U pthread_detach@GLIBC_2.34
U pthread_getspecific@GLIBC_2.34
U pthread_join@GLIBC_2.34
U pthread_key_create@GLIBC_2.34
U pthread_key_delete@GLIBC_2.34
U pthread_once@GLIBC_2.34
U pthread_rwlock_destroy@GLIBC_2.34
U pthread_rwlock_init@GLIBC_2.34
U pthread_rwlock_rdlock@GLIBC_2.34
U pthread_rwlock_unlock@GLIBC_2.34
U pthread_rwlock_wrlock@GLIBC_2.34
U pthread_setspecific@GLIBC_2.34
U stat64@GLIBC_2.33
U stat@GLIBC_2.33
```
  • Loading branch information
vszakats committed Oct 5, 2023
1 parent 07599ed commit f647f83
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions _build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ set -o xtrace -o errexit -o nounset; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o p
# TODO:
# - Change default TLS to BoringSSL (with OPENSSL_SMALL?) or LibreSSL?
# - linux: use musl.
# - linux: fix/mitigate missing GLIBC versioned symbols on systems older than the build machine
# - mac: Test -DSHARE_LIB_OBJECT=ON with curl 8.3.0.
# - Rename _BRANCH to CW_CONFIG internally.
# - Replace .zip with .tar.gz for all-packages artifact (in _ul.sh)?
Expand Down

0 comments on commit f647f83

Please sign in to comment.