From 4368dfb27c0f431733164799b03531d9435951ae Mon Sep 17 00:00:00 2001 From: Daniel Salazar Date: Fri, 13 Dec 2024 13:35:49 -0500 Subject: [PATCH] feat(build): #1388 add glibc - Add glibc to the container image in order to provide dynamic linking libraries on standard paths Signed-off-by: Daniel Salazar --- .github/workflows/prod.yml | 6 +++--- makes.nix | 10 +++++----- makes/container-image/main.nix | 16 ++++++++++++++++ 3 files changed, 24 insertions(+), 8 deletions(-) diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml index 3d809f8b..7c09d511 100644 --- a/.github/workflows/prod.yml +++ b/.github/workflows/prod.yml @@ -3,7 +3,7 @@ concurrency: group: ${{ github.actor }} jobs: deployContainer_makesAmd64: - if: ${{ github.repository == 'fluidattacks/makes' }} + if: ${{ github.repository == 'dsalaza4/makes' }} runs-on: ubuntu-latest permissions: packages: write @@ -17,7 +17,7 @@ jobs: with: args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /deployContainer/makesAmd64" deployContainer_makesArm64: - if: ${{ github.repository == 'fluidattacks/makes' }} + if: ${{ github.repository == 'dsalaza4/makes' }} runs-on: buildjet-2vcpu-ubuntu-2204-arm permissions: packages: write @@ -31,7 +31,7 @@ jobs: with: args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /deployContainer/makesArm64" deployContainerManifest_makes: - if: ${{ github.repository == 'fluidattacks/makes' }} + if: ${{ github.repository == 'dsalaza4/makes' }} runs-on: ubuntu-latest permissions: packages: write diff --git a/makes.nix b/makes.nix index c7934471..40da21e5 100644 --- a/makes.nix +++ b/makes.nix @@ -20,7 +20,7 @@ token = "GITHUB_TOKEN"; user = "GITHUB_ACTOR"; }; - image = "ghcr.io/fluidattacks/makes:amd64"; + image = "ghcr.io/dsalaza4/makes:amd64"; src = outputs."/container-image"; sign = true; }; @@ -29,7 +29,7 @@ token = "GITHUB_TOKEN"; user = "GITHUB_ACTOR"; }; - image = "ghcr.io/fluidattacks/makes:arm64"; + image = "ghcr.io/dsalaza4/makes:arm64"; src = outputs."/container-image"; sign = true; }; @@ -40,17 +40,17 @@ token = "GITHUB_TOKEN"; user = "GITHUB_ACTOR"; }; - image = "ghcr.io/fluidattacks/makes:latest"; + image = "ghcr.io/dsalaza4/makes:latest"; manifests = [ { - image = "ghcr.io/fluidattacks/makes:amd64"; + image = "ghcr.io/dsalaza4/makes:amd64"; platform = { architecture = "amd64"; os = "linux"; }; } { - image = "ghcr.io/fluidattacks/makes:arm64"; + image = "ghcr.io/dsalaza4/makes:arm64"; platform = { architecture = "arm64"; os = "linux"; diff --git a/makes/container-image/main.nix b/makes/container-image/main.nix index 2614bcdf..6b9a1f1f 100644 --- a/makes/container-image/main.nix +++ b/makes/container-image/main.nix @@ -11,12 +11,22 @@ __nixpkgs__.dockerTools.buildImage { "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" "SYSTEM_CERTIFICATE_PATH=/etc/ssl/certs/ca-bundle.crt" + + # Support non-nix binaries via nix-ld + "NIX_LD_LIBRARY_PATH=${ + __nixpkgs__.lib.makeLibraryPath [ __nixpkgs__.stdenv.cc ] + }" + "NIX_LD=${ + __nixpkgs__.lib.fileContents + "${__nixpkgs__.stdenv.cc}/nix-support/dynamic-linker" + }" ]; User = "root:root"; WorkingDir = "/working-dir"; }; name = "container-image"; tag = "latest"; + copyToRoot = __nixpkgs__.buildEnv { name = "root-file-system"; ignoreCollisions = false; @@ -31,6 +41,12 @@ __nixpkgs__.dockerTools.buildImage { __nixpkgs__.gzip __nixpkgs__.nixVersions.nix_2_15 + # Support non-nix binaries via nix-ld + (__nixpkgs__.runCommand "dynamic-linker" { } '' + mkdir -p $out/lib64 + ln -s ${__nixpkgs__.nix-ld}/libexec/nix-ld $out/lib64/$(basename $(< ${__nixpkgs__.stdenv.cc}/nix-support/dynamic-linker)) + '') + # Add /usr/bin/env pointing to /bin/env (__nixpkgs__.runCommand "user-bin-env" { } '' mkdir -p $out/usr/bin