Skip to content

Commit

Permalink
feat(build): fluidattacks#1388 add glibc
Browse files Browse the repository at this point in the history
- Add glibc to the container image
in order to provide
dynamic linking libraries
on standard paths

Signed-off-by: Daniel Salazar <[email protected]>
  • Loading branch information
dsalaza4 committed Dec 13, 2024
1 parent 9fb257a commit e581a4c
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 9 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/prod.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ concurrency:
group: ${{ github.actor }}
jobs:
deployContainer_makesAmd64:
if: ${{ github.repository == 'fluidattacks/makes' }}
if: ${{ github.repository == 'dsalaza4/makes' }}
runs-on: ubuntu-latest
permissions:
packages: write
Expand All @@ -17,7 +17,7 @@ jobs:
with:
args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /deployContainer/makesAmd64"
deployContainer_makesArm64:
if: ${{ github.repository == 'fluidattacks/makes' }}
if: ${{ github.repository == 'dsalaza4/makes' }}
runs-on: buildjet-2vcpu-ubuntu-2204-arm
permissions:
packages: write
Expand All @@ -31,7 +31,7 @@ jobs:
with:
args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /deployContainer/makesArm64"
deployContainerManifest_makes:
if: ${{ github.repository == 'fluidattacks/makes' }}
if: ${{ github.repository == 'dsalaza4/makes' }}
runs-on: ubuntu-latest
permissions:
packages: write
Expand Down
10 changes: 5 additions & 5 deletions makes.nix
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:amd64";
image = "ghcr.io/dsalaza4/makes:amd64";
src = outputs."/container-image";
sign = true;
};
Expand All @@ -29,7 +29,7 @@
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:arm64";
image = "ghcr.io/dsalaza4/makes:arm64";
src = outputs."/container-image";
sign = true;
};
Expand All @@ -40,17 +40,17 @@
token = "GITHUB_TOKEN";
user = "GITHUB_ACTOR";
};
image = "ghcr.io/fluidattacks/makes:latest";
image = "ghcr.io/dsalaza4/makes:latest";
manifests = [
{
image = "ghcr.io/fluidattacks/makes:amd64";
image = "ghcr.io/dsalaza4/makes:amd64";
platform = {
architecture = "amd64";
os = "linux";
};
}
{
image = "ghcr.io/fluidattacks/makes:arm64";
image = "ghcr.io/dsalaza4/makes:arm64";
platform = {
architecture = "arm64";
os = "linux";
Expand Down
20 changes: 19 additions & 1 deletion makes/container-image/main.nix
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{ outputs, __nixpkgs__, ... }:
__nixpkgs__.dockerTools.buildImage {
__nixpkgs__.dockerTools.buildLayeredImage {
config = {
Env = [
"HOME=/home/root"
Expand All @@ -11,12 +11,29 @@ __nixpkgs__.dockerTools.buildImage {
"NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
"SYSTEM_CERTIFICATE_PATH=/etc/ssl/certs/ca-bundle.crt"

# Support non-nix binaries via nix-ld (glibc)
"NIX_LD_LIBRARY_PATH=${
__nixpkgs__.lib.makeLibraryPath [ __nixpkgs__.stdenv.cc ]
}"
"NIX_LD=${
__nixpkgs__.lib.fileContents
"${__nixpkgs__.stdenv.cc}/nix-support/dynamic-linker"
}"
];
User = "root:root";
WorkingDir = "/working-dir";
};
name = "container-image";
tag = "latest";
maxLayers = 1;

# Support non-nix binaries via nix-ld (glibc)
fakeRootCommands = ''
mkdir /lib64
ln -s /libexec/nix-ld /lib64/$(basename $(< ${__nixpkgs__.stdenv.cc}/nix-support/dynamic-linker))
'';

copyToRoot = __nixpkgs__.buildEnv {
name = "root-file-system";
ignoreCollisions = false;
Expand All @@ -29,6 +46,7 @@ __nixpkgs__.dockerTools.buildImage {
__nixpkgs__.gnugrep
__nixpkgs__.gnutar
__nixpkgs__.gzip
__nixpkgs__.nix-ld
__nixpkgs__.nixVersions.nix_2_15

# Add /usr/bin/env pointing to /bin/env
Expand Down

0 comments on commit e581a4c

Please sign in to comment.