docker
[master] static-linux: verify that binaries are static
Wondering if this is expected;
vpnkit is not static, exiting...
Makefile:27: recipe for target 'static-linux' failed
@djs55 checked this, and it looks indeed that vpnkit is not fully statically linked;
Sending build context to Docker daemon 2.048kB
Step 1/3 : FROM docker.io/djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e as vpnkit
sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e: Pulling from djs55/vpnkit
bad55c542dc9: Pull complete
Digest: sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e
Status: Downloaded newer image for djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e
---> e49efe6f0050
Step 2/3 : FROM alpine
---> e7d92cdc71fe
Step 3/3 : COPY --from=vpnkit /vpnkit /vpnkit
---> 84168be1ef92
Successfully built 84168be1ef92
Successfully tagged test:latest
Dave-MBP:foo djs$ docker run -it test sh
/ # ldd /vpnkit
/lib/ld-musl-x86_64.so.1 (0x7fce03122000)
opened https://github.com/moby/vpnkit/issues/499
/cc @AkihiroSuda @tiborvass FYI
$ docker create --name foo djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e dummy
0c8bc7c8ded069648f49584cac731dad764ba6e6bb7f2567d64b592e1e94e27e
$ docker cp foo:/vpnkit .
$ sha256sum vpnkit
7c4c49f22231bb156ed5b22f3dafa78e5857e2d7181d1ef2229fe704ec4f3266 vpnkit
$ ldd vpnkit
statically linked
I'm not familiar with ELF stuff, but $ docker run --rm djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e /vpnkit --help doesn't show any error about musl. So it seems actually static.
Right, so looks like it's not an actual problem (for reference; I was backporting some checks that I found in our private packaging repositories)
But I'm curious now! LOL
For a minute I thought this was fixed, but looks like because we may need https://github.com/docker/docker-ce-packaging/pull/510 so that failures actually make the build fail - currently the failure is unhandled;
make[2]: Leaving directory '/home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker'
mkdir -p build/linux/docker
cp /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/cli/build/docker build/linux/docker/
for f in dockerd containerd ctr containerd-shim containerd-shim-runc-v2 docker-init docker-proxy runc; do \
if ldd >/dev/null 2>/dev/null /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f; then echo "$f is not static, exiting..."; exit 1; fi; \
cp -L /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f build/linux/docker/$f; \
done
tar -C build/linux -c -z -f build/linux/docker-0.0.0-20210311145359-d3c36a2.tgz docker
# extra binaries for running rootless
mkdir -p build/linux/docker-rootless-extras
for f in rootlesskit rootlesskit-docker-proxy dockerd-rootless.sh dockerd-rootless-setuptool.sh vpnkit; do \
if [ -f /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f ]; then \
if ldd >/dev/null 2>/dev/null /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f; then echo "$f is not static, exiting..."; exit 1; fi; \
cp -L /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f build/linux/docker-rootless-extras/$f; \
fi \
done
vpnkit is not static, exiting...
Makefile:27: recipe for target 'static-linux' failed
make[1]: *** [static-linux] Error 1
Seeing some discussion about this in https://gitlab.alpinelinux.org/alpine/aports/-/issues/10030, which may give some pointers on how to check