Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix RPMs using a too-new version of glibc #11008

Merged
merged 3 commits into from
Mar 10, 2022
Merged

Fix RPMs using a too-new version of glibc #11008

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ca4fab7
Fixed RPMs using artifacts compiled against a too-new version of glibc
fheinecke Mar 9, 2022
1522447
Reverted makefile version to base
fheinecke Mar 9, 2022
168f8e6
Merge branch 'branch/v9' into fred/rpm-centos7-fix
r0mant Mar 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 31 additions & 31 deletions .drone.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1053,7 +1053,7 @@ steps:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -1195,7 +1195,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -1336,7 +1336,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -1475,7 +1475,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -1614,12 +1614,12 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
type: kubernetes
name: build-linux-amd64-rpm
name: build-linux-amd64-centos7-rpm
trigger:
event:
include:
Expand All @@ -1635,7 +1635,7 @@ workspace:
clone:
disable: true
depends_on:
- build-linux-amd64
- build-linux-amd64-centos7
steps:
- name: Check out code
image: docker:git
Expand Down Expand Up @@ -1669,9 +1669,9 @@ steps:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
Expand All @@ -1684,7 +1684,7 @@ steps:
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache bash curl gzip make tar go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
Expand Down Expand Up @@ -1780,12 +1780,12 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
type: kubernetes
name: build-linux-amd64-fips-rpm
name: build-linux-amd64-centos7-fips-rpm
trigger:
event:
include:
Expand All @@ -1801,7 +1801,7 @@ workspace:
clone:
disable: true
depends_on:
- build-linux-amd64-fips
- build-linux-amd64-centos7-fips
steps:
- name: Check out code
image: docker:git
Expand Down Expand Up @@ -1835,7 +1835,7 @@ steps:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
Expand All @@ -1848,7 +1848,7 @@ steps:
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache bash curl gzip make tar go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
Expand Down Expand Up @@ -1943,7 +1943,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -2095,7 +2095,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -2244,7 +2244,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -2383,7 +2383,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -2453,7 +2453,7 @@ steps:
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache bash curl gzip make tar go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
Expand Down Expand Up @@ -2549,7 +2549,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -3227,7 +3227,7 @@ steps:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -3366,7 +3366,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -3505,7 +3505,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -3657,7 +3657,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -3809,7 +3809,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -3879,7 +3879,7 @@ steps:
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache bash curl gzip make tar go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
Expand Down Expand Up @@ -3975,7 +3975,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:410
# Generated at dronegen/tag.go:431
################################################

kind: pipeline
Expand Down Expand Up @@ -4045,7 +4045,7 @@ steps:
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- apk add --no-cache bash curl gzip make tar go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
Expand Down Expand Up @@ -4141,7 +4141,7 @@ volumes:
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:225
# Generated at dronegen/tag.go:230
################################################

kind: pipeline
Expand Down Expand Up @@ -5084,6 +5084,6 @@ volumes:
name: drone-s3-debrepo-pvc
---
kind: signature
hmac: 50bcc305de81551bda8426a4c9c92ef50a08fea24dbd7f6b616197647d18269e
hmac: 1dd41a2efd6b7983f62a49578cdcf4eb9058d4319e333f9f958e80e7f8a91877

...
7 changes: 6 additions & 1 deletion build.assets/build-package.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,9 +192,14 @@ elif [[ "${ARCH}" == "arm64" ]]; then
TEXT_ARCH="ARMv8/ARM64"
fi

# amd64 RPMs should use CentOS 7 compatible artifacts
if [[ "${PACKAGE_TYPE}" == "rpm" && "${ARCH}" == "x86_64" ]]; then
OPTIONAL_RUNTIME_SECTION+="-centos7"
fi

# set optional runtime section for filename
if [[ "${RUNTIME}" == "fips" ]]; then
OPTIONAL_RUNTIME_SECTION="-fips"
OPTIONAL_RUNTIME_SECTION+="-fips"
fi

# set variables appropriately depending on type of package being built
Expand Down
25 changes: 23 additions & 2 deletions dronegen/tag.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package main

import (
"fmt"
"strings"
)

const (
Expand Down Expand Up @@ -175,7 +176,11 @@ func tagPipelines() []pipeline {

// RPM/DEB package builds
for _, packageType := range []string{rpmPackage, debPackage} {
ps = append(ps, tagPackagePipeline(packageType, buildType{os: "linux", arch: arch, fips: fips}))
bt := buildType{os: "linux", arch: arch, fips: fips}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
bt := buildType{os: "linux", arch: arch, fips: fips}
bt := buildType{os: "linux", arch: arch, fips: fips, centos7: packageType == "rpm"}
  1. You can inline this without the need for a conditional.
  2. Do we need to check arch? If package type is RPM I think it's safe to assume we should use the CentOS builds.

if packageType == "rpm" && arch == "amd64" {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a comment here explaining why we're doing this. Similar to the one in build-package.sh.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I add one here or at #R291 ? This simply sets the field value (which could be used anywhere) while R291-R295 does something with it.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think here is appropriate since we want to explain why we're setting the centos7 flag when building x8664 rpms.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Come to think of it I don't know that we should be checking the architecture here. The original fix only covered amd64, but I don't see any reason why the issue wouldn't affect i386 and ARM as well. That being said, I don't have an easy way to test this. Do you have any thoughts here?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. I imagine those are less commonly used than amd64 but we'd probably fix them too. Let's do amd64 first so we can fix the most common use case and then follow up with ARM/32-bit (don't know if anyone's actually using it TBH). Can you use AWS account to spin up proper CentOS 7 boxes for testing? They should have ARM boxes.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, looking at our downloads page, it doesn't look like we actually provide CentOS 7 compatible ARM binaries at all currently.

Copy link
Contributor Author

@fheinecke fheinecke Mar 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can test 64 bit ARM on AWS pretty easily, but as far as I am aware there are not any 32 bit CentOS 7 or RHEL AMIs available on AWS. This makes it non-trivial to test for 32 bit issues. That being said, if the issue persists with 64 bit ARM it probably affects i386 and ARMv7 as well.

bt.centos7 = true
}
ps = append(ps, tagPackagePipeline(packageType, bt))
}
}
}
Expand Down Expand Up @@ -283,6 +288,11 @@ func tagDownloadArtifactCommands(b buildType) []string {
}
artifactOSS := true
artifactType := fmt.Sprintf("%s-%s", b.os, b.arch)

if b.centos7 {
artifactType += "-centos7"
}

if b.fips {
artifactType += "-fips"
artifactOSS = false
Expand Down Expand Up @@ -362,8 +372,19 @@ func tagPackagePipeline(packageType string, b buildType) pipeline {
}

dependentPipeline := fmt.Sprintf("build-%s-%s", b.os, b.arch)

if b.centos7 {
dependentPipeline += "-centos7"
}

apkPackages := []string{"bash", "curl", "gzip", "make", "tar"}
if packageType == rpmPackage {
// Required by `make rpm`
apkPackages = append(apkPackages, "go")
}

packageBuildCommands := []string{
`apk add --no-cache bash curl gzip make tar`,
fmt.Sprintf("apk add --no-cache %s", strings.Join(apkPackages, " ")),
`cd /go/src/github.com/gravitational/teleport`,
`export VERSION=$(cat /go/.version.txt)`,
}
Expand Down