Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[master] static-linux: verify that binaries are static #430

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[master] static-linux: verify that binaries are static #430

wants to merge 1 commit into from
+3 −0

Conversation

thaJeztah
Copy link
Member

No description provided.

@thaJeztah thaJeztah force-pushed the verify_static_builds branch 2 times, most recently from f27573c to a4c2ca2 Compare February 6, 2020 17:41
@thaJeztah
Copy link
Member Author

Wondering if this is expected;

vpnkit is not static, exiting...
Makefile:27: recipe for target 'static-linux' failed

@thaJeztah
Copy link
Member Author

@djs55 checked this, and it looks indeed that vpnkit is not fully statically linked;

Sending build context to Docker daemon  2.048kB
Step 1/3 : FROM docker.io/djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e as vpnkit
sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e: Pulling from djs55/vpnkit
bad55c542dc9: Pull complete 
Digest: sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e
Status: Downloaded newer image for djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e
 ---> e49efe6f0050
Step 2/3 : FROM alpine
 ---> e7d92cdc71fe
Step 3/3 : COPY --from=vpnkit  /vpnkit /vpnkit
 ---> 84168be1ef92
Successfully built 84168be1ef92
Successfully tagged test:latest
Dave-MBP:foo djs$ docker run -it test sh
/ # ldd /vpnkit 
	/lib/ld-musl-x86_64.so.1 (0x7fce03122000)

@thaJeztah thaJeztah mentioned this pull request Feb 6, 2020
Open
@thaJeztah
Copy link
Member Author

opened moby/vpnkit#499

/cc @AkihiroSuda @tiborvass FYI

@AkihiroSuda
Copy link
Contributor 

$ docker create --name foo djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e dummy
0c8bc7c8ded069648f49584cac731dad764ba6e6bb7f2567d64b592e1e94e27e
$ docker cp foo:/vpnkit .
$ sha256sum vpnkit 
7c4c49f22231bb156ed5b22f3dafa78e5857e2d7181d1ef2229fe704ec4f3266  vpnkit
$ ldd vpnkit 
        statically linked

@thaJeztah
Copy link
Member Author

That's weird; how can @djs55 get a different result than you? 🤔

@AkihiroSuda
Copy link
Contributor

So, alpine ldd says it is dynamic, ubuntu ldd says static 🤷‍♂

@AkihiroSuda
Copy link
Contributor

I'm not familiar with ELF stuff, but $ docker run --rm djs55/vpnkit@sha256:e508a17cfacc8fd39261d5b4e397df2b953690da577e2c987a47630cd0c42f8e /vpnkit --help doesn't show any error about musl. So it seems actually static.

@thaJeztah
Copy link
Member Author

Right, so looks like it's not an actual problem (for reference; I was backporting some checks that I found in our private packaging repositories)

But I'm curious now! LOL

@thaJeztah thaJeztah changed the title static-linux: verify that binaries are static [master] static-linux: verify that binaries are static May 1, 2020
@thaJeztah
Copy link
Member Author

For a minute I thought this was fixed, but looks like because we may need #510 so that failures actually make the build fail - currently the failure is unhandled;

make[2]: Leaving directory '/home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker'
mkdir -p build/linux/docker
cp /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/cli/build/docker build/linux/docker/
for f in dockerd containerd ctr containerd-shim containerd-shim-runc-v2 docker-init docker-proxy runc; do \
	if ldd >/dev/null 2>/dev/null /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f; then echo "$f is not static, exiting..."; exit 1; fi; \
	cp -L /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f build/linux/docker/$f; \
done
tar -C build/linux -c -z -f build/linux/docker-0.0.0-20210311145359-d3c36a2.tgz docker
# extra binaries for running rootless
mkdir -p build/linux/docker-rootless-extras
for f in rootlesskit rootlesskit-docker-proxy dockerd-rootless.sh dockerd-rootless-setuptool.sh vpnkit; do \
	if [ -f /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f ]; then \
  		if ldd >/dev/null 2>/dev/null /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f; then echo "$f is not static, exiting..."; exit 1; fi; \
		cp -L /home/ubuntu/workspace/docker-ce-packaging_PR-430/src/github.com/docker/docker/bundles/binary-daemon/$f build/linux/docker-rootless-extras/$f; \
	fi \
done
vpnkit is not static, exiting...
Makefile:27: recipe for target 'static-linux' failed
make[1]: *** [static-linux] Error 1

@thaJeztah
Copy link
Member Author

Seeing some discussion about this in https://gitlab.alpinelinux.org/alpine/aports/-/issues/10030, which may give some pointers on how to check

This was referenced Mar 26, 2022
Merged
Draft
@thaJeztah
static-linux: verify that binaries are static
9a11954 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thaJeztah @AkihiroSuda