Workaround for nextcloud-server #17980 / musl #10960

Per suggestions in #musl IRC, trying an approach that uses larger
buffers for directory operations, which is closer to what glibc appears
to be doing as part of readdir(). For reasons unbeknownst to the musl
team, this appears to avoid the paging behavior that causes the defect
to appear.

To implement this approach, a custom build of the musl standard C
library is required. The build happens in a separate build step so that
the final image does not need to contain build tools or the musl source
code.

docker/backend-nextcloud-fpm/Dockerfile

@@ -4,10 +4,58 @@
 #
 # NOTE: All COPY paths are relative to the parent folder (../docker).
 #
+# This is a multi-stage build.
+#
 # @author Guy Elsmore-Paddock (guy@inveniem.com)
 # @copyright Copyright (c) 2019, Inveniem
 # @license GNU AGPL version 3 or any later version
 #
+
+################################################################################
+# musl Library Build
+################################################################################
+# Patch Alpine musl to work around this issue:
+# https://gitlab.alpinelinux.org/alpine/aports/issues/10960
+#
+FROM alpine:3.10 as musl_compile
+
+RUN set -eux;\
+    apk add --update \
+        make \
+        gcc \
+        musl-dev \
+        curl \
+        gnupg\
+    ; \
+    mkdir /build; \
+    cd /build; \
+    \
+    for key in \
+        836489290BB6B70F99FFDA0556BCDB593020450F \
+    ; do \
+        gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
+        gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
+        gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
+    done; \
+    \
+    curl -O https://www.musl-libc.org/releases/musl-1.1.24.tar.gz; \
+    curl -O https://www.musl-libc.org/releases/musl-1.1.24.tar.gz.asc; \
+    \
+    gpg --batch --verify musl-1.1.24.tar.gz.asc musl-1.1.24.tar.gz; \
+    \
+    tar -xvzf musl-1.1.24.tar.gz; \
+    cd ./musl-1.1.24; \
+    sed -i 's/char buf\[2048\]/char buf\[8192\]/' ./src/dirent/__dirent.h; \
+    \
+    ./configure; \
+    make; \
+    make install
+
+################################################################################
+# Build Nextcloud container
+################################################################################
+# This is the container that actually gets pushed.
+#
 FROM nextcloud:16.0.6-fpm-alpine
 
 ENV NEXTCLOUD_CONFIG_READ_ONLY "false"
@@ -53,6 +101,9 @@ COPY nextcloud-common/config/* /usr/src/nextcloud/config/
 # Supply all custom apps via Docker image; app store is disabled
 COPY nextcloud-common/custom_apps/. /usr/src/nextcloud/custom_apps/
 
+# Apply custom musl library
+COPY --from="musl_compile" /usr/local/musl/lib/libc.so /lib/ld-musl-x86_64.so.1
+
 # Apply custom patches
 COPY nextcloud-common/apply_patches.sh /
 COPY nextcloud-common/bundled-patches/ /usr/src/nextcloud/bundled-patches

docker/nextcloud-common/bundled-patches/.keep

@@ -0,0 +1,2 @@
+# This folder should contain any patches that the local administrator would
+# like to apply to Nextcloud during the container build process.