update glibc to 2.34 #1763
Merged
update glibc to 2.34 #1763
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Otherwise, when the host and target architectures are the same, the codegen programs will be linked with target libraries like glibc, and could fail to execute because of missing symbols. Signed-off-by: Ben Cressey <bcressey@amazon.com>
etungsten
previously approved these changes
Sep 29, 2021
|
vmware builds are failing due to |
|
Back to draft to fix |
tjkirch
reviewed
Sep 29, 2021
In 2.34, many of the separate libraries like `pthread` are integrated in the main library, and shared objects are no longer installed with versioned file names. Update the packaged file lists to reflect these changes. Add patches from the upstream branch for the 2.34 release, to pick up additional fixes, such as the fix for CVE-2021-38604. Sync the C.UTF-8 locale patch with recent changes from Fedora. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Signed-off-by: Ben Cressey <bcressey@amazon.com>
Setting "needs_exe_wrapper" without defining a wrapper binary causes meson to skip execution. Otherwise, when the build and target architectures match, meson may decide that cross-compiled binaries can be executed. That may not be true, for example if the target's glibc version is more recent. Signed-off-by: Ben Cressey <bcressey@amazon.com>
tjkirch
approved these changes
Sep 30, 2021
Includes a fix for calling the `close_range()` function, which was added in glibc 2.34. glib2 still depends on the original PCRE library, rather than PCRE2 which we package as "libpcre". Older versions of glib2 included pcre sources directly in the tree; newer versions use a meson subproject and wrap to vendor the dependency. meson is blocked from downloading sources, so we now include the pcre archive and build overlay as external files. This package is expected to remain the only consumer of PCRE in the distro. Signed-off-by: Ben Cressey <bcressey@amazon.com>
bcressey
force-pushed
the
glibc-update
branch
from
8b8eec4 to
8fffc5a
Compare
etungsten
approved these changes
Sep 30, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue number:
Fixes #1717
Fixes #1675
Description of changes:
Update glibc to 2.34. Change the patching strategy to include patches added to the maintenance branch after the official 2.34 release, which aligns with Fedora's current approach.
Fix a cross-compilation bug for kubelet that caused us to link with target libraries for host programs when the architectures were the same. This was exposed by missing glibc symbols following the update, but was a latent regression from when we switched to the new upstream method of specifying the toolchain in #1612. It does not apply to older builds of kubelet, which used a local patch instead.
Add the upstream patch for chrony's seccomp filter so it runs with the newer glibc.
Update glib2 to 2.70.0, which includes a fix for the newer glibc. Tweak the cross-compiling file for meson to avoid attempts to execute target files, which failed because of missing glibc symbols.
Testing done:
Verified that
chronydstarts running and stays up for multiple days on both architectures. Using the developer image, confirmed thatchronyccan issue commands like "dump" without causing a seccomp violation.Tested
aws-k8s-1.21for both architectures and verified thatsonobuoypassed. Confirmed that tasks could run on anaws-ecs-1build.Tested
vmware-k8s-1.21with a cluster created by EKS Anywhere. Verified thatsonobuoypassed.Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.