From f3cf345c217446f7bb7fa68b6cfb5889c8b78a46 Mon Sep 17 00:00:00 2001
From: Caleb Maclennan <caleb@alerque.com>
Date: Sat, 17 Apr 2021 10:00:46 +0300
Subject: [PATCH] fix(docker): Work around archaic host kernels on Docker Hub

---
 Dockerfile                           |  5 ++++
 Makefile.am                          |  2 +-
 build-aux/docker-glibc-workaround.sh | 42 ++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100755 build-aux/docker-glibc-workaround.sh

diff --git a/Dockerfile b/Dockerfile
index d45bb28..72944d3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,12 @@
+#syntax=docker/dockerfile:1.2
+
 ARG ARCHTAG
 
 FROM docker.io/library/archlinux:base-$ARCHTAG AS base
 
+# Monkey patch glibc to avoid issues with old kernels on hosts
+RUN --mount=type=bind,target=/mp,source=build-aux/docker-glibc-workaround.sh /mp
+
 # Setup Caleb’s hosted Arch repository with prebuilt dependencies
 RUN pacman-key --init && pacman-key --populate
 RUN sed -i  /etc/pacman.conf -e \
diff --git a/Makefile.am b/Makefile.am
index b62d59c..41f0d2f 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -11,7 +11,7 @@ dist_doc_DATA = README.md CHANGELOG.md
 dist_man_MANS = $(_fontship).1
 dist_license_DATA = LICENSE
 nobase_dist_data_DATA = rules/fontship.mk rules/rules.mk rules/functions.mk rules/glyphs.mk rules/sfd.mk rules/ufo.mk
-EXTRA_DIST = .version build-aux/cargo-updater.js build-aux/git-version-gen requirements.txt
+EXTRA_DIST = .version build-aux/cargo-updater.js build-aux/git-version-gen build-aux/docker-glibc-workaround.sh requirements.txt
 EXTRA_DIST += Dockerfile build-aux/bootstrap-docker.sh hooks/build
 
 bin_PROGRAMS = fontship
diff --git a/build-aux/docker-glibc-workaround.sh b/build-aux/docker-glibc-workaround.sh
new file mode 100755
index 0000000..b44a9e0
--- /dev/null
+++ b/build-aux/docker-glibc-workaround.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env sh
+set -e
+
+# Temporary workaround for glibc 2.33 having new syscalls that are not
+# whitelisted yet in some older Docker host environments including the engines
+# on GitHub Actions and Docker Hub.
+#
+# Arch Linux bug report:
+# https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/56
+#
+# Upstream GitHub issue (also affects Docker Hub):
+# /~https://github.com/actions/virtual-environments/issues/2658
+#
+# Dockerfile workaround thanks to:
+# /~https://github.com/lxqt/lxqt-panel/pull/1562
+#
+# Patched glibc sources here:
+# /~https://github.com/archlinuxcn/repo/tree/master/archlinuxcn/glibc-linux4
+
+cd /tmp
+
+pkgfile='glibc-linux4-2.33-4-x86_64.pkg.tar.zst'
+sha256sum='a89f4d23ae7cde78b4258deec4fcda975ab53c8cda8b5e0a0735255c0cdc05cc'
+
+check_checksum () {
+    echo "$sha256sum $pkgfile" | sha256sum -c
+}
+
+check_checksum ||
+    curl -LO "https://repo.archlinuxcn.org/x86_64/$pkgfile" &&
+    check_checksum
+
+bsdtar -C / -xvf "$pkgfile" 2>/dev/null
+
+sed -e '/^HoldPkg/s/^/#/' -i /etc/pacman.conf
+
+pacman --noconfirm --dbonly -Rdd glibc
+pacman --noconfirm --overwrite '*' -Udd "$pkgfile"
+
+sed -e '/^#\?IgnorePkg/{s/^#//;s/$/ glibc/}' -i /etc/pacman.conf
+
+rm "$pkgfile"