fix(docker): Work around archaic host kernels on Docker Hub

theleagueof · Apr 17, 2021 · f3cf345 · f3cf345
1 parent 4a5f1ad
commit f3cf345
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,12 @@
+#syntax=docker/dockerfile:1.2
+
 ARG ARCHTAG
 
 FROM docker.io/library/archlinux:base-$ARCHTAG AS base
 
+# Monkey patch glibc to avoid issues with old kernels on hosts
+RUN --mount=type=bind,target=/mp,source=build-aux/docker-glibc-workaround.sh /mp
+
 # Setup Caleb’s hosted Arch repository with prebuilt dependencies
 RUN pacman-key --init && pacman-key --populate
 RUN sed -i  /etc/pacman.conf -e \

diff --git a/Makefile.am b/Makefile.am
@@ -11,7 +11,7 @@ dist_doc_DATA = README.md CHANGELOG.md
 dist_man_MANS = $(_fontship).1
 dist_license_DATA = LICENSE
 nobase_dist_data_DATA = rules/fontship.mk rules/rules.mk rules/functions.mk rules/glyphs.mk rules/sfd.mk rules/ufo.mk
-EXTRA_DIST = .version build-aux/cargo-updater.js build-aux/git-version-gen requirements.txt
+EXTRA_DIST = .version build-aux/cargo-updater.js build-aux/git-version-gen build-aux/docker-glibc-workaround.sh requirements.txt
 EXTRA_DIST += Dockerfile build-aux/bootstrap-docker.sh hooks/build
 
 bin_PROGRAMS = fontship

diff --git a/build-aux/docker-glibc-workaround.sh b/build-aux/docker-glibc-workaround.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env sh
+set -e
+
+# Temporary workaround for glibc 2.33 having new syscalls that are not
+# whitelisted yet in some older Docker host environments including the engines
+# on GitHub Actions and Docker Hub.
+#
+# Arch Linux bug report:
+# https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/56
+#
+# Upstream GitHub issue (also affects Docker Hub):
+# /~https://github.com/actions/virtual-environments/issues/2658
+#
+# Dockerfile workaround thanks to:
+# /~https://github.com/lxqt/lxqt-panel/pull/1562
+#
+# Patched glibc sources here:
+# /~https://github.com/archlinuxcn/repo/tree/master/archlinuxcn/glibc-linux4
+
+cd /tmp
+
+pkgfile='glibc-linux4-2.33-4-x86_64.pkg.tar.zst'
+sha256sum='a89f4d23ae7cde78b4258deec4fcda975ab53c8cda8b5e0a0735255c0cdc05cc'
+
+check_checksum () {
+    echo "$sha256sum $pkgfile" | sha256sum -c
+}
+
+check_checksum ||
+    curl -LO "https://repo.archlinuxcn.org/x86_64/$pkgfile" &&
+    check_checksum
+
+bsdtar -C / -xvf "$pkgfile" 2>/dev/null
+
+sed -e '/^HoldPkg/s/^/#/' -i /etc/pacman.conf
+
+pacman --noconfirm --dbonly -Rdd glibc
+pacman --noconfirm --overwrite '*' -Udd "$pkgfile"
+
+sed -e '/^#\?IgnorePkg/{s/^#//;s/$/ glibc/}' -i /etc/pacman.conf
+
+rm "$pkgfile"