docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon docker-library

Images to make use of statically linked binaries to remove need for libc6-compat

Open chadlwilson opened this issue 3 years ago • 3 comments

Please excuse my ignorance here if this is the wrong place to raise this, but thought it might be useful to have a placeholder folks could follow. Not sure if something can be done in this repo right now, or we would still be waiting on another part of the docker ecosystem.

Background

  • Last year in https://github.com/docker-library/docker/pull/323 libc6-compat was added into the Alpine images to address an issue with ctr not being fully statically linked as noted in https://github.com/containerd/containerd/issues/5824
  • Since then this addition of libc6-compat has migrated a few places: https://github.com/docker-library/docker/search?q=libc6-compat e.g https://github.com/docker-library/docker/blob/04ae082ff40c8d4be2d20f87041e9c71447f7af4/Dockerfile-cli.template#L4-L7
  • since the libc6-compat library can conflict with alternatives folks might want to use (e.g gcompat or... gasp.... alpine glibc 🙈) it can cause child images to have to apk del --purge libc6-compat so seems would be better without it if it can be avoided

Current State (Sep 2022)

  • In containerd 1.6.7 a fix was backported to allow building static binaries simpler via
    • https://github.com/containerd/containerd/pull/7022
    • https://github.com/containerd/containerd/pull/7045
  • Docker 20.10.18 includes containerd 1.6.8 but not sure if the Alpine builds are all fully static just yet
  • docker-proxy fixed to be static in https://github.com/moby/moby/pull/43621
  • A mega pull was at https://github.com/moby/moby/pull/43492 but the ctr bits had problems so look like not merged.
  • Fixing static build of ctr may be waiting on https://github.com/moby/moby/pull/43529 or similar.

chadlwilson avatar Sep 19 '22 07:09 chadlwilson

Agreed, it would be great to remove this dependency -- at the very least, we could move it to the dind images now that the CLI and Docker-in-Docker are separated (#369).

I just did some testing on the ctr builds we currently consume both in 20.10 and 22.06-rc and they do still exhibit the issue, so short of building ctr from source ourselves in the image (which I don't plan to do at this layer), we are a bit at the mercy of the upstream builds. :disappointed:

tianon avatar Sep 19 '22 17:09 tianon

at the very least, we could move it to the dind images now that the CLI and Docker-in-Docker are separated (https://github.com/docker-library/docker/pull/369)

Hmm, although there's a decent argument to be made for ctr existing in the CLI images, especially with https://github.com/moby/moby/labels/containerd-integration well-underway. :thinking:

tianon avatar Sep 19 '22 17:09 tianon

Thanks for replying and giving it a test - tried to do this myself in this repo, but got lost in the scripting here :-) Let's see how things go upstream; hopefully we have the right issues opened/pull requests underway to make this happen at some point.

chadlwilson avatar Sep 20 '22 01:09 chadlwilson

Am I right in thinking after https://github.com/moby/moby/pull/44659 that ctr should be static in 23.x?

chadlwilson avatar Mar 12 '23 17:03 chadlwilson

Yeah! Just tested and 20.10 is still affected, but 23.0 looks fine! Will be sending a PR shortly. :muscle:

tianon avatar Mar 13 '23 19:03 tianon

Thanks, very nice! 🥳

Happy to close this unless we think there's a realistic chance of the underlying improvements getting back-ported to 20.10?

chadlwilson avatar Mar 15 '23 05:03 chadlwilson

Yeah, I guess that's a fair point; the chances of backporting the fixes are indeed low. :+1:

tianon avatar Mar 15 '23 21:03 tianon