Update buildroot to 2024.02.1

[tianon]

$ docker run -it --rm --pull=always alpine:edge
edge: Pulling from library/alpine
Digest: sha256:67b8a3c4c19bbdd43de723881bc536758f5e780f8d32ef8f5ef2b72f769a3e78
Status: Image is up to date for alpine:edge
/ # apk add --no-cache --quiet curl
/ # curl --version
Error relocating /usr/lib/libcurl.so.4: SSL_get0_group_name: symbol not found

:sob:

[tianon]

There's another report of the same issue in https://github.com/libsdl-org/SDL/issues/9357#issuecomment-2018542308, which I think is probably because a bump of libssl3 was uploaded to Alpine Edge, but the things rebuilt against it don't seem to have a dependency relationship that forces it to be updated appropriately on package install, so they fail with missing symbols. :disappointed:

[tianon]

https://github.com/alpinelinux/docker-alpine/issues/383

[tianon]

I don't think the Alpine issue is necessarily a blocker here -- it will only impede the rebuild on riscv64 :thinking:

Perhaps we add a (temporary) patch to explicitly upgrade libssl3 in our build, but only on alpine:edge?

[yosifkit]

Perhaps we add a (temporary) patch to explicitly upgrade libssl3 in our build, but only on alpine:edge?

That seems fine, but is probably a full apk upgrade (or the current set of installed packages) since it seems to go deeper https://github.com/alpinelinux/docker-alpine/issues/383#issuecomment-2024027957 👀

$ docker run -it --rm alpine:edge
/ # apk upgrade libssl3
fetch https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
(1/1) Upgrading libssl3 (3.1.5-r5 -> 3.2.1-r1)
OK: 8 MiB in 14 packages
/ # apk info
Error relocating /lib/libssl.so.3: BIO_err_is_non_fatal: symbol not found
Error relocating /lib/libssl.so.3: BIO_s_dgram_mem: symbol not found
Error relocating /lib/libssl.so.3: OSSL_STACK_OF_X509_free: symbol not found
Error relocating /lib/libssl.so.3: OSSL_ERR_STATE_restore: symbol not found
Error relocating /lib/libssl.so.3: ERR_count_to_mark: symbol not found
Error relocating /lib/libssl.so.3: BIO_get_rpoll_descriptor: symbol not found
Error relocating /lib/libssl.so.3: BIO_get_wpoll_descriptor: symbol not found
Error relocating /lib/libssl.so.3: BIO_recvmmsg: symbol not found
Error relocating /lib/libssl.so.3: OSSL_ERR_STATE_save: symbol not found
Error relocating /lib/libssl.so.3: X509_STORE_CTX_init_rpk: symbol not found
Error relocating /lib/libssl.so.3: OSSL_ERR_STATE_new: symbol not found
Error relocating /lib/libssl.so.3: OSSL_ERR_STATE_free: symbol not found
Error relocating /lib/libssl.so.3: BIO_sendmmsg: symbol not found
Error relocating /lib/libssl.so.3: OSSL_ERR_STATE_save_to_mark: symbol not found

[tianon]

I think that's really just an artifact of those packages both coming from the same openssl source package, and thus needing to be upgraded at the same time for inter-binary-package consistency (something that I would've expected to be handled via explicit dependency relationships :see_no_evil:). Doing just libssl3 and libcrypto3 is sufficient. I don't think there's a way to convince apk list to give us a list of all packages from a particular source package (so we could explicitly upgrade all of them together in an automated way without going full-hog), but it's a small enough set that I feel pretty confident in only doing the two upgrades.

[tianon]

https://github.com/docker-library/busybox/pull/194

[tianon]

Do you think this is worth rebasing or should we just merge it and go ahead? I have a very high degree of confidence it will build just fine.