AceHack
commented
4 years ago If this is not the right place, please tell me where to ask. Thanks.
Closed AceHack closed 4 years ago
AceHack
commented
4 years ago If this is not the right place, please tell me where to ask. Thanks.
sgerrand
commented
4 years ago Hi there. Thanks for posting this issue. It duplicates #127.
sgerrand
commented
4 years ago Should you wish to keep this issue open, I will need you to post either the Dockerfile or commands that you're using to install this package. Posting information on a separate package without the relevant information on how you've installed glibc didn't give me enough information to investigate this issue and help you resolve your problem.
AceHack
commented
4 years ago This is the docker image https://github.com/AdoptOpenJDK/openjdk-docker/blob/master/11/jre/alpine/Dockerfile.hotspot.releases.full
Any help will be greatly appreciated. Thanks.
AceHack
commented
4 years ago I'm just trying to find the correct place to post this CVE issue. Thanks.
sgerrand
commented
4 years ago Thanks for the additional information, that will enable me to build an image and debug the cause of this issue. Unfortunately I won't be able to do so until I'm back in front of a computer next week.
In the interim, it would be useful if you can build an image from theDockerfile you referenced and run apk info libgcc and/or apk info gcc to see what the versions of these packages are. They've evidently come in as transient dependencies of another package.
sgerrand
commented
4 years ago I've tried to build the Dockerfile.hotspot.releases.full file you provided and it fails (see below). Do you have a known good commit from that repository which I can use? I noted that images aren't being built automatically for Alpine Linux, only Debian Linux and Windows are.
[~/src/github.com/AdoptOpenJDK/openjdk-docker/11/jre/alpine] (master) #
docker build . -f Dockerfile.hotspot.releases.full -t test
Sending build context to Docker daemon 25.6kB
Step 1/6 : FROM alpine:3.12
---> a24bb4013296
Step 2/6 : ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
---> Running in 10a22141c7ec
Removing intermediate container 10a22141c7ec
---> 2102c847d80b
Step 3/6 : RUN apk add --no-cache --virtual tzdata .build-deps curl binutils zstd && GLIBC_VER="2.31-r0" && ALPINE_GLIBC_REPO="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && GCC_LIBS_URL="https://archive.archlinux.org/packages/g/gcc-libs/gcc-libs-10.1.0-2-x86_64.pkg.tar.zst" && GCC_LIBS_SHA256="f80320a03ff73e82271064e4f684cd58d7dbdb07aa06a2c4eea8e0f3c507c45c" && ZLIB_URL="https://archive.archlinux.org/packages/z/zlib/zlib-1%3A1.2.11-3-x86_64.pkg.tar.xz" && ZLIB_SHA256=17aede0b9f8baa789c5aa3f358fbf8c68a5f1228c5e6cba1a5dd34102ef4d4e5 && curl -LfsS https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub && SGERRAND_RSA_SHA256="823b54589c93b02497f1ba4dc622eaef9c813e6b0f0ebbb2f771e32adf9f4ef2" && echo "${SGERRAND_RSA_SHA256} */etc/apk/keys/sgerrand.rsa.pub" | sha256sum -c - && curl -LfsS ${ALPINE_GLIBC_REPO}/${GLIBC_VER}/glibc-${GLIBC_VER}.apk > /tmp/glibc-${GLIBC_VER}.apk && apk add --no-cache /tmp/glibc-${GLIBC_VER}.apk && curl -LfsS ${ALPINE_GLIBC_REPO}/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk > /tmp/glibc-bin-${GLIBC_VER}.apk && apk add --no-cache /tmp/glibc-bin-${GLIBC_VER}.apk && curl -Ls ${ALPINE_GLIBC_REPO}/${GLIBC_VER}/glibc-i18n-${GLIBC_VER}.apk > /tmp/glibc-i18n-${GLIBC_VER}.apk && apk add --no-cache /tmp/glibc-i18n-${GLIBC_VER}.apk && /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && echo "export LANG=$LANG" > /etc/profile.d/locale.sh && curl -LfsS ${GCC_LIBS_URL} -o /tmp/gcc-libs.tar.zst && echo "${GCC_LIBS_SHA256} */tmp/gcc-libs.tar.zst" | sha256sum -c - && mkdir /tmp/gcc && zstd -d /tmp/gcc-libs.tar.zst --output-dir-flat /tmp && tar -xf /tmp/gcc-libs.tar -C /tmp/gcc && mv /tmp/gcc/usr/lib/libgcc* /tmp/gcc/usr/lib/libstdc++* /usr/glibc-compat/lib && strip /usr/glibc-compat/lib/libgcc_s.so.* /usr/glibc-compat/lib/libstdc++.so* && curl -LfsS ${ZLIB_URL} -o /tmp/libz.tar.xz && echo "${ZLIB_SHA256} */tmp/libz.tar.xz" | sha256sum -c - && mkdir /tmp/libz && tar -xf /tmp/libz.tar.xz -C /tmp/libz && mv /tmp/libz/usr/lib/libz.so* /usr/glibc-compat/lib && apk del --purge .build-deps glibc-i18n && rm -rf /tmp/*.apk /tmp/gcc /tmp/gcc-libs.tar.xz /tmp/libz /tmp/libz.tar.xz /var/cache/apk/*
---> Running in 6622065ffbac
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
ERROR: unsatisfiable constraints:
.build-deps (missing):
required by: tzdata-20200803.173510[.build-deps]
/bin/sh: curl: not found
The command '/bin/sh -c apk add --no-cache --virtual tzdata .build-deps curl binutils zstd && GLIBC_VER="2.31-r0" && ALPINE_GLIBC_REPO="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && GCC_LIBS_URL="https://archive.archlinux.org/packages/g/gcc-libs/gcc-libs-10.1.0-2-x86_64.pkg.tar.zst" && GCC_LIBS_SHA256="f80320a03ff73e82271064e4f684cd58d7dbdb07aa06a2c4eea8e0f3c507c45c" && ZLIB_URL="https://archive.archlinux.org/packages/z/zlib/zlib-1%3A1.2.11-3-x86_64.pkg.tar.xz" && ZLIB_SHA256=17aede0b9f8baa789c5aa3f358fbf8c68a5f1228c5e6cba1a5dd34102ef4d4e5 && curl -LfsS https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub && SGERRAND_RSA_SHA256="823b54589c93b02497f1ba4dc622eaef9c813e6b0f0ebbb2f771e32adf9f4ef2" && echo "${SGERRAND_RSA_SHA256} */etc/apk/keys/sgerrand.rsa.pub" | sha256sum -c - && curl -LfsS ${ALPINE_GLIBC_REPO}/${GLIBC_VER}/glibc-${GLIBC_VER}.apk > /tmp/glibc-${GLIBC_VER}.apk && apk add --no-cache /tmp/glibc-${GLIBC_VER}.apk && curl -LfsS ${ALPINE_GLIBC_REPO}/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk > /tmp/glibc-bin-${GLIBC_VER}.apk && apk add --no-cache /tmp/glibc-bin-${GLIBC_VER}.apk && curl -Ls ${ALPINE_GLIBC_REPO}/${GLIBC_VER}/glibc-i18n-${GLIBC_VER}.apk > /tmp/glibc-i18n-${GLIBC_VER}.apk && apk add --no-cache /tmp/glibc-i18n-${GLIBC_VER}.apk && /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && echo "export LANG=$LANG" > /etc/profile.d/locale.sh && curl -LfsS ${GCC_LIBS_URL} -o /tmp/gcc-libs.tar.zst && echo "${GCC_LIBS_SHA256} */tmp/gcc-libs.tar.zst" | sha256sum -c - && mkdir /tmp/gcc && zstd -d /tmp/gcc-libs.tar.zst --output-dir-flat /tmp && tar -xf /tmp/gcc-libs.tar -C /tmp/gcc && mv /tmp/gcc/usr/lib/libgcc* /tmp/gcc/usr/lib/libstdc++* /usr/glibc-compat/lib && strip /usr/glibc-compat/lib/libgcc_s.so.* /usr/glibc-compat/lib/libstdc++.so* && curl -LfsS ${ZLIB_URL} -o /tmp/libz.tar.xz && echo "${ZLIB_SHA256} */tmp/libz.tar.xz" | sha256sum -c - && mkdir /tmp/libz && tar -xf /tmp/libz.tar.xz -C /tmp/libz && mv /tmp/libz/usr/lib/libz.so* /usr/glibc-compat/lib && apk del --purge .build-deps glibc-i18n && rm -rf /tmp/*.apk /tmp/gcc /tmp/gcc-libs.tar.xz /tmp/libz /tmp/libz.tar.xz /var/cache/apk/*' returned a non-zero code: 127Ah, I see that https://github.com/AdoptOpenJDK/openjdk-docker/pull/370 broke the Alpine Linux Dockerfiles but https://github.com/AdoptOpenJDK/openjdk-docker/pull/373 has subsequently fixed the script which generates those files.
sgerrand
commented
4 years ago I'm afraid that the latest version of the libgcc package available in Alpine Linux is 9.3.0-r2. I can't provide an updated version to fix your issue until it's updated.
Would you please file this bug report with the maintainers of that package via https://gitlab.alpinelinux.org/alpine/aports/-/issues.
AceHack
commented
4 years ago Yes I will, thanks so much for all your help.
Related issue https://github.com/sgerrand/alpine-pkg-glibc/issues/127