From 3a53b3348dfb0b7c31448ac6104215bb9338eab8 Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 14 Aug 2025 10:44:24 +0100 Subject: [PATCH 1/7] Add GCC 12.5 for Bullseye --- .github/workflows/debian.yml | 32 +++++ docker/debian/Dockerfile.gcc-12-bullseye | 156 +++++++++++++++++++++++ docker/debian/README.md | 24 ++++ 3 files changed, 212 insertions(+) create mode 100644 docker/debian/Dockerfile.gcc-12-bullseye diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 6d5cb3e..1bc6ec9 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -92,6 +92,38 @@ jobs: echo "CONTAINER_IMAGE=${CONTAINER_REGISTRY}/${CONTAINER_REPO}/debian-${{ matrix.os.release }}" >> $GITHUB_ENV PLATFORM=${{ matrix.architecture.platform }} echo "PLATFORM_PAIR=${PLATFORM//\//-}" >> $GITHUB_ENV + - name: Prepare gcc image metadata + if: ${{ matrix.os.release == 'bullseye' }} + id: meta-gcc + uses: docker/metadata-action@v5 + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,manifest-descriptor + with: + # NOTE, tag and image must match base of docker/debian/Dockerfile + images: gcc + tags: | + type=raw,value=${{ matrix.os.compiler_version }}-${{ matrix.os.release }} + labels: | + org.opencontainers.image.authors=For inquiries, please use https://${{ github.repository }}/issues + org.opencontainers.image.documentation=https://${{ github.repository }} + org.opencontainers.image.vendor=XRPLF + org.opencontainers.image.title=${{ env.CONTAINER_REPOSITORY }}-gcc + - name: Build gcc image do not push + if: ${{ matrix.os.release == 'bullseye' }} + uses: docker/build-push-action@v6 + with: + build-args: | + BUILDKIT_DOCKERFILE_CHECK=skip=InvalidDefaultArgInFrom + BUILDKIT_INLINE_CACHE=1 + context: . + file: docker/debian/Dockerfile.gcc-${{ matrix.os.compiler_version }}-${{ matrix.os.release }} + outputs: type=image,name=gcc,push=false + platforms: ${{ matrix.architecture.platform }} + provenance: mode=max + push: false + sbom: true + labels: ${{ steps.meta-gcc.outputs.labels }} + tags: ${{ steps.meta-gcc.outputs.tags }} - name: Prepare container metadata id: meta uses: docker/metadata-action@v5 diff --git a/docker/debian/Dockerfile.gcc-12-bullseye b/docker/debian/Dockerfile.gcc-12-bullseye new file mode 100644 index 0000000..d76ca73 --- /dev/null +++ b/docker/debian/Dockerfile.gcc-12-bullseye @@ -0,0 +1,156 @@ +FROM buildpack-deps:bullseye + +## NOTE: EVERYTHING BELOW THIS COMMENT IS FROM +## https://github.com/docker-library/gcc/blob/7070981b23d22d3ca790f87bff26f13f3614dd4c/12/Dockerfile + + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install abigail-tools so we can use abidiff later to verify that we don't break Debian packages + abigail-tools \ + ; \ + rm -rf /var/lib/apt/lists/* + +# https://gcc.gnu.org/mirrors.html +ENV GPG_KEYS \ +# 1024D/745C015A 1999-11-09 Gerald Pfeifer + B215C1633BCA0477615F1B35A5B3A004745C015A \ +# 1024D/B75C61B8 2003-04-10 Mark Mitchell + B3C42148A44E6983B3E4CC0793FA9B1AB75C61B8 \ +# 1024D/902C9419 2004-12-06 Gabriel Dos Reis + 90AA470469D3965A87A5DCB494D03953902C9419 \ +# 1024D/F71EDF1C 2000-02-13 Joseph Samuel Myers + 80F98B2E0DAB6C8281BDF541A7C8C3B2F71EDF1C \ +# 2048R/FC26A641 2005-09-13 Richard Guenther + 7F74F97C103468EE5D750B583AB00996FC26A641 \ +# 1024D/C3C45C06 2004-04-21 Jakub Jelinek + 33C235A34C46AA3FFB293709A328C3A2C3C45C06 \ +# 4096R/09B5FA62 2020-05-28 Jakub Jelinek + D3A93CAD751C2AF4F8C7AD516C35B99309B5FA62 + +# https://gcc.gnu.org/mirrors.html +ENV GCC_MIRRORS \ + https://ftpmirror.gnu.org/gcc \ + https://mirrors.kernel.org/gnu/gcc \ + https://bigsearcher.com/mirrors/gcc/releases \ + http://www.netgull.com/gcc/releases \ + https://ftpmirror.gnu.org/gcc \ +# "sourceware.org" is the canonical upstream release host (the host of "gcc.gnu.org") + https://sourceware.org/pub/gcc/releases \ +# only attempt the origin FTP as a mirror of last resort + ftp://ftp.gnu.org/gnu/gcc + +# Last Modified: 2025-07-11 +ENV GCC_VERSION 12.5.0 +# Docker EOL: 2027-01-11 + +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + flex \ + gnupg \ + ; \ + rm -r /var/lib/apt/lists/*; \ + \ + _fetch() { \ + local fetch="$1"; shift; \ + local file="$1"; shift; \ + for mirror in $GCC_MIRRORS; do \ + if curl -fL "$mirror/$fetch" -o "$file"; then \ + return 0; \ + fi; \ + done; \ + echo >&2 "error: failed to download '$fetch' from several mirrors"; \ + return 1; \ + }; \ + \ + _fetch "gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.xz.sig" 'gcc.tar.xz.sig'; \ + _fetch "gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.xz" 'gcc.tar.xz'; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + done; \ + gpg --batch --verify gcc.tar.xz.sig gcc.tar.xz; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + mkdir -p /usr/src/gcc; \ + tar -xf gcc.tar.xz -C /usr/src/gcc --strip-components=1; \ + rm gcc.tar.xz*; \ + \ + cd /usr/src/gcc; \ + \ +# "download_prerequisites" pulls down a bunch of tarballs and extracts them, +# but then leaves the tarballs themselves lying around + ./contrib/download_prerequisites; \ + { rm *.tar.* || true; }; \ + \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + for f in config.guess config.sub; do \ + wget -O "$f" "https://git.savannah.gnu.org/cgit/config.git/plain/$f?id=7d3d27baf8107b630586c962c057e22149653deb"; \ +# find any more (shallow) copies of the file we grabbed and update them too + find -mindepth 2 -name "$f" -exec cp -v "$f" '{}' ';'; \ + done; \ + \ + dir="$(mktemp -d)"; \ + cd "$dir"; \ + \ + extraConfigureArgs=''; \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ +# with-arch: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L533-573 +# with-float: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L521-523 +# with-mode: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L571 + armel) \ + extraConfigureArgs="$extraConfigureArgs --with-arch=armv5te --with-float=soft" \ + ;; \ + armhf) \ + # https://bugs.launchpad.net/ubuntu/+source/gcc-defaults/+bug/1939379/comments/2 + extraConfigureArgs="$extraConfigureArgs --with-arch=armv7-a+fp --with-float=hard --with-mode=thumb" \ + ;; \ + \ +# with-arch-32: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L670 + i386) \ + extraConfigureArgs="$extraConfigureArgs --with-arch-32=i686"; \ + ;; \ + esac; \ + \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + /usr/src/gcc/configure \ + --build="$gnuArch" \ + --disable-multilib \ + --enable-languages=c,c++,fortran,go \ + $extraConfigureArgs \ + ; \ + make -j "$(nproc)"; \ + make install-strip; \ + \ + cd ..; \ + \ + rm -rf "$dir" /usr/src/gcc; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false + +# gcc installs .so files in /usr/local/lib64 (and /usr/local/lib)... +RUN set -ex; \ +# this filename needs to sort higher than all the architecture filenames ("aarch64-...", "armeabi...", etc) + { echo '/usr/local/lib64'; echo '/usr/local/lib'; } > /etc/ld.so.conf.d/000-local-lib.conf; \ + ldconfig -v; \ + # the libc created by gcc might be too old for a newer Debian + # check that the Debian libstdc++ doesn't have newer requirements than the gcc one + deb="$(readlink -ve /usr/lib/*/libstdc++.so* | head -1)"; \ + gcc="$(readlink -ve /usr/local/lib*/libstdc++.so | head -1)"; \ +# using LD_PRELOAD to make sure "abidiff" itself doesn't fail with the exact error we're trying to test for 😂😭 + LD_PRELOAD="$deb" abidiff --no-added-syms "$deb" "$gcc" + +# ensure that alternatives are pointing to the new compiler and that old one is no longer used +RUN set -ex; \ + dpkg-divert --divert /usr/bin/gcc.orig --rename /usr/bin/gcc; \ + dpkg-divert --divert /usr/bin/g++.orig --rename /usr/bin/g++; \ + dpkg-divert --divert /usr/bin/gfortran.orig --rename /usr/bin/gfortran; \ + update-alternatives --install /usr/bin/cc cc /usr/local/bin/gcc 999 diff --git a/docker/debian/README.md b/docker/debian/README.md index 885b3d8..b100426 100644 --- a/docker/debian/README.md +++ b/docker/debian/README.md @@ -34,6 +34,30 @@ Build image for `gcc` supports packaging. In order to build an image, run the commands below from the root directory of the repository. +#### Note on old Debian releases + +This image supports variety of releases of Debian, GCC and Clang. + +The GCC binaries are sourced from [Docker "Official Image" for gcc](https://github.com/docker-library/gcc) +with an important caveat - in order to install a GCC release in older +Debian versions, we keep a local copy of `Dockerfile` from the above repository, +backported to an older Debian base image. Such dockerfiles are stored in this +directory with special file extension, e.g. `gcc-12-bullseye`. They are not altered from +the source, except for change of the base image to older Debian version. They also +show in a comment the specific `Dockerfile` they have been sourced from. + +If you want to build a Docker image for GCC and an older Debian version, you should +first build GCC using an appropriate image, giving it the _exact_ name and tag as +used by the main `Dockerfile`, e.g. `gcc:12-bullseye`. This may require significant +CPU resources and take some time (e.g. 30 minutes using 40 cores) and it's needed +to ensure that we do not use an old GCC release with known, and fixed, bugs. + +For example: + +```shell +docker buildx build . --progress plain --file docker/debian/Dockerfile.gcc-12-bullseye --tag gcc:12-bullseye +``` + #### Building the Docker image for GCC Ensure you've run the login command above to authenticate with the Docker From 735edc9daf57911706918267635e704a12d0ab2b Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 14 Aug 2025 12:29:05 +0100 Subject: [PATCH 2/7] Force use of local gcc image for base --- .github/workflows/debian.yml | 24 +++++------------------- docker/debian/Dockerfile | 3 ++- 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 1bc6ec9..9019232 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -19,6 +19,7 @@ defaults: env: CONTAINER_REGISTRY: ghcr.io BUILDKIT_PROGRESS: plain + LOCAL_GCC_IMAGE: localhost.localdomain/gcc CONAN_VERSION: 2.19.1 GCOVR_VERSION: 8.3 CMAKE_VERSION: 3.31.6 @@ -92,24 +93,9 @@ jobs: echo "CONTAINER_IMAGE=${CONTAINER_REGISTRY}/${CONTAINER_REPO}/debian-${{ matrix.os.release }}" >> $GITHUB_ENV PLATFORM=${{ matrix.architecture.platform }} echo "PLATFORM_PAIR=${PLATFORM//\//-}" >> $GITHUB_ENV - - name: Prepare gcc image metadata - if: ${{ matrix.os.release == 'bullseye' }} - id: meta-gcc - uses: docker/metadata-action@v5 - env: - DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,manifest-descriptor - with: - # NOTE, tag and image must match base of docker/debian/Dockerfile - images: gcc - tags: | - type=raw,value=${{ matrix.os.compiler_version }}-${{ matrix.os.release }} - labels: | - org.opencontainers.image.authors=For inquiries, please use https://${{ github.repository }}/issues - org.opencontainers.image.documentation=https://${{ github.repository }} - org.opencontainers.image.vendor=XRPLF - org.opencontainers.image.title=${{ env.CONTAINER_REPOSITORY }}-gcc - name: Build gcc image do not push if: ${{ matrix.os.release == 'bullseye' }} + id: build-gcc uses: docker/build-push-action@v6 with: build-args: | @@ -117,13 +103,12 @@ jobs: BUILDKIT_INLINE_CACHE=1 context: . file: docker/debian/Dockerfile.gcc-${{ matrix.os.compiler_version }}-${{ matrix.os.release }} - outputs: type=image,name=gcc,push=false + outputs: type=image,name=${{ env.LOCAL_GCC_IMAGE }},push=false platforms: ${{ matrix.architecture.platform }} provenance: mode=max push: false sbom: true - labels: ${{ steps.meta-gcc.outputs.labels }} - tags: ${{ steps.meta-gcc.outputs.tags }} + tags: ${{ format('{0}:{1}-{2}', env.LOCAL_GCC_IMAGE, matrix.os.compiler_version, matrix.os.release) }} - name: Prepare container metadata id: meta uses: docker/metadata-action@v5 @@ -152,6 +137,7 @@ jobs: GCOVR_VERSION=${{ env.GCOVR_VERSION }} CMAKE_VERSION=${{ env.CMAKE_VERSION }} DEBIAN_VERSION=${{ matrix.os.release }} + BASE_IMAGE=${{ matrix.os.release == 'bullseye' && format('{0}@{1}', env.LOCAL_GCC_IMAGE, steps.build-gcc.outputs.digest) || format('gcc:{0}-{1}', matrix.os.compiler_version, matrix.os.release) }} context: . file: docker/debian/Dockerfile outputs: type=image,name=${{ env.CONTAINER_IMAGE }},push-by-digest=true,name-canonical=true,push=true diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile index 55228a4..6ad9fe5 100644 --- a/docker/debian/Dockerfile +++ b/docker/debian/Dockerfile @@ -8,7 +8,8 @@ # image, even though it is not used for Clang. ARG DEBIAN_VERSION ARG GCC_VERSION=invalid -FROM gcc:${GCC_VERSION}-${DEBIAN_VERSION} AS gcc-src +ARG BASE_IMAGE=gcc:${GCC_VERSION}-${DEBIAN_VERSION} +FROM ${BASE_IMAGE} AS gcc-src # ====================== BASE IMAGE ====================== FROM debian:${DEBIAN_VERSION} AS base From 9d266edf102651369800fa932ab0ae37eeec7eb4 Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 14 Aug 2025 12:49:21 +0100 Subject: [PATCH 3/7] Amend README.md --- docker/debian/README.md | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/docker/debian/README.md b/docker/debian/README.md index b100426..64f36c3 100644 --- a/docker/debian/README.md +++ b/docker/debian/README.md @@ -48,14 +48,14 @@ show in a comment the specific `Dockerfile` they have been sourced from. If you want to build a Docker image for GCC and an older Debian version, you should first build GCC using an appropriate image, giving it the _exact_ name and tag as -used by the main `Dockerfile`, e.g. `gcc:12-bullseye`. This may require significant +passed later to the main `Dockerfile` as `BASE_IMAGE`. This may require significant CPU resources and take some time (e.g. 30 minutes using 40 cores) and it's needed to ensure that we do not use an old GCC release with known, and fixed, bugs. For example: ```shell -docker buildx build . --progress plain --file docker/debian/Dockerfile.gcc-12-bullseye --tag gcc:12-bullseye +docker buildx build . --progress plain --file docker/debian/Dockerfile.gcc-12-bullseye --tag localhost.localdomain/gcc:12-bullseye ``` #### Building the Docker image for GCC @@ -84,6 +84,32 @@ docker buildx build . \ --tag ${CONTAINER_REGISTRY}/${CONTAINER_IMAGE} ``` +If you have prepared a GCC image for an older Debian version, you also need +to explicitly set `BASE_IMAGE` build argument, e.g. + +```shell +DEBIAN_VERSION=bullseye +GCC_VERSION=12 +CONAN_VERSION=2.19.1 +GCOVR_VERSION=8.3 +CMAKE_VERSION=3.31.6 +BASE_IMAGE=localhost.localdomain/gcc:12-bullseye +CONTAINER_IMAGE=xrplf/ci/debian-${DEBIAN_VERSION}:gcc-${GCC_VERSION} + +docker buildx build . \ + --file docker/debian/Dockerfile \ + --target gcc \ + --build-arg BUILDKIT_DOCKERFILE_CHECK=skip=InvalidDefaultArgInFrom \ + --build-arg BUILDKIT_INLINE_CACHE=1 \ + --build-arg CONAN_VERSION=${CONAN_VERSION} \ + --build-arg DEBIAN_VERSION=${DEBIAN_VERSION} \ + --build-arg GCC_VERSION=${GCC_VERSION} \ + --build-arg GCOVR_VERSION=${GCOVR_VERSION} \ + --build-arg CMAKE_VERSION=${CMAKE_VERSION} \ + --build-arg BASE_IMAGE=${BASE_IMAGE} \ + --tag ${CONTAINER_REGISTRY}/${CONTAINER_IMAGE} +``` + #### Building the Docker image for Clang Ensure you've run the login command above to authenticate with the Docker From 055005aa34b51b7115d7708e85edbd6922266755 Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 14 Aug 2025 14:07:54 +0100 Subject: [PATCH 4/7] REVERT THIS: disable GCC build to speed up workflows --- docker/debian/Dockerfile.gcc-12-bullseye | 157 +---------------------- 1 file changed, 1 insertion(+), 156 deletions(-) diff --git a/docker/debian/Dockerfile.gcc-12-bullseye b/docker/debian/Dockerfile.gcc-12-bullseye index d76ca73..bf14252 100644 --- a/docker/debian/Dockerfile.gcc-12-bullseye +++ b/docker/debian/Dockerfile.gcc-12-bullseye @@ -1,156 +1 @@ -FROM buildpack-deps:bullseye - -## NOTE: EVERYTHING BELOW THIS COMMENT IS FROM -## https://github.com/docker-library/gcc/blob/7070981b23d22d3ca790f87bff26f13f3614dd4c/12/Dockerfile - - -RUN set -eux; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ -# install abigail-tools so we can use abidiff later to verify that we don't break Debian packages - abigail-tools \ - ; \ - rm -rf /var/lib/apt/lists/* - -# https://gcc.gnu.org/mirrors.html -ENV GPG_KEYS \ -# 1024D/745C015A 1999-11-09 Gerald Pfeifer - B215C1633BCA0477615F1B35A5B3A004745C015A \ -# 1024D/B75C61B8 2003-04-10 Mark Mitchell - B3C42148A44E6983B3E4CC0793FA9B1AB75C61B8 \ -# 1024D/902C9419 2004-12-06 Gabriel Dos Reis - 90AA470469D3965A87A5DCB494D03953902C9419 \ -# 1024D/F71EDF1C 2000-02-13 Joseph Samuel Myers - 80F98B2E0DAB6C8281BDF541A7C8C3B2F71EDF1C \ -# 2048R/FC26A641 2005-09-13 Richard Guenther - 7F74F97C103468EE5D750B583AB00996FC26A641 \ -# 1024D/C3C45C06 2004-04-21 Jakub Jelinek - 33C235A34C46AA3FFB293709A328C3A2C3C45C06 \ -# 4096R/09B5FA62 2020-05-28 Jakub Jelinek - D3A93CAD751C2AF4F8C7AD516C35B99309B5FA62 - -# https://gcc.gnu.org/mirrors.html -ENV GCC_MIRRORS \ - https://ftpmirror.gnu.org/gcc \ - https://mirrors.kernel.org/gnu/gcc \ - https://bigsearcher.com/mirrors/gcc/releases \ - http://www.netgull.com/gcc/releases \ - https://ftpmirror.gnu.org/gcc \ -# "sourceware.org" is the canonical upstream release host (the host of "gcc.gnu.org") - https://sourceware.org/pub/gcc/releases \ -# only attempt the origin FTP as a mirror of last resort - ftp://ftp.gnu.org/gnu/gcc - -# Last Modified: 2025-07-11 -ENV GCC_VERSION 12.5.0 -# Docker EOL: 2027-01-11 - -RUN set -ex; \ - \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get update; \ - apt-get install -y --no-install-recommends \ - dpkg-dev \ - flex \ - gnupg \ - ; \ - rm -r /var/lib/apt/lists/*; \ - \ - _fetch() { \ - local fetch="$1"; shift; \ - local file="$1"; shift; \ - for mirror in $GCC_MIRRORS; do \ - if curl -fL "$mirror/$fetch" -o "$file"; then \ - return 0; \ - fi; \ - done; \ - echo >&2 "error: failed to download '$fetch' from several mirrors"; \ - return 1; \ - }; \ - \ - _fetch "gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.xz.sig" 'gcc.tar.xz.sig'; \ - _fetch "gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.xz" 'gcc.tar.xz'; \ - export GNUPGHOME="$(mktemp -d)"; \ - for key in $GPG_KEYS; do \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - done; \ - gpg --batch --verify gcc.tar.xz.sig gcc.tar.xz; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME"; \ - mkdir -p /usr/src/gcc; \ - tar -xf gcc.tar.xz -C /usr/src/gcc --strip-components=1; \ - rm gcc.tar.xz*; \ - \ - cd /usr/src/gcc; \ - \ -# "download_prerequisites" pulls down a bunch of tarballs and extracts them, -# but then leaves the tarballs themselves lying around - ./contrib/download_prerequisites; \ - { rm *.tar.* || true; }; \ - \ -# explicitly update autoconf config.guess and config.sub so they support more arches/libcs - for f in config.guess config.sub; do \ - wget -O "$f" "https://git.savannah.gnu.org/cgit/config.git/plain/$f?id=7d3d27baf8107b630586c962c057e22149653deb"; \ -# find any more (shallow) copies of the file we grabbed and update them too - find -mindepth 2 -name "$f" -exec cp -v "$f" '{}' ';'; \ - done; \ - \ - dir="$(mktemp -d)"; \ - cd "$dir"; \ - \ - extraConfigureArgs=''; \ - dpkgArch="$(dpkg --print-architecture)"; \ - case "$dpkgArch" in \ -# with-arch: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L533-573 -# with-float: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L521-523 -# with-mode: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L571 - armel) \ - extraConfigureArgs="$extraConfigureArgs --with-arch=armv5te --with-float=soft" \ - ;; \ - armhf) \ - # https://bugs.launchpad.net/ubuntu/+source/gcc-defaults/+bug/1939379/comments/2 - extraConfigureArgs="$extraConfigureArgs --with-arch=armv7-a+fp --with-float=hard --with-mode=thumb" \ - ;; \ - \ -# with-arch-32: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L670 - i386) \ - extraConfigureArgs="$extraConfigureArgs --with-arch-32=i686"; \ - ;; \ - esac; \ - \ - gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ - /usr/src/gcc/configure \ - --build="$gnuArch" \ - --disable-multilib \ - --enable-languages=c,c++,fortran,go \ - $extraConfigureArgs \ - ; \ - make -j "$(nproc)"; \ - make install-strip; \ - \ - cd ..; \ - \ - rm -rf "$dir" /usr/src/gcc; \ - \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false - -# gcc installs .so files in /usr/local/lib64 (and /usr/local/lib)... -RUN set -ex; \ -# this filename needs to sort higher than all the architecture filenames ("aarch64-...", "armeabi...", etc) - { echo '/usr/local/lib64'; echo '/usr/local/lib'; } > /etc/ld.so.conf.d/000-local-lib.conf; \ - ldconfig -v; \ - # the libc created by gcc might be too old for a newer Debian - # check that the Debian libstdc++ doesn't have newer requirements than the gcc one - deb="$(readlink -ve /usr/lib/*/libstdc++.so* | head -1)"; \ - gcc="$(readlink -ve /usr/local/lib*/libstdc++.so | head -1)"; \ -# using LD_PRELOAD to make sure "abidiff" itself doesn't fail with the exact error we're trying to test for 😂😭 - LD_PRELOAD="$deb" abidiff --no-added-syms "$deb" "$gcc" - -# ensure that alternatives are pointing to the new compiler and that old one is no longer used -RUN set -ex; \ - dpkg-divert --divert /usr/bin/gcc.orig --rename /usr/bin/gcc; \ - dpkg-divert --divert /usr/bin/g++.orig --rename /usr/bin/g++; \ - dpkg-divert --divert /usr/bin/gfortran.orig --rename /usr/bin/gfortran; \ - update-alternatives --install /usr/bin/cc cc /usr/local/bin/gcc 999 +FROM gcc:12-bullseye From 61d7253e0c563bab430a9c6ec086764cdc62f4f6 Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 14 Aug 2025 14:14:00 +0100 Subject: [PATCH 5/7] Remove 'Build gcc' step --- .github/workflows/debian.yml | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 9019232..3446265 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -19,7 +19,6 @@ defaults: env: CONTAINER_REGISTRY: ghcr.io BUILDKIT_PROGRESS: plain - LOCAL_GCC_IMAGE: localhost.localdomain/gcc CONAN_VERSION: 2.19.1 GCOVR_VERSION: 8.3 CMAKE_VERSION: 3.31.6 @@ -93,22 +92,10 @@ jobs: echo "CONTAINER_IMAGE=${CONTAINER_REGISTRY}/${CONTAINER_REPO}/debian-${{ matrix.os.release }}" >> $GITHUB_ENV PLATFORM=${{ matrix.architecture.platform }} echo "PLATFORM_PAIR=${PLATFORM//\//-}" >> $GITHUB_ENV - - name: Build gcc image do not push - if: ${{ matrix.os.release == 'bullseye' }} - id: build-gcc - uses: docker/build-push-action@v6 - with: - build-args: | - BUILDKIT_DOCKERFILE_CHECK=skip=InvalidDefaultArgInFrom - BUILDKIT_INLINE_CACHE=1 - context: . - file: docker/debian/Dockerfile.gcc-${{ matrix.os.compiler_version }}-${{ matrix.os.release }} - outputs: type=image,name=${{ env.LOCAL_GCC_IMAGE }},push=false - platforms: ${{ matrix.architecture.platform }} - provenance: mode=max - push: false - sbom: true - tags: ${{ format('{0}:{1}-{2}', env.LOCAL_GCC_IMAGE, matrix.os.compiler_version, matrix.os.release) }} + if [ -n "${{ matrix.os.release == 'bullseye' && 'latch' }}" ]; then + echo "CONTAINER_REPOSITORY_GCC=${CONTAINER_REPO}/debian-gcc" >> $GITHUB_ENV + echo "CONTAINER_IMAGE_GCC=${CONTAINER_REGISTRY}/${CONTAINER_REPO}/debian-gcc" >> $GITHUB_ENV + fi - name: Prepare container metadata id: meta uses: docker/metadata-action@v5 @@ -137,7 +124,7 @@ jobs: GCOVR_VERSION=${{ env.GCOVR_VERSION }} CMAKE_VERSION=${{ env.CMAKE_VERSION }} DEBIAN_VERSION=${{ matrix.os.release }} - BASE_IMAGE=${{ matrix.os.release == 'bullseye' && format('{0}@{1}', env.LOCAL_GCC_IMAGE, steps.build-gcc.outputs.digest) || format('gcc:{0}-{1}', matrix.os.compiler_version, matrix.os.release) }} + BASE_IMAGE=${{ env.CONTAINER_IMAGE_GCC && format('{0}:{1}-{2}', env.CONTAINER_IMAGE_GCC, matrix.os.compiler_version, matrix.os.release) || format('gcc:{0}-{1}', matrix.os.compiler_version, matrix.os.release) }} context: . file: docker/debian/Dockerfile outputs: type=image,name=${{ env.CONTAINER_IMAGE }},push-by-digest=true,name-canonical=true,push=true From 3c20c33e234346df94096126a59ebd4b46a0a20c Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 14 Aug 2025 15:03:43 +0100 Subject: [PATCH 6/7] Build GCC and push, with digest only --- .github/workflows/debian.yml | 38 +++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 3446265..815e9a2 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -4,7 +4,7 @@ on: push: paths: - .github/workflows/debian.yml - - docker/debian/Dockerfile + - docker/debian/Dockerfile* - test workflow_dispatch: @@ -92,10 +92,42 @@ jobs: echo "CONTAINER_IMAGE=${CONTAINER_REGISTRY}/${CONTAINER_REPO}/debian-${{ matrix.os.release }}" >> $GITHUB_ENV PLATFORM=${{ matrix.architecture.platform }} echo "PLATFORM_PAIR=${PLATFORM//\//-}" >> $GITHUB_ENV - if [ -n "${{ matrix.os.release == 'bullseye' && 'latch' }}" ]; then + if [ "${{ matrix.os.release == 'bullseye' }}" == "true" ]; then echo "CONTAINER_REPOSITORY_GCC=${CONTAINER_REPO}/debian-gcc" >> $GITHUB_ENV echo "CONTAINER_IMAGE_GCC=${CONTAINER_REGISTRY}/${CONTAINER_REPO}/debian-gcc" >> $GITHUB_ENV fi + - name: Prepare gcc image metadata + if: ${{ env.CONTAINER_IMAGE_GCC }} + id: meta-gcc + uses: docker/metadata-action@v5 + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,manifest-descriptor + with: + images: ${{ env.CONTAINER_IMAGE_GCC }} + labels: | + org.opencontainers.image.authors=For inquiries, please use https://${{ github.repository }}/issues + org.opencontainers.image.documentation=https://${{ github.repository }} + org.opencontainers.image.vendor=XRPLF + org.opencontainers.image.title=${{ env.CONTAINER_REPOSITORY_GCC }} + - name: Build gcc image + # Note, we always push this image, otherwise steps.build will fail. + # Also, because we always push it, we intentionally do not tag it. + # TODO: Move to separate workflow or job + if: ${{ env.CONTAINER_IMAGE_GCC }} + id: build-gcc + uses: docker/build-push-action@v6 + with: + build-args: | + BUILDKIT_DOCKERFILE_CHECK=skip=InvalidDefaultArgInFrom + BUILDKIT_INLINE_CACHE=1 + context: . + file: docker/debian/Dockerfile.gcc-${{ matrix.os.compiler_version }}-${{ matrix.os.release }} + outputs: type=image,name=${{ env.CONTAINER_IMAGE_GCC }},push-by-digest=true,name-canonical=true,push=true + platforms: ${{ matrix.architecture.platform }} + provenance: mode=max + push: true + sbom: true + labels: ${{ steps.meta-gcc.outputs.labels }} - name: Prepare container metadata id: meta uses: docker/metadata-action@v5 @@ -124,7 +156,7 @@ jobs: GCOVR_VERSION=${{ env.GCOVR_VERSION }} CMAKE_VERSION=${{ env.CMAKE_VERSION }} DEBIAN_VERSION=${{ matrix.os.release }} - BASE_IMAGE=${{ env.CONTAINER_IMAGE_GCC && format('{0}:{1}-{2}', env.CONTAINER_IMAGE_GCC, matrix.os.compiler_version, matrix.os.release) || format('gcc:{0}-{1}', matrix.os.compiler_version, matrix.os.release) }} + BASE_IMAGE=${{ env.CONTAINER_IMAGE_GCC && format('{0}@{1}', env.CONTAINER_IMAGE_GCC, steps.build-gcc.outputs.digest) || format('gcc:{0}-{1}', matrix.os.compiler_version, matrix.os.release) }} context: . file: docker/debian/Dockerfile outputs: type=image,name=${{ env.CONTAINER_IMAGE }},push-by-digest=true,name-canonical=true,push=true From c8c64371c1805d9d23e4800a4ec50100583a4887 Mon Sep 17 00:00:00 2001 From: Bronek Kozicki Date: Thu, 14 Aug 2025 15:16:57 +0100 Subject: [PATCH 7/7] Revert "REVERT THIS: disable GCC build to speed up workflows" This reverts commit 055005aa34b51b7115d7708e85edbd6922266755. --- docker/debian/Dockerfile.gcc-12-bullseye | 157 ++++++++++++++++++++++- 1 file changed, 156 insertions(+), 1 deletion(-) diff --git a/docker/debian/Dockerfile.gcc-12-bullseye b/docker/debian/Dockerfile.gcc-12-bullseye index bf14252..d76ca73 100644 --- a/docker/debian/Dockerfile.gcc-12-bullseye +++ b/docker/debian/Dockerfile.gcc-12-bullseye @@ -1 +1,156 @@ -FROM gcc:12-bullseye +FROM buildpack-deps:bullseye + +## NOTE: EVERYTHING BELOW THIS COMMENT IS FROM +## https://github.com/docker-library/gcc/blob/7070981b23d22d3ca790f87bff26f13f3614dd4c/12/Dockerfile + + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ +# install abigail-tools so we can use abidiff later to verify that we don't break Debian packages + abigail-tools \ + ; \ + rm -rf /var/lib/apt/lists/* + +# https://gcc.gnu.org/mirrors.html +ENV GPG_KEYS \ +# 1024D/745C015A 1999-11-09 Gerald Pfeifer + B215C1633BCA0477615F1B35A5B3A004745C015A \ +# 1024D/B75C61B8 2003-04-10 Mark Mitchell + B3C42148A44E6983B3E4CC0793FA9B1AB75C61B8 \ +# 1024D/902C9419 2004-12-06 Gabriel Dos Reis + 90AA470469D3965A87A5DCB494D03953902C9419 \ +# 1024D/F71EDF1C 2000-02-13 Joseph Samuel Myers + 80F98B2E0DAB6C8281BDF541A7C8C3B2F71EDF1C \ +# 2048R/FC26A641 2005-09-13 Richard Guenther + 7F74F97C103468EE5D750B583AB00996FC26A641 \ +# 1024D/C3C45C06 2004-04-21 Jakub Jelinek + 33C235A34C46AA3FFB293709A328C3A2C3C45C06 \ +# 4096R/09B5FA62 2020-05-28 Jakub Jelinek + D3A93CAD751C2AF4F8C7AD516C35B99309B5FA62 + +# https://gcc.gnu.org/mirrors.html +ENV GCC_MIRRORS \ + https://ftpmirror.gnu.org/gcc \ + https://mirrors.kernel.org/gnu/gcc \ + https://bigsearcher.com/mirrors/gcc/releases \ + http://www.netgull.com/gcc/releases \ + https://ftpmirror.gnu.org/gcc \ +# "sourceware.org" is the canonical upstream release host (the host of "gcc.gnu.org") + https://sourceware.org/pub/gcc/releases \ +# only attempt the origin FTP as a mirror of last resort + ftp://ftp.gnu.org/gnu/gcc + +# Last Modified: 2025-07-11 +ENV GCC_VERSION 12.5.0 +# Docker EOL: 2027-01-11 + +RUN set -ex; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + dpkg-dev \ + flex \ + gnupg \ + ; \ + rm -r /var/lib/apt/lists/*; \ + \ + _fetch() { \ + local fetch="$1"; shift; \ + local file="$1"; shift; \ + for mirror in $GCC_MIRRORS; do \ + if curl -fL "$mirror/$fetch" -o "$file"; then \ + return 0; \ + fi; \ + done; \ + echo >&2 "error: failed to download '$fetch' from several mirrors"; \ + return 1; \ + }; \ + \ + _fetch "gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.xz.sig" 'gcc.tar.xz.sig'; \ + _fetch "gcc-$GCC_VERSION/gcc-$GCC_VERSION.tar.xz" 'gcc.tar.xz'; \ + export GNUPGHOME="$(mktemp -d)"; \ + for key in $GPG_KEYS; do \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ + done; \ + gpg --batch --verify gcc.tar.xz.sig gcc.tar.xz; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME"; \ + mkdir -p /usr/src/gcc; \ + tar -xf gcc.tar.xz -C /usr/src/gcc --strip-components=1; \ + rm gcc.tar.xz*; \ + \ + cd /usr/src/gcc; \ + \ +# "download_prerequisites" pulls down a bunch of tarballs and extracts them, +# but then leaves the tarballs themselves lying around + ./contrib/download_prerequisites; \ + { rm *.tar.* || true; }; \ + \ +# explicitly update autoconf config.guess and config.sub so they support more arches/libcs + for f in config.guess config.sub; do \ + wget -O "$f" "https://git.savannah.gnu.org/cgit/config.git/plain/$f?id=7d3d27baf8107b630586c962c057e22149653deb"; \ +# find any more (shallow) copies of the file we grabbed and update them too + find -mindepth 2 -name "$f" -exec cp -v "$f" '{}' ';'; \ + done; \ + \ + dir="$(mktemp -d)"; \ + cd "$dir"; \ + \ + extraConfigureArgs=''; \ + dpkgArch="$(dpkg --print-architecture)"; \ + case "$dpkgArch" in \ +# with-arch: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L533-573 +# with-float: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L521-523 +# with-mode: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L571 + armel) \ + extraConfigureArgs="$extraConfigureArgs --with-arch=armv5te --with-float=soft" \ + ;; \ + armhf) \ + # https://bugs.launchpad.net/ubuntu/+source/gcc-defaults/+bug/1939379/comments/2 + extraConfigureArgs="$extraConfigureArgs --with-arch=armv7-a+fp --with-float=hard --with-mode=thumb" \ + ;; \ + \ +# with-arch-32: https://salsa.debian.org/toolchain-team/gcc/-/blob/gcc-13-debian/debian/rules2#L670 + i386) \ + extraConfigureArgs="$extraConfigureArgs --with-arch-32=i686"; \ + ;; \ + esac; \ + \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + /usr/src/gcc/configure \ + --build="$gnuArch" \ + --disable-multilib \ + --enable-languages=c,c++,fortran,go \ + $extraConfigureArgs \ + ; \ + make -j "$(nproc)"; \ + make install-strip; \ + \ + cd ..; \ + \ + rm -rf "$dir" /usr/src/gcc; \ + \ + apt-mark auto '.*' > /dev/null; \ + [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false + +# gcc installs .so files in /usr/local/lib64 (and /usr/local/lib)... +RUN set -ex; \ +# this filename needs to sort higher than all the architecture filenames ("aarch64-...", "armeabi...", etc) + { echo '/usr/local/lib64'; echo '/usr/local/lib'; } > /etc/ld.so.conf.d/000-local-lib.conf; \ + ldconfig -v; \ + # the libc created by gcc might be too old for a newer Debian + # check that the Debian libstdc++ doesn't have newer requirements than the gcc one + deb="$(readlink -ve /usr/lib/*/libstdc++.so* | head -1)"; \ + gcc="$(readlink -ve /usr/local/lib*/libstdc++.so | head -1)"; \ +# using LD_PRELOAD to make sure "abidiff" itself doesn't fail with the exact error we're trying to test for 😂😭 + LD_PRELOAD="$deb" abidiff --no-added-syms "$deb" "$gcc" + +# ensure that alternatives are pointing to the new compiler and that old one is no longer used +RUN set -ex; \ + dpkg-divert --divert /usr/bin/gcc.orig --rename /usr/bin/gcc; \ + dpkg-divert --divert /usr/bin/g++.orig --rename /usr/bin/g++; \ + dpkg-divert --divert /usr/bin/gfortran.orig --rename /usr/bin/gfortran; \ + update-alternatives --install /usr/bin/cc cc /usr/local/bin/gcc 999