DataDog · lloeki · Nov 20, 2024 · Nov 15, 2024 · Nov 19, 2024 · Nov 19, 2024
@@ -144,6 +144,31 @@ jobs:
             version: "9.4"
             libc: musl
             arch: ["x86_64", "aarch64"]
+          # centos
+          - engine: ruby
+            version: "2.7"
+            libc: centos
+            arch: ["x86_64", "aarch64"]
+          - engine: ruby
+            version: "3.0"
+            libc: centos
+            arch: ["x86_64", "aarch64"]
+          - engine: ruby
+            version: "3.1"
+            libc: centos
+            arch: ["x86_64", "aarch64"]
+          - engine: ruby
+            version: "3.2"
+            libc: centos
+            arch: ["x86_64", "aarch64"]
+          - engine: ruby
+            version: "3.3"
+            libc: centos
+            arch: ["x86_64", "aarch64"]
+          - engine: ruby
+            version: "3.4"
+            libc: centos
+            arch: ["x86_64", "aarch64"]
     runs-on: ubuntu-latest
     name: Build (${{ matrix.engine }} ${{ matrix.version }} ${{ matrix.libc }})
     steps:
@@ -229,7 +254,7 @@ jobs:
           docker run --platform linux/aarch64 --rm ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} bundle --version
           docker run --platform linux/aarch64 --rm -v "${PWD}":"${PWD}" -w "${PWD}" -e BUNDLE_GEMFILE=gemfiles/${{ matrix.engine }}-${{ matrix.version }}.gemfile ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} /bin/sh -c 'bundle install --with="test" --without="check ide" && bundle exec rake test'
 
-      # TODO: hardcoded musl, unify gnu instead
+      # TODO: hardcoded musl, unify gnu+centos instead
       # TODO: hardcoded tags, use proper tag building
       - name: Tag single-arch image (aarch64)
         if: ${{ contains(matrix.arch, 'aarch64') }}

@@ -0,0 +1,149 @@
+# CentOS 7.9 has glibc 2.17
+FROM public.ecr.aws/docker/library/centos:centos7.9.2009
+
+# Set yum vault
+RUN <<SHELL
+set -euxo pipefail
+
+if [ "$(uname -m)" != "x86_64" ]; then
+    repo_version="altarch/7.9.2009"
+else
+    repo_version="7.9.2009"
+fi
+
+cat <<EOF > /etc/yum.repos.d/CentOS-Base.repo
+[base]
+name=CentOS-\$releasever - Base
+baseurl=http://vault.centos.org/${repo_version}/os/\$basearch/
+gpgcheck=0
+
+[updates]
+name=CentOS-\$releasever - Updates
+baseurl=http://vault.centos.org/${repo_version}/updates/\$basearch/
+gpgcheck=0
+
+[extras]
+name=CentOS-\$releasever - Extras
+baseurl=http://vault.centos.org/${repo_version}/extras/\$basearch/
+gpgcheck=0
+
+[centosplus]
+name=CentOS-\$releasever - Plus
+baseurl=http://vault.centos.org/${repo_version}/centosplus/\$basearch/
+gpgcheck=0
+enabled=0
+EOF
+SHELL
+
+RUN yum makecache -y
+
+# localedef has been forcefully removed by:
+# rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
+# fun: CentOS 8 has `yum list glibc-langpack-\*` but not CentOS 7 :'(
+RUN yum reinstall -y glibc-common
+
+RUN yum install -y curl gcc make
+
+# fun: this has to be after `yum install curl gcc make`... but only on aarch64; go figure
+# extra fun: table is botched, localedef not happy, swallow result and test `locale` for errors
+RUN <<SHELL
+localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 || true
+if locale 2>&1 | grep -e 'locale: Cannot set LC_.* to default locale: No such file or directory'; then exit 1; fi
+SHELL
+
+# Skip installing gem documentation
+COPY <<GEMRC /usr/local/etc/gemrc
+install: --no-document
+update: --no-document
+GEMRC
+
+ENV LANG="en_US.UTF-8"                                                                      \
+    RUBY_MAJOR="2.7"                                                                        \
+    RUBY_VERSION="2.7.8"                                                                    \
+    RUBY_DOWNLOAD_SHA256="f22f662da504d49ce2080e446e4bea7008cee11d5ec4858fc69000d0e5b1d7fb"
+
+# - Compile Ruby with `--disable-shared`
+# - Update gem version
+
+RUN <<SHELL
+set -euxo pipefail
+
+yum install -y autoconf bison gdbm-devel openssl-devel
+
+curl -o ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.xz"
+echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict
+mkdir -p /usr/src/ruby
+tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1
+rm ruby.tar.xz
+
+cd /usr/src/ruby
+
+# hack in "ENABLE_PATH_CHECK" disabling to suppress:
+#   warning: Insecure world writable dir
+{
+    echo '#define ENABLE_PATH_CHECK 0'
+    echo
+    cat file.c
+} > file.c.new
+mv file.c.new file.c
+
+autoconf
+
+gnuArch="$(gcc -dumpmachine)"
+./configure \
+    --build="$gnuArch" \
+    --disable-install-doc \
+    --disable-shared
+make -j "$(nproc)"
+make install
+
+# 	find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
+# 		| awk '/=>/ { print $(NF-1) }' \
+# 		| sort -u \
+# 		| grep -vE '^/usr/local/lib/' \
+# 		| xargs -r dpkg-query --search \
+# 		| cut -d: -f1 \
+# 		| sort -u \
+# 		| xargs -r apt-mark manual \
+#
+# 	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+#
+# find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
+#       | awk '/=>/ { print $(NF-1) }' \
+#       | grep -v '=>' \
+#       | sort -u \
+#       | grep -vE '^/usr/local/lib/' \
+#       | xargs -r rpm -qf \
+#       | sort -u \
+#       | xargs -r yum ?mark-manual?
+#
+# yum autoremove -y
+# yum remove --setopt=clean_requirements_on_remove=1
+# package-cleanup --leaves && yum autoremove # yum-utils
+# sudo yum history list pdftk
+# sudo yum history undo 88
+
+cd /
+rm -r /usr/src/ruby
+if yum list installed ruby; then exit 1; fi
+
+# update gem version
+gem update --system 3.3.27
+
+# rough smoke test
+ruby --version
+gem --version
+bundle --version
+
+SHELL
+
+# don't create ".bundle" in all our apps
+ENV GEM_HOME /usr/local/bundle
+ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
+	BUNDLE_APP_CONFIG="$GEM_HOME"
+ENV PATH $GEM_HOME/bin:$PATH
+
+# adjust permissions of a few directories for running "gem install" as an arbitrary user
+RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME"
+
+CMD [ "irb" ]
@@ -0,0 +1,134 @@
+# CentOS 7.9 has glibc 2.17
+FROM public.ecr.aws/docker/library/centos:centos7.9.2009
+
+# Set yum vault
+RUN <<SHELL
+set -euxo pipefail
+
+if [ "$(uname -m)" != "x86_64" ]; then
+    repo_version="altarch/7.9.2009"
+else
+    repo_version="7.9.2009"
+fi
+
+cat <<EOF > /etc/yum.repos.d/CentOS-Base.repo
+[base]
+name=CentOS-\$releasever - Base
+baseurl=http://vault.centos.org/${repo_version}/os/\$basearch/
+gpgcheck=0
+
+[updates]
+name=CentOS-\$releasever - Updates
+baseurl=http://vault.centos.org/${repo_version}/updates/\$basearch/
+gpgcheck=0
+
+[extras]
+name=CentOS-\$releasever - Extras
+baseurl=http://vault.centos.org/${repo_version}/extras/\$basearch/
+gpgcheck=0
+
+[centosplus]
+name=CentOS-\$releasever - Plus
+baseurl=http://vault.centos.org/${repo_version}/centosplus/\$basearch/
+gpgcheck=0
+enabled=0
+EOF
+SHELL
+
+RUN yum makecache -y
+
+# localedef has been forcefully removed by:
+# rm -rf "$target"/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
+# fun: CentOS 8 has `yum list glibc-langpack-\*` but not CentOS 7 :'(
+RUN yum reinstall -y glibc-common
+
+RUN yum install -y curl gcc make
+
+# fun: this has to be after `yum install curl gcc make`... but only on aarch64; go figure
+# extra fun: table is botched, localedef not happy, swallow result and test `locale` for errors
+RUN <<SHELL
+localedef -v -c -i en_US -f UTF-8 en_US.UTF-8 || true
+if locale 2>&1 | grep -e 'locale: Cannot set LC_.* to default locale: No such file or directory'; then exit 1; fi
+SHELL
+
+# Skip installing gem documentation
+COPY <<GEMRC /usr/local/etc/gemrc
+install: --no-document
+update: --no-document
+GEMRC
+
+ENV LANG="en_US.UTF-8"                                                                      \
+    RUBY_MAJOR="3.0"                                                                        \
+    RUBY_VERSION="3.0.6"                                                                    \
+    RUBY_DOWNLOAD_SHA256="b5cbee93e62d85cfb2a408c49fa30a74231ae8409c2b3858e5f5ea254d7ddbd1"
+
+# - Compile Ruby with `--disable-shared`
+# - Update gem version
+
+RUN <<SHELL
+set -euxo pipefail
+
+yum install -y autoconf bison gdbm-devel openssl-devel
+
+curl -o ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.xz"
+echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict
+mkdir -p /usr/src/ruby
+tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1
+rm ruby.tar.xz
+
+cd /usr/src/ruby
+
+# hack in "ENABLE_PATH_CHECK" disabling to suppress:
+#   warning: Insecure world writable dir
+{
+    echo '#define ENABLE_PATH_CHECK 0'
+    echo
+    cat file.c
+} > file.c.new
+mv file.c.new file.c
+
+autoconf
+
+gnuArch="$(gcc -dumpmachine)"
+./configure \
+    --build="$gnuArch" \
+    --disable-install-doc \
+    --disable-shared
+make -j "$(nproc)"
+make install
+
+# 	find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
+# 		| awk '/=>/ { print $(NF-1) }' \
+# 		| sort -u \
+# 		| grep -vE '^/usr/local/lib/' \
+# 		| xargs -r dpkg-query --search \
+# 		| cut -d: -f1 \
+# 		| sort -u \
+# 		| xargs -r apt-mark manual \
+#
+# 	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+
+cd /
+rm -r /usr/src/ruby
+if yum list installed ruby; then exit 1; fi
+
+# update gem version
+gem update --system 3.3.27
+
+# rough smoke test
+ruby --version
+gem --version
+bundle --version
+
+SHELL
+
+# don't create ".bundle" in all our apps
+ENV GEM_HOME /usr/local/bundle
+ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
+	BUNDLE_APP_CONFIG="$GEM_HOME"
+ENV PATH $GEM_HOME/bin:$PATH
+
+# adjust permissions of a few directories for running "gem install" as an arbitrary user
+RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME"
+
+CMD [ "irb" ]