fix: use musl static linking to eliminate GLIBC dependency for Linux binaries#513
fix: use musl static linking to eliminate GLIBC dependency for Linux binaries#513
Conversation
- Switch Docker build image from ubuntu:20.04 (GLIBC 2.31) to debian:10 (GLIBC 2.28) for Linux release builds - Add GLIBC version ceiling check in CI to prevent future regressions - Add GLIBC version check in install.sh to give users a clear error message before downloading an incompatible binary Fixes #509 Co-Authored-By: Sasha Varlamov <sasha@sashavarlamov.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
|
|
No AI authorship found for these commits. Please install git-ai to start tracking AI generated code in your commits. |
|
No AI authorship found for these commits. Please install git-ai to start tracking AI generated code in your commits. |
|
is there any chance that this will break the builds for newer os's/ubuntu/etc. any potential issues you can think of? |
|
No — building against an older GLIBC will not break binaries on newer systems. GLIBC is forward-compatible: a binary linked against GLIBC 2.28 will run on any system with GLIBC 2.28+. This is the same principle used by projects like ripgrep, rustup, and most Linux distro packaging. The only potential issues I can think of:
|
|
is there a way to do this without using an EOL'd builder image? |
|
Good call. I'll switch the approach to musl static linking instead — this builds fully static binaries with zero GLIBC dependency, using a maintained |
- Use x86_64-unknown-linux-musl and aarch64-unknown-linux-musl targets for fully static binaries with zero GLIBC dependency - Build in ubuntu:22.04 Docker (maintained, non-EOL) with musl-tools - Replace GLIBC version ceiling check with static linking verification - Remove GLIBC check from install.sh (no longer needed for static binaries) This eliminates the GLIBC compatibility issue entirely rather than just lowering the minimum version. Co-Authored-By: Sasha Varlamov <sasha@sashavarlamov.com>
fix: use musl static linking to eliminate GLIBC dependency for Linux binaries
Summary
Addresses #509 — pre-built Linux binaries currently require GLIBC 2.29+ (built on
ubuntu:20.04/ GLIBC 2.31), which breaks on CentOS 8, RHEL 8, Debian 10, and other older Linux systems.Instead of lowering the GLIBC floor (which would require an EOL build image), this PR switches Linux release builds to musl static linking, producing fully self-contained binaries with zero GLIBC dependency.
Changes:
release.yml: Switch Linux build targets fromx86_64-unknown-linux-gnu/aarch64-unknown-linux-gnuto their-muslequivalents. Docker build image changed fromubuntu:20.04toubuntu:22.04(maintained). Installmusl-toolsinstead oflibssl-dev.release.yml: Replace the old GLIBC version logging with a static-linking assertion — the release build will now fail iflddreports the binary as dynamically linked.install.sh: No functional changes (net diff is a cosmetic blank line).Artifact names (
git-ai-linux-x64,git-ai-linux-arm64) are unchanged — this is a drop-in replacement from the user's perspective.Review & Testing Checklist for Human
workflow_dispatchonly). A dry-run release build (workflow_dispatchwithdry_run: true) is strongly recommended before merging to confirm the musl build succeeds for both x64 and arm64.rusqlitebundled SQLite compilation with musl:rusqlitecompiles SQLite from C source usingcc. Verifymusl-gcc(frommusl-tools) correctly compiles this on both x64 and arm64. This is the most likely build failure point.lddoutput check usesgrep -q 'not a dynamic executable\|statically linked'. Confirm this matches the actuallddoutput for musl binaries on the Ubuntu 22.04 runner (the exact message can vary bylddversion).--version, try a commit).Recommended test plan:
file <binary>(should say "statically linked") andldd <binary>(should say "not a dynamic executable")Notes