-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Alpine Linux / Docker Build #75
Comments
@tracker1 I think one challenge will be fully supporting musl as a libc replacement. I'm not against it but have very little knowledge about it. It doesn't look like its in too bad a shape. I'm keen on setting up a system based on musl, so I might give this a go down the road, but don't count on me for the moment. |
@jbergstroem understandable... :-) Really wish I had more time (and a more intimate working relationship with C/C++). |
As the maintainer of node-sqlite3, 👍
Same here. I'm also interested in musl. |
The failures in the tests (there are only two) are due to assumptions in the tests themselves. One being that the platform has glibc (which Alpine isn't), the other being that the You can read more here: nodejs/docker-iojs#44 (comment) |
I am putting this on the agenda for #300 |
I don't think anyone objects to get this part of the ci, but work needs to be done. Lets get an outline going for whats required - feel free to add:
|
Regarding version of Alpine linux it looks like the Docker Library guys are using https://github.com/docker-library/python/blob/master/3.5/alpine/Dockerfile#L1 |
@Starefossen how often is stable updated? How does that affect toolchain, etc? (thinking if they have a LTS mindset) |
I had a chat with one of the Alpine Linux maintainers today. This is what they told me:
|
@Starefossen some important things to note about the Node.js package in the aports repository are:
These may not be an issue but they're worth being aware of. They've certainly been a lot better at keeping up to date with releases since 4.x (latest build file is here: http://git.alpinelinux.org/cgit/aports/tree/main/nodejs/APKBUILD?id=18fd7609f0ec2df89c873e788880119a703496a1) |
@mhart the intention is to build node, so not being on edge shouldn't be a problem. Meeting the dependencies (if using shared libraries) might though. |
Having just done the ssl update I know there are 4 floating patch's on top of the release |
@jbergstroem yeah, sorry I kinda got off track there – Node.js certainly builds on Alpine without requiring you to use shared libraries, was just pointing out that that's what you get with the package @Starefossen was referring to – but it's more relevant to users of the package (or any official endorsement of it) rather than building on Alpine from scratch. |
Can we get someone to pass on that @ncopa perhaps? |
@rvagg might be an issue, see nodejs/node#4212. |
V8 uses it to speed up the link step (ld-gold is multi-threaded, regular ld is not). I think you can disable it by setting |
i can install gold too. But I have other issue now, mksnapshot is run during build. I need to pax-mark the binary to disable PaX' MPROTECT as JITs does not work with it enabled. So I need to:
Currently I am trying to figure out how to only build mksnapshot. |
|
That worked. many thanks! |
@ncopa can you explain why you need to paxmark mksnapshot? (as in, what happens if you don't?) I've never had a problem on Alpine compiling the node binary in a single step and then just paxmark'ing it (the node binary). |
@ncopa you can check how we pax-mark in the ebuild I've done for gentoo: https://github.com/jbergstroem/gentoo/blob/verbump/net-libs/nodejs-5.4.1/net-libs/nodejs/nodejs-5.5.0.ebuild#L115 |
@ncopa yes, agree, I've updated my Dockerfile. it build perfectly on my local boot2docker virtualbox instance or on a fresh digital ocean trusty docker-machine.... but always fails on docker hub (Linux 3.13.0-40-generic, docker 1.8.3):
I use binutils-gold of course, I wonder if it's not because of the docker release. In any cases something differ on docker hub. |
I believe in nodejs/docker-node#156 we have Dockerfiles for building all node versions in Alpine. I think it should be built inside an alpine image and put to https://nodejs.org/dist/ under "node-$VERSION-linux-musl-$ARCH.tar.gz". |
Regarding error, ld.gold outputs it for 2 flags: http://manpages.sgvulcan.com/ld.gold.1.php |
As per #437, we have support for Node built on Alpine running in Alpine but this doesn't yet cover the nodejs.org binaries. If that's needed for some reason then we should continue that discussion here. |
Since |
What are the next steps to get this working with binaries off of nodejs.org. I think that is what is holding up nodejs/docker-node#156 which is currently building off of source but preference was to use the binaries to save build time in CI etc. |
I believe the question is about shipping musl binaries? I'm hesitant about adding musl binaries to nodejs.org for the following reasons:
It's a Pandora's Box that we have to be sure we want to open before we go ahead with this. Right now it's easy and obvious: our binaries only support libc. Let's get this on the Build WG agenda and see if anything comes out of that. |
@rvagg for sure it need to be maintained... to me node docker alpine variants are sufficient. I'm not convinced that shipping musl compatible binaries (outside of docker containers) deserves many use cases. In general we talk about people that are used to compile node themself no? |
I think the proposal here is for us to ship musl binaries on nodejs.org so the docker-node folks don't need to build it on image when shipping to Docker Hub. If that's incorrect then someone please clarify what the ask here is now. |
Security angle: statically linking in musl means we're obligated to track it for CVEs and make the proper announcements and releases when vulnerabilities are found. IOW, it's more work. |
That is correct, Rod! |
So... musl could be not statically linked then docker-node folks will need to build an image that include node compilation and on security angle it will benefit from docker hub security scanning feature. Of course If I had nodejs binary ready to download for my docker container it would be cool, so I'm not against this proposition, just not convinced it worth it regarding the amount of energy to spend. |
Couldn't I make the case that docker and Alpine are a wildly adopted platform and having a binary targeting those is good for Node. Couldn't you justify this one in particular and avoid the scfope creep since Docker has a consistent architecture. |
I would like to bump this. Since we included an alpine variant to the docker project, we received a lot of questions about the alpine variant specifically. It's unfortunate that we don't have stats about specific docker tag downloads but it's possible that alpine will become on of the most used platforms for Node, if it isn't already. |
Is this resolved? I haven't read all the details, but I know that we have docker and alpine in CI now and I see that this issue has not received much in the way of comments lately. |
I'm not sure what this issue is tracking, tbh. I'd still love alpine binaries as part the regular release, but that might not be tracked here? |
This was the first issue mentioning Docker/Alpine use case specifically asking to provide help with running test suite in alpine. Now, that Alpine variant is in CI and included into official docker library: https://github.com/docker-library/official-images/blob/master/library/node |
Alpine (both 36 and 37) is being used in CI, which I believe closes this issue? Please reopen if I'm mistaken. |
Would really be appreciated if some help could be rendered to getting an alpine image for iojs passing the test suite.
If there could be two build images, one for just node, and another with everything needed for node_gyp and nan to run.
Also, would be nice to see tests for building common binary modules (sqlite3, expat and a few others).
The text was updated successfully, but these errors were encountered: