glibc: maintenance update and support RHEL 6 -like kernels

[vcunat]

Things done

• Tested building simple packages and running them on a CentOS 6.9 VM.

• Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)

• Built on platform(s)

  • NixOS
  • macOS
  • other Linux distributions

• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)

• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"

• Tested execution of all binary files (usually in ./result/bin/)

• Fits CONTRIBUTING.md.

I plan to merge in a few days.

---

[lukateras]

I think it would be better if configure patch was against configure.ac rather than its pre-generated artifact. Great that you handle 2.6.32 explicitly instead of just changing __LINUX_KERNEL_VERSION to a lower value!

[vcunat]

@yegortimoshenko: I patch both configure.ac and the generated configure.

[lukateras]

@vcunat Oh, correct. Then another nitpick: patch would be easier to read if hunks were separated with an empty line :-)

[vcunat]

I just ran git diff :-) Shall we report it upstream? (just kidding)

[orivej]

Did you do git checkout release/2.26/master before git log? Is 115 the number of commits in that branch since glibc-2.26 tag? Shouldn't git log -p be called with glibc-2.26..?

[vcunat]

I checked out the version I updated to:

$ git describe
glibc-2.26-115-g633e2f7f3d

I wanted to re-check since 2.25, as the kernel support was bumped between 2.25 and 2.26 (and on 2.26.. they probably wouldn't do such large changes anyway). EDIT: of course, in future it's enough to check since the last checked commit.

[vcunat]

BTW, you may test with a few tools that are in binary cache already: https://hydra.nixos.org/build/66404678#tabs-buildsteps – just nix-store --realize those paths...

[vcunat]

/cc @grahamc for ^^
@GrahamcOfBorg eval

[edolstra]

What does it mean to "lose early mismtach detection"?

[vcunat]

@edolstra: when glibc detects an old kernel, it dies with a readable message (kernel too old). That gets disabled for 2.6.32 in this PR, so if someone used that version without the RHEL patches, it would be hard to debug – she wouldn't get any readable message and instead, some glibc functions would be failing (ENOSYS etc.)

[vcunat]

I didn't want to make the in-source comment too long, but perhaps I've cut it down too much.

[edolstra]

Adding gzipped patch files to the Nixpkgs tree doesn't seem very nice. Can't that patch be fetched from somewhere else?

[vcunat]

@edolstra: I would be very grateful if a better solution was found – I had spent quite a lot of time on it and only came with this. Upstream doesn't make maintenance releases (i.e. tarballs), fetching a hundred patches from git is cumbersome, and all is further hindered by glibc taking part in bootstrapping.

[vcunat]

If you prefer using fetchgit during stdenv bootstrapping, that would seem another not-too-bad choice, but I might be missing some complications.

[lukateras]

@vcunat: could you perhaps use this script?

#!/usr/bin/env nix-shell
#! nix-shell -i sh -p git

version=2.26

cd $(mktemp -d)

echo "{ fetchpatch }: ["

git clone git://sourceware.org/git/glibc.git .
git fetch origin release/$version/master
git checkout release/$version/master

for commit in $(git log glibc-$version..release/$version/master | grep ^commit | cut -d' ' -f 2); do
    name="$commit.patch"
    url="https://sourceware.org/git/?p=glibc.git;a=patch;h=$commit"
    sha256=$(nix-prefetch-url --name "$name" "$url")
    cat <<EOF
(fetchpatch {
  url = "$url";
  sha256 = "$sha256";
  name = "$name";
})
EOF
done

echo "]"

It generates list of patches, fetched via fetchpatch, given glibc version. If fetchpatch is not available during bootstrap, it could use fetchurl instead.

You can also set glibc patch prefix just by counting these patches.

[vcunat]

I had tried that approach first (generate fetchpatch invocations via a script) but I dropped it in the end. IIRC it had to do with the complexity of making fetchpatch available during bootstrapping, or something similar.

[lukateras]

It is enough to just remove the last line of every patch (it points to git version). This could be done via head -n -1. I think it is feasible to implement a very small fetchpatch that is just like fetchurl except it has postFetch where it filters out the last line.

[vcunat]

Yes, I suppose that should cover almost all the changes cheaply. I've seen also the @@ parts changing on git version changes, but that seems unlikely to happen often.

[lukateras]

I think so, perhaps then we'll have proper fetchpatch during boostrap. Can I work on this and then push it to your branch?

[dezgeg]

At least on GitHub it's possible to have a range of commits squashed into one diff: https://github.com/NixOS/nixpkgs/compare/master...dezgeg:arm-work.diff so there's no need to generate dozens of fetchpatch invocations.

It doesn't solve the patch nondeterminism problem though.

[lukateras]

@dezgeg: 115 fetchpatch invocations is useful to determine glibc patchlevel. It also properly dedupes artifacts in Nix store. Also, I don't think GitWeb supports this.

[edolstra]

Can't we just push this version of Glibc to GitHub and use fetchFromGitHub? I think that should work during stdenv bootstrap but I'm not sure.

[lukateras]

@edolstra That incurs additional maintenance, with fetchpatch approach we would be able to update glibc to new patchlevel automatically, just by running a script.

[edolstra]

How does it incur more maintenance? It's less work to just update a commit hash.

[vcunat]

I suspect he meant you have to update the repo as well, but what about this GitLab auto-updating mirror? The source would be obtainable through fetchzip like from GitHub.

[lukateras]

Yes, that and also origin would have to be manually checked out anyway to determine the new patchlevel, which also has to be updated.

[vcunat]

Number of patches with overview: https://gitlab.com/vcunat/glibc/compare/glibc-2.26...release/2.26/master (EDITed to beautify the URL)

[lukateras]

It shows one patch more (116) than the actual patchlevel (115) and the number that I get when I checkout locally. Strange...

[vcunat]

One patch was pushed very recently upstream.

[lukateras]

BTW, glibc derivation can only fetch using built-in Nix fetchurl that doesn't handle postFetch, and I don't think fetchzip is available during bootstrap, so it should probably just fetch tarball from https://gitlab.com/vcunat/glibc/repository/5da0de4de5e8b9576475432b94fa0a486fd9389f/archive.tar.gz via fetchurl. It's not really deterministic, though, I'm not sure how to fix that.

Great that GitLab supports auto-updating mirrors!

(fetchpatch scripts, for reference: patch-glibc.tar.gz)

[grahamc]

Let's try this again:
@GrahamcOfBorg eval

[dtzWill]

I've had great success with this so far (using 87acb2b) on my RHEL6-esque machine, thank you!

I know there are some details to be sorted but thought I'd let you know it's working great so far functionality-wise 👍

[vcunat]

Right, now I remember why I dropped the attempts. In bootstrapping, at the point when glibc is built, I see no easy way to get any fetch of a file with unstable hash (generated tarball or patches).

I now tried also fetchTarball wrapped in a fixed-output derivation, but for some reason it always re-fetches even if the fixed-output derivation is in the store already (insufficient laziness?). BTW, the auto-updating feature got stuck in the meantime (http 503 if I try to unstuck it), though it's hopefully just a transient problem.

I assumed the update part would be the clear one and we may focus on the RHEL patch, but it's the other way. Unless you bring any idea how to do this without postFetch or you bring code adding the necessary stuff to linux boostrapping, I'm merging this as it is in a couple days.

[lukateras]

Right, that's what I've thought, the only fetcher available (one built into Nix) doesn't support postFetch. This can be fixed by relying on continuous deployment to create stable archives: https://docs.travis-ci.com/user/deployment

I don't think that Travis CI supports GitLab releases, but GitLab has its own CI: https://docs.gitlab.com/ce/ci/

[lukateras]

@vcunat: do you think .tar archives without compression could be more deterministic? https://gitlab.com/vcunat/glibc/repository/5da0de4de5e8b9576475432b94fa0a486fd9389f/archive.tar

[vcunat]

I don't know how these are created exactly, but man git-archive suggests that it uses the current time for timestamps of all files, unless retrieved via a tag...