fix: hermetic bsdtar linux toolchain
diff --git a/lib/private/tar_toolchain.bzl b/lib/private/tar_toolchain.bzl index fa4edb2..8f8528f 100644 --- a/lib/private/tar_toolchain.bzl +++ b/lib/private/tar_toolchain.bzl
@@ -1,6 +1,7 @@ "Provide access to a BSD tar" load(":repo_utils.bzl", "repo_utils") +load(":tar_toolchain_linux.bzl", "bookworm_amd64_packages", "bookworm_arm64_packages") BSDTAR_PLATFORMS = { "linux_amd64": struct( @@ -8,12 +9,11 @@ "@platforms//os:linux", "@platforms//cpu:x86_64", ], + packages = bookworm_amd64_packages, ), "linux_arm64": struct( - compatible_with = [ - "@platforms//os:linux", - "@platforms//cpu:aarch64", - ], + compatible_with = "HOST_CONSTRAINTS", + packages = bookworm_arm64_packages, ), # TODO(alexeagle): download from libarchive github releases. "windows_amd64": struct( @@ -30,66 +30,6 @@ ), } -# note, using Ubuntu Focal packages as they link with older glibc versions. -# Ubuntu Jammy packages will fail on ubuntu 20.02 with -# bsdtar: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found -# bsdtar: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found -# -# TODO: this is only a partial listing of the transitive deps of libarchive-tools -# so we expect a bunch of compress modes are broken, for example. - -LINUX_LIB_DEPS = { - "linux_arm64": [ - ( - "6d18525e248e84b8a4ee39a226fd1195ca9b9d0d5a1c7909ae4f997d46378848", - "http://ports.ubuntu.com/pool/main/n/nettle/libnettle7_3.5.1+really3.5.1-2ubuntu0.2_arm64.deb", - ), - ( - "aa5e31d05a9d6bde8093137bd1c82b5a20a5f470bd5109642014f895c20f323a", - "http://ports.ubuntu.com/pool/main/liba/libarchive/libarchive13_3.4.0-2ubuntu1_arm64.deb", - ), - ( - "6d089f878507b536d8ca51b1ad80a80706a1dd7dbbcce7600800d3f9f98be2ab", - "http://ports.ubuntu.com/pool/main/liba/libarchive/libarchive-tools_3.2.1-2~ubuntu16.04.1_arm64.deb", - ), - ( - "6242892cb032859044ddfcfbe61bac5678a95c585d8fff4525acaf45512e3d39", - "http://ports.ubuntu.com/pool/main/libx/libxml2/libxml2_2.9.10+dfsg-5_arm64.deb", - ), - ( - "6302e309ab002af30ddfa0d68de26c68f7c034ed2f45b1d97a712bff1a03999a", - "http://ports.ubuntu.com/pool/main/i/icu/libicu66_66.1-2ubuntu2_arm64.deb", - ), - ], - "linux_amd64": [ - # https://packages.ubuntu.com/focal/amd64/libarchive-tools/download - ( - "12a19878d34b407e6f4893d3b26b7758a26c5534a066d76184c8b764b2df1652", - "http://security.ubuntu.com/ubuntu/pool/universe/liba/libarchive/libarchive-tools_3.4.0-2ubuntu1.2_amd64.deb", - ), - # https://packages.ubuntu.com/focal/amd64/libarchive13/download - ( - "8ba7507f61bb3ea8da488702ec0badcbfb726d36ea6886e3421ac59082aaf2d1", - "http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive/libarchive13_3.4.0-2ubuntu1.2_amd64.deb", - ), - # https://packages.ubuntu.com/focal/amd64/libnettle7/download - ( - "3496aed83407fde71e0dc5988b28e8fd7f07a2f27fcf3e0f214c7cd86667eecd", - "http://security.ubuntu.com/ubuntu/pool/main/n/nettle/libnettle7_3.5.1+really3.5.1-2ubuntu0.2_amd64.deb", - ), - # https://packages.ubuntu.com/focal/amd64/libxml2/download - ( - "a8cbd10a0d74ff8ec43a7e6c09ad07629f20efea9972799d9ff7f63c4e82bfcf", - "http://security.ubuntu.com/ubuntu/pool/main/libx/libxml2/libxml2_2.9.10+dfsg-5ubuntu0.20.04.6_amd64.deb", - ), - # https://packages.ubuntu.com/focal/amd64/libicu66/download - ( - "00d0de456134668f41bd9ea308a076bc0a6a805180445af8a37209d433f41efe", - "http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu66_66.1-2ubuntu2.1_amd64.deb", - ), - ], -} - def _find_usable_system_tar(rctx, tar_name): tar = rctx.which(tar_name) if not tar: @@ -127,20 +67,13 @@ # Other platforms, we have more work to do. libs_dir = "usr/lib/x86_64-linux-gnu" if rctx.attr.platform.endswith("amd64") else "usr/lib/aarch64-linux-gnu" - # TODO: windows - - for lib in LINUX_LIB_DEPS[rctx.attr.platform]: - rctx.download_and_extract( - url = lib[1], - type = "deb", - sha256 = lib[0], - ) - rctx.extract("data.tar.xz") + for lib in rctx.attr.libs: + rctx.extract(lib) rctx.file("bsdtar.sh", """#!/usr/bin/env bash -readonly wksp="$(dirname "${{BASH_SOURCE[0]}}")" -LD_LIBRARY_PATH=$wksp/{libs_dir} exec $wksp/usr/bin/bsdtar $@ -""".format(name = rctx.name, libs_dir = libs_dir)) + readonly wksp="$(dirname "${{BASH_SOURCE[0]}}")" + LD_LIBRARY_PATH=$wksp/{libs_dir} exec $wksp/usr/bin/bsdtar $@ + """.format(name = rctx.name, libs_dir = libs_dir)) rctx.file("BUILD.bazel", build_header + """\ tar_toolchain( @@ -149,12 +82,13 @@ binary = "bsdtar.sh", visibility = ["//visibility:public"], ) -""".format(libs = libs_dir, name = rctx.name)) + """.format(libs = libs_dir, name = rctx.name)) bsdtar_binary_repo = repository_rule( implementation = _bsdtar_binary_repo, attrs = { "platform": attr.string(mandatory = True, values = BSDTAR_PLATFORMS.keys()), + "libs": attr.label_list(), }, )
diff --git a/lib/private/tar_toolchain_linux.bzl b/lib/private/tar_toolchain_linux.bzl new file mode 100644 index 0000000..d238ffb --- /dev/null +++ b/lib/private/tar_toolchain_linux.bzl
@@ -0,0 +1,221 @@ +"""This file is auto generated by https://github.com/bazel-contrib/rules_oci/blob/apt/experimental/apt/packages.bzl""" + +load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") + +# buildifier: disable=function-docstring +def bookworm_arm64_packages(): + http_archive( + name = "bookworm_arm64_libarchive_u_tools_3_d_6_d_2_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/liba/libarchive/libarchive-tools_3.6.2-1_arm64.deb"], + sha256 = "4403efeac3356e4d00ba07c7346af463dc073d7e16982da227e5bd3474f51907", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libc6_2_d_36_u_9_p_deb12u1", + urls = ["https://ftp.debian.org/debian/pool/main/g/glibc/libc6_2.36-9+deb12u1_arm64.deb"], + sha256 = "8ae49b2badad470ddd52fb7d28ecfc239b41e4a94a979c6a6c5bd5661fa7997b", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libgcc_u_s1_12_d_2_d_0_u_14", + urls = ["https://ftp.debian.org/debian/pool/main/g/gcc-12/libgcc-s1_12.2.0-14_arm64.deb"], + sha256 = "6fce2268d8f3152a4e84634f5a24133d3c62903b2f9b11b9c59235cbbc1b23a8", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_gcc_u_12_u_base_12_d_2_d_0_u_14", + urls = ["https://ftp.debian.org/debian/pool/main/g/gcc-12/gcc-12-base_12.2.0-14_arm64.deb"], + sha256 = "e1f2fb7212546c0e360af8df26303608f7b09e123ac9c96e15872d1ec1ce3275", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libarchive13_3_d_6_d_2_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/liba/libarchive/libarchive13_3.6.2-1_arm64.deb"], + sha256 = "0aa6eae9fd7617ba10289fcef9c52506630786d7eebfe6fbef3ee720bb822f8a", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_zlib1g_1_c_1_d_2_d_13_d_dfsg_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/z/zlib/zlib1g_1.2.13.dfsg-1_arm64.deb"], + sha256 = "52b8b8a145bbe1956bba82034f77022cbef0c3d0885c9e32d9817a7932fe1913", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libzstd1_1_d_5_d_4_p_dfsg2_u_5", + urls = ["https://ftp.debian.org/debian/pool/main/libz/libzstd/libzstd1_1.5.4+dfsg2-5_arm64.deb"], + sha256 = "95e173c9538f96ede4fc275ec7863f395a97dd0ea62454be9bc914efa1b9be93", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libxml2_2_d_9_d_14_p_dfsg_u_1_d_3_t_deb12u1", + urls = ["https://ftp.debian.org/debian/pool/main/libx/libxml2/libxml2_2.9.14+dfsg-1.3~deb12u1_arm64.deb"], + sha256 = "9147f4b4c0ec4c2a4cbe8f1fd2e38746c28f80fcc59c9febfd2aa0a22c6cbfe0", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_liblzma5_5_d_4_d_1_u_0_d_2", + urls = ["https://ftp.debian.org/debian/pool/main/x/xz-utils/liblzma5_5.4.1-0.2_arm64.deb"], + sha256 = "48216df0ab15bf757176417c154c27a208b82aa42b00a16794e4699ec9e8e2e3", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libicu72_72_d_1_u_3", + urls = ["https://ftp.debian.org/debian/pool/main/i/icu/libicu72_72.1-3_arm64.deb"], + sha256 = "fa1b61e24b45d07c9ec15dbd1750aeea26eef6044270629ef58138fc09ca238f", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libstdc_p__p_6_12_d_2_d_0_u_14", + urls = ["https://ftp.debian.org/debian/pool/main/g/gcc-12/libstdc++6_12.2.0-14_arm64.deb"], + sha256 = "21e971c5d3506f783b89efe8e12ac85081ddd9213e4f6529262bcfe95c326670", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libnettle8_3_d_8_d_1_u_2", + urls = ["https://ftp.debian.org/debian/pool/main/n/nettle/libnettle8_3.8.1-2_arm64.deb"], + sha256 = "c945ff210df69cf7b95e935b8fa936e81c1c1f475355e3d5db83510b174f0cd6", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_liblz4_u_1_1_d_9_d_4_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/l/lz4/liblz4-1_1.9.4-1_arm64.deb"], + sha256 = "f061216ce11aabba8f032dfd6c75c181e782fef7493033b9621a8c3b2953b87e", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libbz2_u_1_d_0_1_d_0_d_8_u_5_p_b1", + urls = ["https://ftp.debian.org/debian/pool/main/b/bzip2/libbz2-1.0_1.0.8-5+b1_arm64.deb"], + sha256 = "d3a96ece03326498b39ff093a76800dfcbcb1d4049d6ae6e9f6fa1aa7a590ad6", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_arm64_libacl1_2_d_3_d_1_u_3", + urls = ["https://ftp.debian.org/debian/pool/main/a/acl/libacl1_2.3.1-3_arm64.deb"], + sha256 = "2b0eef11a2e271e7355adaf1f6cbf8d2e83835ae1b6cf15165d59b8289c08342", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + return ["@bookworm_arm64_libarchive_u_tools_3_d_6_d_2_u_1//:data.tar.xz", "@bookworm_arm64_libc6_2_d_36_u_9_p_deb12u1//:data.tar.xz", "@bookworm_arm64_libgcc_u_s1_12_d_2_d_0_u_14//:data.tar.xz", "@bookworm_arm64_gcc_u_12_u_base_12_d_2_d_0_u_14//:data.tar.xz", "@bookworm_arm64_libarchive13_3_d_6_d_2_u_1//:data.tar.xz", "@bookworm_arm64_zlib1g_1_c_1_d_2_d_13_d_dfsg_u_1//:data.tar.xz", "@bookworm_arm64_libzstd1_1_d_5_d_4_p_dfsg2_u_5//:data.tar.xz", "@bookworm_arm64_libxml2_2_d_9_d_14_p_dfsg_u_1_d_3_t_deb12u1//:data.tar.xz", "@bookworm_arm64_liblzma5_5_d_4_d_1_u_0_d_2//:data.tar.xz", "@bookworm_arm64_libicu72_72_d_1_u_3//:data.tar.xz", "@bookworm_arm64_libstdc_p__p_6_12_d_2_d_0_u_14//:data.tar.xz", "@bookworm_arm64_libnettle8_3_d_8_d_1_u_2//:data.tar.xz", "@bookworm_arm64_liblz4_u_1_1_d_9_d_4_u_1//:data.tar.xz", "@bookworm_arm64_libbz2_u_1_d_0_1_d_0_d_8_u_5_p_b1//:data.tar.xz", "@bookworm_arm64_libacl1_2_d_3_d_1_u_3//:data.tar.xz"] + +# buildifier: disable=function-docstring +def bookworm_amd64_packages(): + http_archive( + name = "bookworm_amd64_libarchive_u_tools_3_d_6_d_2_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/liba/libarchive/libarchive-tools_3.6.2-1_amd64.deb"], + sha256 = "3957b6ae1ae4121c2d75de2edd5cf863f701e2604483aa8d592e7cd3af37451a", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libc6_2_d_36_u_9_p_deb12u1", + urls = ["https://ftp.debian.org/debian/pool/main/g/glibc/libc6_2.36-9+deb12u1_amd64.deb"], + sha256 = "ee2ef7aa6b9c53a109b79ae5f80fe354ef99ce39915c18b461ef1cf4f9fe15f8", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libgcc_u_s1_12_d_2_d_0_u_14", + urls = ["https://ftp.debian.org/debian/pool/main/g/gcc-12/libgcc-s1_12.2.0-14_amd64.deb"], + sha256 = "f3d1d48c0599aea85b7f2077a01d285badc42998c1a1e7473935d5cf995c8141", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_gcc_u_12_u_base_12_d_2_d_0_u_14", + urls = ["https://ftp.debian.org/debian/pool/main/g/gcc-12/gcc-12-base_12.2.0-14_amd64.deb"], + sha256 = "1a03df5a57833d65b5bb08cfa19d50e76f29088dc9e64fb934af42d9023a0807", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libarchive13_3_d_6_d_2_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/liba/libarchive/libarchive13_3.6.2-1_amd64.deb"], + sha256 = "82cc6d094f9b7c872e5bc5c4613151a7a8c20ac1a3d7d6c128dca64da618857b", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_zlib1g_1_c_1_d_2_d_13_d_dfsg_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/z/zlib/zlib1g_1.2.13.dfsg-1_amd64.deb"], + sha256 = "d7dd1d1411fedf27f5e27650a6eff20ef294077b568f4c8c5e51466dc7c08ce4", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libzstd1_1_d_5_d_4_p_dfsg2_u_5", + urls = ["https://ftp.debian.org/debian/pool/main/libz/libzstd/libzstd1_1.5.4+dfsg2-5_amd64.deb"], + sha256 = "6315b5ac38b724a710fb96bf1042019398cb656718b1522279a5185ed39318fa", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libxml2_2_d_9_d_14_p_dfsg_u_1_d_3_t_deb12u1", + urls = ["https://ftp.debian.org/debian/pool/main/libx/libxml2/libxml2_2.9.14+dfsg-1.3~deb12u1_amd64.deb"], + sha256 = "35b76cb7038fc1c940204a4f05f33ffb79d027353ce469397d9adcf8f9b3e1a7", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_liblzma5_5_d_4_d_1_u_0_d_2", + urls = ["https://ftp.debian.org/debian/pool/main/x/xz-utils/liblzma5_5.4.1-0.2_amd64.deb"], + sha256 = "d4b7736e58512a2b047f9cb91b71db5a3cf9d3451192fc6da044c77bf51fe869", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libicu72_72_d_1_u_3", + urls = ["https://ftp.debian.org/debian/pool/main/i/icu/libicu72_72.1-3_amd64.deb"], + sha256 = "e239c1c9f52bee0ff627f291552d63691b765ec7c5cdf6de7c7ae4dec0275857", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libstdc_p__p_6_12_d_2_d_0_u_14", + urls = ["https://ftp.debian.org/debian/pool/main/g/gcc-12/libstdc++6_12.2.0-14_amd64.deb"], + sha256 = "9b1b269020cec6aced3b39f096f7b67edd1f0d4ab24f412cb6506d0800e19cbf", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libnettle8_3_d_8_d_1_u_2", + urls = ["https://ftp.debian.org/debian/pool/main/n/nettle/libnettle8_3.8.1-2_amd64.deb"], + sha256 = "45922e6e289ffd92f0f92d2bb9159e84236ff202d552a461bf10e5335b3f0261", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_liblz4_u_1_1_d_9_d_4_u_1", + urls = ["https://ftp.debian.org/debian/pool/main/l/lz4/liblz4-1_1.9.4-1_amd64.deb"], + sha256 = "64cde86cef1deaf828bd60297839b59710b5cd8dc50efd4f12643caaee9389d3", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libbz2_u_1_d_0_1_d_0_d_8_u_5_p_b1", + urls = ["https://ftp.debian.org/debian/pool/main/b/bzip2/libbz2-1.0_1.0.8-5+b1_amd64.deb"], + sha256 = "54149da3f44b22d523b26b692033b84503d822cc5122fed606ea69cc83ca5aeb", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + http_archive( + name = "bookworm_amd64_libacl1_2_d_3_d_1_u_3", + urls = ["https://ftp.debian.org/debian/pool/main/a/acl/libacl1_2.3.1-3_amd64.deb"], + sha256 = "8be9df5795114bfe90e2be3d208ef47a5edd3fc7b3e20d387a597486d444e5e2", + build_file_content = """exports_files(["data.tar.xz"])""", + ) + + return ["@bookworm_amd64_libarchive_u_tools_3_d_6_d_2_u_1//:data.tar.xz", "@bookworm_amd64_libc6_2_d_36_u_9_p_deb12u1//:data.tar.xz", "@bookworm_amd64_libgcc_u_s1_12_d_2_d_0_u_14//:data.tar.xz", "@bookworm_amd64_gcc_u_12_u_base_12_d_2_d_0_u_14//:data.tar.xz", "@bookworm_amd64_libarchive13_3_d_6_d_2_u_1//:data.tar.xz", "@bookworm_amd64_zlib1g_1_c_1_d_2_d_13_d_dfsg_u_1//:data.tar.xz", "@bookworm_amd64_libzstd1_1_d_5_d_4_p_dfsg2_u_5//:data.tar.xz", "@bookworm_amd64_libxml2_2_d_9_d_14_p_dfsg_u_1_d_3_t_deb12u1//:data.tar.xz", "@bookworm_amd64_liblzma5_5_d_4_d_1_u_0_d_2//:data.tar.xz", "@bookworm_amd64_libicu72_72_d_1_u_3//:data.tar.xz", "@bookworm_amd64_libstdc_p__p_6_12_d_2_d_0_u_14//:data.tar.xz", "@bookworm_amd64_libnettle8_3_d_8_d_1_u_2//:data.tar.xz", "@bookworm_amd64_liblz4_u_1_1_d_9_d_4_u_1//:data.tar.xz", "@bookworm_amd64_libbz2_u_1_d_0_1_d_0_d_8_u_5_p_b1//:data.tar.xz", "@bookworm_amd64_libacl1_2_d_3_d_1_u_3//:data.tar.xz"]
diff --git a/lib/repositories.bzl b/lib/repositories.bzl index af3dbb3..918a0f5 100644 --- a/lib/repositories.bzl +++ b/lib/repositories.bzl
@@ -101,6 +101,7 @@ bsdtar_binary_repo( name = "%s_%s" % (name, platform), platform = platform, + libs = meta.packages() if hasattr(meta, "packages") else [], ) if register: native.register_toolchains("@%s_toolchains//:%s_toolchain" % (name, platform))