Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: SYSROOT generated by rules_distroless for hermetic CC complation #124

Open
thesayyn opened this issue Dec 4, 2024 · 2 comments
Open

FR: SYSROOT generated by rules_distroless for hermetic CC complation #124

thesayyn opened this issue Dec 4, 2024 · 2 comments

Comments

@thesayyn
Copy link
Collaborator

thesayyn commented Dec 4, 2024

While working on a GLIBC related problem, i realized that rules_distroless could have made hermetic cc compilation so much easier by generating a sysroot out of the debian packages that are being fetched.

This is great for one single reason, what's actually going into the container is also what you are linking against!

I can imagine a bzlmod only API, as such

# Generate a sysroot using the apt extensions
apt = use_extension("@rules_distroless//apt:extensions.bzl", "apt")

apt.install("libc6-dev")

apt.sysroot(
    name = "sysroot_amd64"
    arch = "amd64"
)
 
apt.sysroot(
    name = "sysroot_arm64"
    arch = "arm64"
)
 
use_repo(apt, "sysroot_amd64", "sysroot_arm64")
 
# Use with toolchains_llvm
llvm = use_extension("@toolchains_llvm//toolchain/extensions:llvm.bzl", "llvm")
llvm.sysroot(
    name = "llvm_toolchain_with_sysroot",
    targets = ["linux-x86_64"],
    label = "@sysroot_amd64//:sysroot",
)
llvm.sysroot(
    name = "llvm_toolchain_with_sysroot",
    targets = ["linux-arm64"],
    label = "@sysroot_arm64//:sysroot",
)
@JonathanPerry651
Copy link
Contributor

This is a very cool idea

@jjmaestro
Copy link
Contributor

This is awesome!! I was wondering about something like this as well! TIL about bazel-contrib/toolchains_llvm's sysroot!

Having something like this API would be amazing, I had to hack something together for a project I'm working on. Basically a custom Docker image from where I then create toolchains using bazelbuild/bazel-toolchains and I was going to eventually try something like this but much less nice, just create the image with rules_distroless + rules_oci and still have to call rbe_configs_gen.

This is neat and I'd love to have it! Hopefully other Cxx toolchains and other rules support something like this sysroot... and maybe Bazel itself would support it natively, it would be great to be able to create a sysroot(s) for the full linux hermetic dashboard. Currently it's very hard to setup, requires manual fiddling, etc. Being able to produce a sysroot and tell Bazel to use it for sandboxing would be 🔥

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jjmaestro @thesayyn @JonathanPerry651