Statically compiling ctr fails on Go 1.15 and up (segfault or not statically linked) #5824
Description
It seems no longer possible to produce a static binary for ctr.
Relates to:
- cmd/go: can't build a static binary since Go 1.15 golang/go#40711 cmd/go: can't build a static binary since Go 1.15
- BUILDING.md: fix description about static builds #4470 BUILDING.md: fix description about static builds
Using the following Dockerfile:
ARG GO_VERSION=1.16.6
FROM golang:${GO_VERSION}-buster AS build
ENV GO111MODULE=off
RUN apt-get update && apt-get install -y --no-install-recommends libbtrfs-dev
RUN git clone https://github.com/containerd/containerd.git "/go/src/github.com/containerd/containerd"
WORKDIR /go/src/github.com/containerd/containerd
RUN git checkout -q "v1.5.5"
RUN make EXTRA_FLAGS="-buildmode pie" \
EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"' \
BUILDTAGS="netgo osusergo static_build" \
bin/ctr
RUN bin/ctr --version
RUN ldd bin/ctr || echo "statically linked?"
FROM alpine:3.13
COPY --from=build /go/src/github.com/containerd/containerd/bin/. /usr/local/bin/
RUN ldd /usr/local/bin/ctr || echo "statically linked?"
RUN /usr/local/bin/ctr --versionBuilding with Go 1.14.15 succeeds, and produces a static binary:
docker build -t foo --build-arg GO_VERSION=1.14.15 .
...
Step 9/14 : RUN bin/ctr --version
---> Running in 23134fe72c41
ctr github.com/containerd/containerd v1.5.5
Removing intermediate container 23134fe72c41
---> de6f6931da51
Step 10/14 : RUN ldd bin/ctr || echo "statically linked"
---> Running in b9c480ab893c
not a dynamic executable
statically linked?
Removing intermediate container b9c480ab893c
---> 2fc3c219f7b1
Step 11/14 : FROM alpine:3.13
---> 6dbb9cc54074
Step 12/14 : COPY --from=build /go/src/github.com/containerd/containerd/bin/. /usr/local/bin/
---> d6b7982e3e7f
Step 13/14 : RUN ldd /usr/local/bin/ctr || echo "statically linked"
---> Running in 9a24797aae98
/lib/ld-musl-x86_64.so.1: /usr/local/bin/ctr: Not a valid dynamic program
statically linked?
Removing intermediate container 9a24797aae98
---> 63b53120e884
Step 14/14 : RUN /usr/local/bin/ctr --version
---> Running in d5b658b4a53d
ctr github.com/containerd/containerd v1.5.5
Removing intermediate container d5b658b4a53d
---> 3153084ff76c
Successfully built 3153084ff76c
Successfully tagged foo:latestBuilding with Go 1.15 or Go 1.16 fails; the ctr binary segfaults:
docker build -t foo --build-arg GO_VERSION=1.16.6 .
Step 8/14 : RUN make EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"' BUILDTAGS="netgo osusergo static_build" bin/ctr
---> Running in cc5830fe6e3d
+ bin/ctr
# github.com/containerd/containerd/cmd/ctr
loadinternal: cannot find runtime/cgo
Removing intermediate container cc5830fe6e3d
---> 0b9462d31283
Step 9/14 : RUN bin/ctr --version
---> Running in 70a3c28fb31f
Trace/breakpoint trap (core dumped)
The command '/bin/sh -c bin/ctr --version' returned a non-zero code: 133
The binary produced is defunct, and outputs Trace/breakpoint trap, similar to what's reported long time ago in golang/go#14795 (related: moby/moby#22580)
Removing -buildmode pie results in the same:
Step 8/14 : RUN make EXTRA_FLAGS=" " EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"' BUILDTAGS="netgo osusergo static_build" bin/ctr
---> Running in 310fe840f6c9
+ bin/ctr
# github.com/containerd/containerd/cmd/ctr
loadinternal: cannot find runtime/cgo
Removing intermediate container 310fe840f6c9
---> 39c65f6d5847
Step 9/14 : RUN bin/ctr --version
---> Running in 54ca078b2ebb
Trace/breakpoint trap (core dumped)
The command '/bin/sh -c bin/ctr --version' returned a non-zero code: 133
Removing -linkmode external makes the build stage work, but does not produce a statically linked binary ldd is incorrect here; it reports the binary to be static, but it's not; copying the binary to an alpine image shows that it's not a statically linked binary. Removing both --buildmode=pie and -linkmode external results in the same (not statically linked).
Step 8/14 : RUN make EXTRA_FLAGS="-buildmode pie" EXTRA_LDFLAGS='-extldflags "-fno-PIC -static"' BUILDTAGS="netgo osusergo static_build" bin/ctr
---> Running in c41e2e6b1e83
+ bin/ctr
Removing intermediate container c41e2e6b1e83
---> 3997edbfcab9
Step 9/14 : RUN bin/ctr --version
---> Running in 557e71c84967
ctr github.com/containerd/containerd v1.5.5
Removing intermediate container 557e71c84967
---> cb17a8b95aa0
Step 10/14 : RUN ldd bin/ctr || echo "statically linked?"
---> Running in cbc61dcada62
statically linked?
Removing intermediate container cbc61dcada62
---> fbefa0076f01
Step 11/14 : FROM alpine:3.13
---> 6dbb9cc54074
Step 12/14 : COPY --from=build /go/src/github.com/containerd/containerd/bin/. /usr/local/bin/
---> c5d6edff351c
Step 13/14 : RUN ldd /usr/local/bin/ctr || echo "statically linked?"
---> Running in 8c7b1be6c6b9
/lib64/ld-linux-x86-64.so.2 (0x7efce75d9000)
Removing intermediate container 8c7b1be6c6b9
---> f13564163f06
Step 14/14 : RUN /usr/local/bin/ctr --version
---> Running in 52d9aa126d58
/bin/sh: /usr/local/bin/ctr: not found
The command '/bin/sh -c /usr/local/bin/ctr --version' returned a non-zero code: 127