orpiske edited a comment on pull request #2141: URL: https://github.com/apache/camel-k/pull/2141#issuecomment-801761665
@astefanutti and I talked today about this PR and it seems we have sufficient information to believe the change is safe. I am writing a summary of these, so we can understand the reasoning if the PR turns out to be broken. 1. It seems that the only dynamic symbols required by the binary are either glibc or golang-specific: ``` DYNAMIC SYMBOL TABLE: 000000000061fda0 g DF .text 0000000000000050 Base _cgo_panic 0000000000472280 g DF .text 0000000000000019 Base _cgo_topofstack 000000000061fe00 g DF .text 000000000000005a Base crosscall2 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 __errno_location 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getnameinfo 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getaddrinfo 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 freeaddrinfo 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 gai_strerror 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 malloc 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 free 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getgrgid_r 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getgrnam_r 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getpwnam_r 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getpwuid_r 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 realloc 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 sysconf 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getgrouplist 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 stderr 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 fwrite 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 vfprintf 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 fputc 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 abort 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 pthread_mutex_lock 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.3.2 pthread_cond_wait 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 pthread_mutex_unlock 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.3.2 pthread_cond_broadcast 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 pthread_create 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 nanosleep 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 pthread_detach 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 strerror 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 fprintf 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 pthread_attr_init 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 pthread_attr_getstacksize 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 pthread_attr_destroy 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 sigfillset 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.32 pthread_sigmask 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 mmap 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 munmap 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 setenv 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 unsetenv 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 sigemptyset 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 sigaddset 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 sigaction 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 sigismember ``` 2. Cross-compiling the Linux binary on a mac results on a statically linked executable similar to the one generated by this patch. 3. There are two packages that rely on cgo and for both there are pure go implementations that are used as fallback when cgo is disabled or not available: 3.1 The first one is [os/user](https://golang.org/pkg/os/user/) for which the documentation says: _" ... For most Unix systems, this package has two internal implementations of resolving user and group ids to names. One is written in pure Go and parses /etc/passwd and /etc/group. The other is cgo-based and relies on the standard C library (libc) routines such as getpwuid_r and getgrnam_r ... When cgo is available, cgo-based (libc-backed) code is used by default. This can be overridden by using osusergo build tag, which enforces the pure Go implementation ... "_ 3.2 The second is the resolver on the [net](https://golang.org/pkg/net/) package. In this package the documentation states: _"... On Unix systems, the resolver has two options for resolving names. It can use a pure Go resolver that sends DNS requests directly to the servers listed in /etc/resolv.conf, or it can use a cgo-based resolver that calls C library routines such as getaddrinfo and getnameinfo ... By default the pure Go resolver is used, because a blocked DNS request consumes only a goroutine, while a blocked C call consumes an operating system thread. When cgo is available, the cgo-based resolver is used instead under a variety of conditions: on systems that do not let programs make direct DNS requests (OS X), when the LOCALDOMAIN environment variable is present (even if empty), when the RES_OPTIONS or HOSTALIASES environment variable is non-empty, when the ASR_CONFIG environment variable is non-empty (OpenBSD only), when /etc/resolv.conf or /etc/nsswitch.conf specify the use of features that the Go resolver does not implement, and when the name being looked up ends in .local or is an mDNS name ..."_ The binary does seem to be using the cgo implementation: ``` 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getnameinfo 0000000000000000 DO *UND* 0000000000000000 GLIBC_2.2.5 getaddrinfo ``` 4. The patch is trivial do revert if there is any problem. So, given these findings, we agreed it would be reasonably safe to do this change. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
