Skip to content

Instantly share code, notes, and snippets.

@grooverdan

grooverdan/all.Dockerfile

Created April 22, 2025 00:36
Show Gist options
  • Save grooverdan/2227ddd7e0366fb625c542fd30fdc727 to your computer and use it in GitHub Desktop.
Save grooverdan/2227ddd7e0366fb625c542fd30fdc727 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
all.Dockerfile
ARG BASE_IMAGE
FROM "$BASE_IMAGE"
ARG MARIADB_BRANCH=11.1
LABEL maintainer="MariaDB Buildbot maintainers"
ENV CARGO_NET_GIT_FETCH_WITH_CLI=true
# This will make apt-get install without question
ARG DEBIAN_FRONTEND=noninteractive
# Enable apt sources
RUN . /etc/os-release \
&& if [ -f "/etc/apt/sources.list.d/$ID.sources" ]; then \
sed -i 's/Types: deb/Types: deb deb-src/g' "/etc/apt/sources.list.d/$ID.sources"; \
elif [ -f /etc/apt/sources.list ]; then \
sed 's/^deb /deb-src /g' /etc/apt/sources.list >"/etc/apt/sources.list.d/$ID-sources.list"; \
else \
echo "ERROR: can't find apt repo configuration file"; \
exit 1; \
fi
# Install updates and required packages
# see: https://cryptography.io/en/latest/installation/
RUN . /etc/os-release \
&& apt-get update \
&& apt-get -y upgrade \
&& apt-get -y install --no-install-recommends \
ca-certificates \
curl \
devscripts \
equivs \
lsb-release \
&& if [ "${VERSION_ID}" = "20.04" ]; then apt-get -y install --no-install-recommends g++-10; fi \
&& if [ "$(arch)" = "x86_64" ]; then ARCH="amd64"; else ARCH=$(arch); echo /* galera-4 */; fi \
&& if curl --head --silent "https://ci.mariadb.org/galera/mariadb-4.x-latest-gal-${ARCH}-${ID}-$(echo "$VERSION_ID" | sed 's/\.//').sources" | head -n1 | grep -q 200; then \
curl -s "https://ci.mariadb.org/galera/mariadb-4.x-latest-gal-${ARCH}-${ID}-$(echo "$VERSION_ID" | sed 's/\.//').sources" >/etc/apt/sources.list.d/galera-4.sources; fi \
&& apt-get update \
&& curl -skO "https://raw.githubusercontent.com/MariaDB/server/$MARIADB_BRANCH/debian/control" \
&& mkdir debian \
&& mv control debian/control \
&& touch debian/rules VERSION debian/not-installed \
&& curl -skO "https://raw.githubusercontent.com/MariaDB/server/$MARIADB_BRANCH/debian/autobake-deb.sh" \
&& chmod a+x autobake-deb.sh \
&& AUTOBAKE_PREP_CONTROL_RULES_ONLY=1 ./autobake-deb.sh \
&& mk-build-deps -r -i debian/control \
-t 'apt-get -y -o Debug::pkgProblemResolver=yes --no-install-recommends' \
&& apt-get -y build-dep -q mariadb-server \
&& apt-get -y install --no-install-recommends \
apt-utils \
build-essential \
buildbot-worker \
bzip2 \
ccache \
check \
default-jdk\
dumb-init \
gawk \
gdb \
git \
gnutls-dev \
iproute2 \
iputils-ping \
libasio-dev \
libboost-dev \
libboost-filesystem-dev \
libboost-program-options-dev \
libbz2-dev \
libdbi-perl \
libeigen3-dev \
libffi-dev \
libio-socket-ssl-perl \
libmecab-dev \
libnet-ssleay-perl \
libssl-dev \
lsof \
python3-dev \
python3-setuptools \
rsync \
socat \
sudo \
wget \
&& if [ "$(getconf LONG_BIT)" = 64 ]; then apt-get -y install --no-install-recommends galera-4; fi \
&& if [ "${VERSION_ID}" != 20.04 ] && [ "${VERSION_ID}" != 11 ]; then \
# Bootstrap MDEV-32686 so only temporary until https://github.com/MariaDB/server/pull/3692 merged up \
DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends dh-package-notes; \
fi \
&& if [ "${VERSION_ID}" != 18.04 ]; then \
apt-get -y install --no-install-recommends flex; \
fi \
&& if [ "${VERSION_ID}" = 22.04 ]; then \
apt-get -y install --no-install-recommends clang-14 libpcre3-dev llvm; \
elif [ "${VERSION_ID}" = 24.04 ]; then \
# https://packages.ubuntu.com/noble/libclang-rt-18-dev, provider of asan, needs 32bit deps for amd64 \
if [ "$(arch)" = "x86_64" ]; then dpkg --add-architecture i386 && apt-get update; fi \
&& apt-get -y install --no-install-recommends clang llvm-dev libclang-rt-18-dev; \
fi \
&& apt-get clean
ENV WSREP_PROVIDER=/usr/lib/galera/libgalera_smm.so
# Prevent debian sid runtime error
ENV CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
## This is a fragment file, do not execute it directly!
# msan.fragment.Dockerfile
# this is to create images with MSAN for BB workers
ARG CLANG_VERSION=20
# earliest tested version known to work - 19
# This CLANG_DEV_VERSION is a marker to make it possible to build a msan builder
# from the nightly clang versions as they are in a differently name repositories.
# This maps to the https://apt.llvm.org/ under "development" branch version.
ENV CLANG_DEV_VERSION=21
WORKDIR /msan-build
ENV CC=clang
ENV CXX=clang++
ENV MSAN_LIBDIR=/msan-libs
ENV MSAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer-${CLANG_VERSION}
ENV CFLAGS="-fno-omit-frame-pointer -O2 -g"
ENV CXXFLAGS="$CFLAGS"
# hadolint ignore=SC2046,DL3003
RUN . /etc/os-release \
&& export LLVM_ENABLE_RUNTIMES="libcxx;libcxxabi;libunwind" \
&& mkdir "$MSAN_LIBDIR" \
&& curl -sL https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --dearmor -o /usr/share/keyrings/llvm-snapshot.gpg \
&& if [ "$VERSION_CODENAME" = trixie ]; then VERSION_CODENAME=unstable; LLVM_DEB=""; else LLVM_DEB="-$VERSION_CODENAME"; fi \
&& if [ "${CLANG_VERSION}" -ge "${CLANG_DEV_VERSION}" ]; then \
LLVM_PKG="llvm-toolchain-snapshot" ; \
else \
LLVM_PKG="llvm-toolchain-${CLANG_VERSION}" ; \
LLVM_DEB="${LLVM_DEB}-${CLANG_VERSION}"; fi \
&& LLVM_DIR="${LLVM_PKG}-${CLANG_VERSION}" \
&& for v in deb deb-src; do \
echo "$v [signed-by=/usr/share/keyrings/llvm-snapshot.gpg] https://apt.llvm.org/${VERSION_CODENAME}/ llvm-toolchain${LLVM_DEB} main" >> /etc/apt/sources.list.d/llvm-toolchain.list; done \
&& apt-get update \
&& apt-get -y install --no-install-recommends \
clang-${CLANG_VERSION} \
libclang-rt-${CLANG_VERSION}-dev \
libc++abi-${CLANG_VERSION}-dev \
libc++-${CLANG_VERSION}-dev \
llvm-${CLANG_VERSION} \
automake \
&& apt-get -y install --no-install-recommends libclang-${CLANG_VERSION}-dev libllvmlibc-${CLANG_VERSION}-dev \
&& update-alternatives \
--verbose \
--install /usr/bin/clang clang /usr/bin/clang-"${CLANG_VERSION}" 20 \
--slave /usr/bin/clang++ clang++ /usr/bin/clang++-"${CLANG_VERSION}" \
&& apt-get source "${LLVM_PKG}" \
&& mkdir -p ll-build \
&& cd ll-build \
&& cmake -S ../"$LLVM_DIR"*/runtimes \
-DCMAKE_BUILD_TYPE=Release \
-DLLVM_ENABLE_RUNTIMES="${LLVM_ENABLE_RUNTIMES}" \
-DLLVM_INCLUDE_TESTS=OFF -DLLVM_INCLUDE_DOCS=OFF -DLLVM_ENABLE_SPHINX=OFF \
-DLLVM_USE_SANITIZER=MemoryWithOrigins \
&& cmake --build . --target cxx --target cxxabi --parallel "$(nproc)" \
&& cp -aL lib/lib*.so* "$MSAN_LIBDIR" \
&& cp -a include/c++/v1 "$MSAN_LIBDIR/include" \
&& cd .. \
&& rm -rf -- *
RUN for f in "$MSAN_LIBDIR"/libunwind*; do mv "$f" "$f"-disable; done
# libunwrap move/disable because of https://github.com/llvm/llvm-project/issues/128621
COPY msan.instrumentedlibs.sh /msan-build
RUN ./msan.instrumentedlibs.sh
WORKDIR /
# For convenience of human users of msan image
ENV MSAN_OPTIONS=abort_on_error=1:poison_in_dtor=0
# Clear from base image
ENV CFLAGS= CXXFLAGS=
ENV CMAKE_GENERATOR=Ninja
# rr installation and its libcapnp version + ninja
RUN . /etc/os-release \
&& if [ "${VERSION_CODENAME}" = "trixie" ]; then \
apt-get install --no-install-recommends -y libcapnp-1.1.0 ninja-build; \
elif [ "${VERSION_CODENAME}" = "bullseye" ]; then \
apt-get install --no-install-recommends -y libcapnp-0.7.0 ninja-build; \
else \
apt-get install --no-install-recommends -y libcapnp-0.9.2 ninja-build; \
fi \
&& apt-get clean
# ASAN/UBSAN
RUN echo "cat /etc/motd" > ~buildbot/.bashrc ; \
printf "\
This is a container for ASAN, UBSAN and MSAN building\n\
\n\
A basic MSAN build can be achieved with\n\
\n\
cmake -DWITH_EMBEDDED_SERVER=OFF \\ \n\
-DWITH_INNODB_{BZIP2,LZ4,LZMA,LZO,SNAPPY}=OFF \\ \n\
-DPLUGIN_{MROONGA,ROCKSDB,OQGRAPH,SPIDER}=NO \\ \n\
-DWITH_ZLIB=bundled \\ \n\
-DHAVE_LIBAIO_H=0 \\ \n\
-DCMAKE_DISABLE_FIND_PACKAGE_{URING,LIBAIO}=1 \\ \n\
-DWITH_NUMA=NO \\ \n\
-DWITH_SYSTEMD=no \\ \n\
-DWITH_MSAN=ON \\ \n\
-DHAVE_CXX_NEW=1 \\ \n\
-DCMAKE_{EXE,MODULE}_LINKER_FLAGS=\"-L\${MSAN_LIBDIR} -Wl,-rpath=\${MSAN_LIBDIR}\" \\ \n\
-DWITH_DBUG_TRACE=OFF \\ \n\
/source\n\
\n\
A basic combined UBSAN/ASAN build can be achieved with\n\
\n\
cmake -DWITH_ASAN=ON -DWITH_ASAN_SCOPED=ON -DWITH_UBSAN=ON -DPLUGIN_PERFSCHEMA=NO /source\n\
\n\
Build with:\n\
\n\
cmake --build .\n\
\n\
Test with:\n\
\n\
mysql-test/mtr --parallel=auto\n\
\n\
There are UBSAN filters covering currently unfixed bugs within\n\
the server that can be used to direct your development, or validate if a\n\
observed failure is known. Perform the following to download/inspect them.\n\
\n\
curl https://raw.githubusercontent.com/mariadb-corporation/mariadb-qa/refs/heads/master/UBSAN.filter -o /build/UBSAN.filter\n\
\n\
After this, add suppressions to UBSAN_OPTIONS with\n\
\n\
export UBSAN_OPTIONS=\$UBSAN_OPTIONS:suppressions=/build/UBSAN.filter\n\
\n\
ref sanitizer flags documents:\n\
* https://github.com/google/sanitizers/wiki/AddressSanitizerFlags\n\
* https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html\n\n" > /etc/motd
ENV ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:allocator_may_return_null=1
ENV UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1
ENV MTR_PARALLEL=auto
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment