ci: build and install libpathrs

libpathrs will be opt-out in a future patch so we need to test with it in our CI. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2026-06-28 02:39:10 +00:00 · 2026-02-09 10:12:48 +11:00
parent 8689e50cbe
commit 7322b05f41
4 changed files with 47 additions and 8 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -13,7 +13,8 @@ task:
    CIRRUS_WORKING_DIR: /home/runc
    GO_VER_PREFIX: "1.25."
    BATS_VERSION: "v1.12.0"
-    RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux policycoreutils
+    LIBPATHRS_VERSION: "0.2.4"
+    RPMS: gcc git-core iptables jq glibc-static libseccomp-devel make criu fuse-sshfs container-selinux policycoreutils cargo lld wget
    # yamllint disable rule:key-duplicates
    matrix:
      - DISTRO: almalinux-8
@@ -63,6 +64,9 @@ task:
      dnf -y install criu
    esac

+    # Install libpathrs.
+    /home/runc/script/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr
+
    # Install Go.
    URL_PREFIX="https://go.dev/dl/"
    # Find out the latest minor release URL.
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -15,6 +15,7 @@ permissions:
  contents: read

 env:
+  LIBPATHRS_VERSION: "0.2.4"
  # Don't ignore C warnings. Note that the output of "go env CGO_CFLAGS" by default is "-g -O2", so we keep them.
  CGO_CFLAGS: -g -O2 -Werror

@@ -75,7 +76,11 @@ jobs:
    - name: install deps
      run: |
        sudo apt update
-        sudo apt -y install libseccomp-dev sshfs uidmap
+        sudo apt -y install libseccomp-dev sshfs uidmap lld
+
+    - name: install libpathrs ${{ env.LIBPATHRS_VERSION }}
+      run: |
+        sudo -E PATH="$PATH" ./script/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr

    - name: install CRIU
      if: ${{ matrix.criu == '' }}
@@ -170,7 +175,23 @@ jobs:
        sudo add-apt-repository -y ppa:criu/ppa || sudo add-apt-repository -y ppa:criu/ppa
        # apt-add-repository runs apt update so we don't have to.

-        sudo apt -qy install libseccomp-dev libseccomp-dev:i386 gcc-multilib libgcc-s1:i386 criu
+        GCC_VERSION="$(gcc -dumpversion)"
+        sudo apt -qy install \
+          lld criu \
+          libseccomp-dev libseccomp-dev:i386 \
+          libc-dev:i386 libgcc-s1:i386 libgcc-${GCC_VERSION}-dev:i386 gcc-i686-linux-gnu
+
+        # When cross-compiling, GCC 13 and earlier will look for a linker that
+        # is marked for cross-compilation, which the Ubuntu lld package doesn't
+        # provide. The solution is to create a symlink ourselves. GCC 14 fixed
+        # this, see <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111605>.
+        ln -sv "$(which ld.lld)" /usr/local/bin/i686-linux-gnu-ld.lld
+    - run: rustup target add i686-unknown-linux-gnu
+
+    - name: install libpathrs ${{ env.LIBPATHRS_VERSION }}
+      run: |
+        sudo -E PATH="$PATH" ./script/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr 386
+        sudo ldconfig /usr/386/lib

    - name: install go
      uses: actions/setup-go@v6
@@ -179,6 +200,9 @@ jobs:
        check-latest: true

    - name: unit test
+      env:
+        CC: i686-linux-gnu-gcc
+        PKG_CONFIG_PATH: /usr/386/lib/pkgconfig
      run: sudo -E PATH="$PATH" -- make GOARCH=386 localunittest

  fedora:
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -8,11 +8,14 @@ on:
      - release-*
  pull_request:
  workflow_dispatch:
-env:
-  GO_VERSION: 1.25
+
 permissions:
  contents: read

+env:
+  GO_VERSION: 1.25
+  LIBPATHRS_VERSION: "0.2.4"
+
 jobs:
  keyring:
    runs-on: ubuntu-24.04
@@ -85,7 +88,10 @@ jobs:
      - name: install deps
        run: |
          sudo apt update
-          sudo apt -y install libseccomp-dev
+          sudo apt -y install libseccomp-dev lld
+      - name: install libpathrs ${{ env.LIBPATHRS_VERSION }}
+        run: |
+          sudo -E PATH="$PATH" ./script/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr
      - name: compile with no build tags
        run: make BUILDTAGS=""
      - name: compile with runc_nocriu build tag
--- a/script/setup_host_fedora.sh
+++ b/script/setup_host_fedora.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -eux -o pipefail
 DNF=(dnf -y --setopt=install_weak_deps=False --setopt=tsflags=nodocs --exclude="kernel,kernel-core")
-RPMS=(bats git-core glibc-static golang jq libseccomp-devel make)
+RPMS=(bats git-core glibc-static golang jq libseccomp-devel cargo lld make wget)
 # Work around dnf mirror failures by retrying a few times.
 for i in $(seq 0 2); do
 	sleep "$i"
@@ -16,11 +16,16 @@ fi

 dnf clean all

+SCRIPTDIR="$(dirname "${BASH_SOURCE[0]}")"
+
+LIBPATHRS_VERSION="0.2.4"
+"$SCRIPTDIR"/build-libpathrs.sh "$LIBPATHRS_VERSION" /usr
+
 # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp.
 mount -o remount,suid /tmp

 # Setup rootless user.
-"$(dirname "${BASH_SOURCE[0]}")"/setup_rootless.sh
+"$SCRIPTDIR"/setup_rootless.sh

 # Delegate cgroup v2 controllers to rootless user via --systemd-cgroup
 mkdir -p /etc/systemd/system/user@.service.d