dockerfiles: Update the systemd libs used to build docker image (#3177)

The libraries created in the docker image can not read the journal db in newer versions of systemd. This specifically impacts users that run systemd `246` or above on their host server: > * systemd-journald gained support for zstd compression of large fields in > journal files. The hash tables in journal files have been hardened against > hash collisions. This is an incompatible change and means that journal files > created with new systemd versions are not readable with old versions. If the > $SYSTEMD_JOURNAL_KEYED_HASH boolean environment variable for > systemd-journald.service is set to 0 this new hardening functionality may be > turned off, so that generated journal files remain compatible with older > journalctl implementations. (Taken from https://github.com/systemd/systemd/blob/v246/NEWS) This commit uses the backported version of the systemd libs, which are `247` for Debian buster. Fixing it for most distributions. It might be worth considering having a separate build stage for systemd, that would give better flexibility of the version shipped in the image. Signed-off-by: Yasser Saleemi <[email protected]>
fluent · Oct 25, 2021 · 3f99107 · 3f99107
1 parent 29096c9
commit 3f99107
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 13 deletions.
diff --git a/dockerfiles/Dockerfile.arm32v7 b/dockerfiles/Dockerfile.arm32v7
@@ -14,7 +14,8 @@ RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log /tmp/fluent-bit-mas
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update && \
+RUN echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list && \
+    apt-get update && \
     apt-get install -y --no-install-recommends \
     build-essential \
     curl \
@@ -25,7 +26,7 @@ RUN apt-get update && \
     libssl-dev \
     libsasl2-dev \
     pkg-config \
-    libsystemd-dev \
+    libsystemd-dev/buster-backports \
     zlib1g-dev \
     libpq-dev \
     postgresql-server-dev-all \
@@ -70,13 +71,14 @@ FROM arm32v7/debian:buster-slim
 
 COPY --from=builder /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static
 
-RUN apt-get update && \
+RUN echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list && \
+    apt-get update && \
     apt-get install -y --no-install-recommends \
       libssl1.1 \
       libsasl2-2 \
       pkg-config \
       libpq5 \
-      libsystemd0 \
+      libsystemd0/buster-backports \
       zlib1g \
       ca-certificates
 

diff --git a/dockerfiles/Dockerfile.arm64v8 b/dockerfiles/Dockerfile.arm64v8
@@ -10,6 +10,7 @@ ENV FLB_VERSION 1.9.0
 ENV DEBIAN_FRONTEND noninteractive
 
 RUN dpkg --add-architecture arm64
+RUN echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list
 RUN apt update && apt install -y --no-remove --no-install-recommends \
     build-essential \
     g++-aarch64-linux-gnu \
@@ -23,7 +24,7 @@ RUN apt update && apt install -y --no-remove --no-install-recommends \
     dpkg-dev \
     libssl-dev:arm64 \
     libsasl2-dev:arm64 \
-    libsystemd-dev:arm64 \
+    libsystemd-dev:arm64/buster-backports \
     libzstd-dev:arm64 \
     zlib1g-dev:arm64 \
     libpq-dev:arm64

diff --git a/dockerfiles/Dockerfile.x86_64 b/dockerfiles/Dockerfile.x86_64
@@ -12,7 +12,8 @@ RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log /tmp/fluent-bit-mas
 
 ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update && \
+RUN echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list && \
+    apt-get update && \
     apt-get install -y --no-install-recommends \
     build-essential \
     curl \
@@ -23,7 +24,7 @@ RUN apt-get update && \
     libssl-dev \
     libsasl2-dev \
     pkg-config \
-    libsystemd-dev \
+    libsystemd-dev/buster-backports \
     zlib1g-dev \
     libpq-dev \
     postgresql-server-dev-all \
@@ -77,7 +78,7 @@ COPY --from=builder /usr/lib/x86_64-linux-gnu/libssl.so* /usr/lib/x86_64-linux-g
 COPY --from=builder /usr/lib/x86_64-linux-gnu/libcrypto.so* /usr/lib/x86_64-linux-gnu/
 
 # These below are all needed for systemd
-COPY --from=builder /lib/x86_64-linux-gnu/libsystemd* /lib/x86_64-linux-gnu/
+COPY --from=builder /usr/lib/x86_64-linux-gnu/libsystemd* /usr/lib/x86_64-linux-gnu/
 COPY --from=builder /lib/x86_64-linux-gnu/libselinux.so* /lib/x86_64-linux-gnu/
 COPY --from=builder /lib/x86_64-linux-gnu/liblzma.so* /lib/x86_64-linux-gnu/
 COPY --from=builder /usr/lib/x86_64-linux-gnu/liblz4.so* /usr/lib/x86_64-linux-gnu/

diff --git a/dockerfiles/Dockerfile.x86_64-master b/dockerfiles/Dockerfile.x86_64-master
@@ -4,7 +4,8 @@ ENV DEBIAN_FRONTEND noninteractive
 
 ADD . /source
 
-RUN apt-get update && \
+RUN echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list && \
+    apt-get update && \
     apt-get install -y --no-install-recommends \
     build-essential \
     curl \
@@ -15,7 +16,7 @@ RUN apt-get update && \
     libssl-dev \
     libsasl2-dev \
     pkg-config \
-    libsystemd-dev \
+    libsystemd-dev/buster-backports \
     zlib1g-dev \
     libpq-dev \
     postgresql-server-dev-all \
@@ -65,7 +66,7 @@ COPY --from=builder /usr/lib/x86_64-linux-gnu/libssl.so* /usr/lib/x86_64-linux-g
 COPY --from=builder /usr/lib/x86_64-linux-gnu/libcrypto.so* /usr/lib/x86_64-linux-gnu/
 
 # These below are all needed for systemd
-COPY --from=builder /lib/x86_64-linux-gnu/libsystemd* /lib/x86_64-linux-gnu/
+COPY --from=builder /usr/lib/x86_64-linux-gnu/libsystemd* /usr/lib/x86_64-linux-gnu/
 COPY --from=builder /lib/x86_64-linux-gnu/libselinux.so* /lib/x86_64-linux-gnu/
 COPY --from=builder /lib/x86_64-linux-gnu/liblzma.so* /lib/x86_64-linux-gnu/
 COPY --from=builder /usr/lib/x86_64-linux-gnu/liblz4.so* /usr/lib/x86_64-linux-gnu/

diff --git a/dockerfiles/Dockerfile.x86_64-master_debug b/dockerfiles/Dockerfile.x86_64-master_debug
@@ -4,6 +4,7 @@ ENV DEBIAN_FRONTEND noninteractive
 
 ADD . /source
 
+RUN echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
     build-essential \
@@ -15,7 +16,7 @@ RUN apt-get update && \
     libssl-dev \
     libsasl2-dev \
     pkg-config \
-    libsystemd-dev \
+    libsystemd-dev/buster-backports \
     zlib1g-dev \
     libpq-dev \
     postgresql-server-dev-all \
@@ -74,7 +75,7 @@ COPY --from=builder /lib/x86_64-linux-gnu/libz* /lib/x86_64-linux-gnu/
 COPY --from=builder /usr/lib/x86_64-linux-gnu/libssl.so* /usr/lib/x86_64-linux-gnu/
 COPY --from=builder /usr/lib/x86_64-linux-gnu/libcrypto.so* /usr/lib/x86_64-linux-gnu/
 # These below are all needed for systemd
-COPY --from=builder /lib/x86_64-linux-gnu/libsystemd* /lib/x86_64-linux-gnu/
+COPY --from=builder /usr/lib/x86_64-linux-gnu/libsystemd* /usr/lib/x86_64-linux-gnu/
 COPY --from=builder /lib/x86_64-linux-gnu/libselinux.so* /lib/x86_64-linux-gnu/
 COPY --from=builder /lib/x86_64-linux-gnu/liblzma.so* /lib/x86_64-linux-gnu/
 COPY --from=builder /usr/lib/x86_64-linux-gnu/liblz4.so* /usr/lib/x86_64-linux-gnu/