why not copy sdk-gnu to scratch

Question

why not copy sdk-gnu to scratch

xuchunmei000 opened this issue 4 years ago · 2 comments

Image I'm using:
latest

Issue or Feature Request:
In bottlerocket-sdk Dockerfile, sdk-gnu build glibc2.32 and the base sdk has glibc of version glibc2.31, why not copy that to the final sdk image？

Answer 1 · 2020-12-09T16:18:50.000Z

The first build of glibc happens during the buildroot phase, since we need the C library in order to bootstrap the C++ compiler. It's not copied along because it's built with the bootstrap compiler, and isn't really meant for subsequent use.

The second build of glibc happens in sdk-gnu. This one and the libc build from sdk-musl are needed to build Rust. We don't copy it to the final image because we prefer to model as many packages as possible in the OS project; they're easier to patch that way, so for example we wouldn't need to make an SDK change to fix a security issue in glibc for older releases.

Ideally the Rust libstd would also be built in the OS project. The fact that it's not is a concession to practicality since the build time is quite long.

Answer 2 · 2020-12-10T00:35:55.000Z

ok, got it.