Pin glibc to version 2.17 to support legacy systems#4
Pin glibc to version 2.17 to support legacy systems#4araustin01 wants to merge 5 commits intomainfrom
Conversation
|
Scrapligo PR needs to be merged next: kentik/scrapligo#4 |
|
Tested overnight on Proofpoint's CentOS 7 device that originally triggered this device, https://portal.kentik.com/v4/spoof/125921/610764?redirectUrl=%2Fv4%2Finfrastructure%2Fdevices&view=monitor&q=0579ea05c897b5089da98a0f9f2f0642 |
There was a problem hiding this comment.
Pull request overview
This PR aims to restore compatibility of the released Linux GNU FFI shared objects with legacy distributions (notably CentOS 7) by constraining the minimum glibc symbol version used at link time.
Changes:
- Add a
min_glibc_versionconstant and apply it to thelinux-gnuentries inffi_targets. - Tighten
build/update_version.shsedpatterns to avoid unintended replacements in otherSemanticVersionliterals. - Exclude
build.zigfrom the Zig linter’s path set.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| build/update_version.sh | Makes version-bump sed replacements more specific/anchored to avoid collateral edits in build.zig. |
| build.zig | Introduces a pinned glibc target version for linux-gnu multi-target FFI builds and updates zlinter exclusions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
|
Replaced by https://github.com/kentik/ksqueegee/pull/72 |
Description
A recent automatic UA (Universal Agent) upgrade (~Apr 27, 2026) pushed a new version of the squeegee capability that bundled a
libscraplibinary as part of the scrapliv2 migration. This binary was built againstdebian:bookworm-slim, which requires glibc >= 2.25. Customers running CentOS 7 (glibc 2.17 max) had their Command Access / config sync capability broken for several days.Affected customer: Proofpoint — 7 agents impacted, config sync down for ~2 days.
Relevant Issue
Solution
Zig seems to natively support targeting specific glibc versions. Adding
glibc_versionto the gnu targets inffi_targets(build.zig) ensures the produced.soonly uses glibc symbols from 2.17. This is a ~2-line change and the.sobecomes universally compatible with CentOS 7+.Pinning to version 2.17 should strike a balance in support, considering its widespread adoption across numerous legacy Linux systems.