Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

glibc: Enable OpenSSF hardening, but w/o strict binding #41105

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

glibc: Enable OpenSSF hardening, but w/o strict binding #41105

wants to merge 2 commits into from

Conversation

dannf
Copy link
Member

@dannf dannf commented Feb 1, 2025
edited
Loading

Just for testing at the moment.

@octo-sts Octo STS
Copy link
Contributor

octo-sts bot commented Feb 1, 2025

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

• Detected Error:

terminate called after throwing an instance of 'PAL_SEHException'
/home/build/installer/eng/common/tools.sh: line 474: 290 Aborted (core dumped)

• Error Category: Build Configuration

• Failure Point:
During .NET SDK bootstrapping process when running ./build.sh

• Root Cause Analysis:
The PAL_SEHException typically occurs in .NET Core's Platform Abstraction Layer (PAL) when there are issues with system compatibility or memory handling. This is often related to core dumps on Linux systems when building .NET from source.

• Suggested Fix:

  1. Add memory ulimits to the build environment:
environment:
  contents:
    packages:
      # existing packages...
    options:
      ulimit:
        memlock: -1
        stack: 65532000
  1. Add additional system libraries:
environment:
  contents:
    packages:
      # Add these to existing packages
      - libstdc++-dev
      - gcc-libs
      - procps
  1. Add environment variables:
pipeline:
  - uses: git-checkout
    # existing checkout config...
  
  - working-directory: /home/build/installer
    environment:
      COMPlus_EnableDiagnostics: 0
      DOTNET_CLI_TELEMETRY_OPTOUT: 1
      DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
    runs: |
      ./build.sh /p:ArcadeBuildTarball=true /p:TarballDir=/home/build/src

• Explanation:
The PAL_SEHException often occurs due to memory constraints or system compatibility issues. The fix addresses this by:

  • Setting appropriate ulimits for memory operations
  • Adding necessary system libraries for .NET core building
  • Disabling diagnostics and telemetry that might interfere with the build
  • Ensuring proper runtime environment variables are set

• Additional Notes:

  • This is a known issue when building .NET Core from source on Linux systems
  • The error typically appears during the bootstrap phase of the build
  • Memory requirements for .NET builds can be substantial

• References:

@octo-sts octo-sts bot added ai/skip-comment Stop AI from commenting on PR bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. labels Feb 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ai/skip-comment Stop AI from commenting on PR bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dannf