From 749614f8f67d1603f6173b1402012b05e5624e4d Mon Sep 17 00:00:00 2001 From: emanzx Date: Thu, 7 May 2026 16:37:18 +0000 Subject: [PATCH] fix(docker): add libz.so.1 to runtime image MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Chainguard glibc-dynamic runtime introduced in 8b520a8 ships only glibc + libgcc + ca-certs + tzdata. nodedb's binary dynamically links libz.so.1 (transitively via crates that default to system zlib, e.g. flate2 with its default `zlib` feature), causing immediate startup failure on the v0.1.0 image: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory This patch copies libz from the Debian builder stage into /usr/lib of the runtime, where the dynamic linker finds it via the default search path. The source path glob covers both amd64 and arm64 multiarch layouts — only the building arch's directory exists per matrix job. Long-term cleanup options (any of which would let us drop this COPY): * Switch flate2 (and any other zlib-using deps) to `rust_backend`, making libz a build-time C lib statically linked into the binary. * Or vendor libz via the `libz-sys` `static` feature. * Or move runtime to `cgr.dev/chainguard/wolfi-base` + `apk add zlib`. Reproducer (with v0.1.0 image): docker run --rm farhansyah/nodedb:0.1.0 --- Dockerfile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Dockerfile b/Dockerfile index 698795816..bb9e65249 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,6 +45,23 @@ USER nonroot:nonroot COPY --from=builder --chown=nonroot:nonroot /build/target/release/nodedb /usr/local/bin/nodedb +# nodedb dynamically links libz.so.1 (transitively via crates that default to +# system zlib — e.g. flate2 with its default `zlib` feature). Chainguard's +# glibc-dynamic ships only glibc + libgcc + ca-certs + tzdata, so the runtime +# fails immediately with: "error while loading shared libraries: libz.so.1: +# cannot open shared object file: No such file or directory". +# +# Copy the Debian builder's libz into a default ld.so search path. The glob +# covers both amd64 and arm64 — per-arch builds only see their own multiarch +# directory, so exactly one match per build. +# +# Long-term cleanup options (any of these would let us drop this COPY): +# * Switch flate2 (and any other zlib-using deps) to the `rust_backend` +# feature so libz becomes a build-time C lib statically linked. +# * Or vendor libz via the `libz-sys` `static` feature. +# * Or move runtime to `cgr.dev/chainguard/wolfi-base` + `apk add zlib`. +COPY --from=builder /lib/*-linux-gnu/libz.so.1 /usr/lib/libz.so.1 + # Bind to all interfaces (required for Docker port mapping) # Point data dir at the declared volume ENV NODEDB_HOST=0.0.0.0 \