Skip to content

toolchain: sync vendored v0.10.1 #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
julian-goldstein merged 1 commit into from
Jun 23, 2026
Merged

toolchain: sync vendored v0.10.1 #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 6 additions & 6 deletions template/build/toolchain.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# sets it to the next semver tag it computes from the [bump:*] commit markers
# (default minor; see the README). A release is cut only when build/ or the
# vendor workflow changes.
TOOLCHAIN_VERSION=0.10.0
TOOLCHAIN_VERSION=0.10.1

# Where a consumer fetches assets from: the version-tagged release. The fetch
# appends `/v<TOOLCHAIN_VERSION>/<tool>-<arch>`.
Expand All @@ -29,7 +29,7 @@ CLANG_SHA256_aarch64=105fb2d324095127a127bcba56702a86229ed8892ce6429802d30585fa2
BPFTOOL_VERSION=7.7.0
BPFTOOL_SHA256_x86_64=74bd16335aa1c40714fb50287a42766c6faa4958f969cce32fef89485ce4934c
BPFTOOL_SHA256_aarch64=2b3fc4dd5e4e40bd8d670c5f1fa9693b3f879a122c0f6a3eb806dfc6735da6b7
LIBBPF_HEADERS_SHA256=d712858662168e4e04cdc35e4a962a6056c429ed57461b974ec59b819c60e3c3
LIBBPF_HEADERS_SHA256=f20bbda5a384eb358927f5cb8332d56f8391847674fbef3f9afbf5340f719559

# veristat — BPF verifier statistics tool, used to check that built `*.bpf.o`
# programs load and to track verifier complexity. Official static binary from
Expand All @@ -51,8 +51,8 @@ MAKE_SHA256_aarch64=d5d5a80c7d57795d9f13c57ecd5315b9602327370094830d7fa9e490fa21
# source, lean (NO_CURL/NO_OPENSSL): init/add/commit/local ops only, no https
# remotes (host git or yeet's resolver handle those). CI records checksums.
GIT_VERSION=2.54.0
GIT_SHA256_x86_64=0e9dff2f8fc0d44fa67971c01c46ddba710d07a2911278f7f066abec422f24b6
GIT_SHA256_aarch64=19c6dda22c811324649e6e4aa8c369a8d822463d61d794d0e23e72fb77b5376c
GIT_SHA256_x86_64=59f561315854bddf56b77bf0557b73231431e17b0750f613ef2e4e6c8050c5ec
GIT_SHA256_aarch64=ff2519a8d32b789c570a3f2e25ad7b4c7d79eeef963d23b3ddbcb679fa78e8a6

# esbuild — official static (Go) binary from the @esbuild/<platform> npm
# package, re-hosted on our "toolchain" release. CI records the binary
Expand Down Expand Up @@ -89,8 +89,8 @@ LVH_SHA256_x86_64=ca3b958ffc08a4b65e4c6c8d29a4dad077acd11f146bc84f75a30ecaa031e9
LVH_SHA256_aarch64=49b7cef6376c445c0ab23465ecc984a771e06b3b37c39b486a4fed7fb1ded476
# Per-arch checksum of the published qemu-<arch>.tar.gz (binary + minimal
# share/qemu blobs). CI records these; the matrix runner verifies the tarball.
QEMU_SHA256_x86_64=2e26722e965018c145bab180cee8feace50f91841bf51b350f14527c0d5da637
QEMU_SHA256_aarch64=6fe353ef43918c14088c7a3741bfac54e6c17084ea462454a5b2a525ba0aa330
QEMU_SHA256_x86_64=4869e83d3ba4be16521cba6801005cf031da00d8ddf3401e5f4a505817ad5393
QEMU_SHA256_aarch64=5daf84e2eace328e722a9804f25fd778197b5d3dcc0047402a778f3e0c99d9bc

# Alpine base used for the musl-static clang build.
ALPINE_TAG=alpine:3.21
14 changes: 13 additions & 1 deletion toolchain/build/Dockerfile.git
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,13 @@ RUN curl -fSL -o git.tar.xz \
&& rm git.tar.xz

WORKDIR /src/git-${GIT_VERSION}
# git's Makefile defaults `prefix` to $HOME, which is /root in this build, so
# without these the system config path bakes in as /root/etc/gitconfig — a
# path that doesn't exist (and isn't readable) wherever the binary actually
# runs, so every invocation aborts reading it. Pin the conventional
# /etc/gitconfig instead, which is absent-or-readable on a normal host.
RUN make -j"$(nproc)" \
prefix=/usr sysconfdir=/etc \
NO_CURL=1 NO_OPENSSL=1 NO_TCLTK=1 NO_GETTEXT=1 NO_PYTHON=1 \
NO_INSTALL_HARDLINKS=1 NO_PERL=1 \
NO_REGEX=1 \
Expand All @@ -39,7 +45,13 @@ RUN make -j"$(nproc)" \
&& cp git /git \
# Prove it can initialize a repo with no external helpers on PATH.
&& /git init -q /tmp/t && /git -C /tmp/t rev-parse --is-inside-work-tree >/dev/null \
&& echo "confirmed: git init works standalone"
&& echo "confirmed: git init works standalone" \
# Re-run as a non-root user: this is the case that caught the baked /root
# config path. If the system config still resolved under /root, a normal
# user couldn't read it and git would abort here.
&& adduser -D tester \
&& su tester -c '/git init -q /tmp/t2 && /git -C /tmp/t2 rev-parse --is-inside-work-tree >/dev/null' \
&& echo "confirmed: git init works as non-root"

FROM scratch AS export
COPY --from=build /git /git
12 changes: 6 additions & 6 deletions toolchain/build/versions.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# sets it to the next semver tag it computes from the [bump:*] commit markers
# (default minor; see the README). A release is cut only when build/ or the
# vendor workflow changes.
TOOLCHAIN_VERSION=0.10.0
TOOLCHAIN_VERSION=0.10.1

# Where a consumer fetches assets from: the version-tagged release. The fetch
# appends `/v<TOOLCHAIN_VERSION>/<tool>-<arch>`.
Expand All @@ -29,7 +29,7 @@ CLANG_SHA256_aarch64=105fb2d324095127a127bcba56702a86229ed8892ce6429802d30585fa2
BPFTOOL_VERSION=7.7.0
BPFTOOL_SHA256_x86_64=74bd16335aa1c40714fb50287a42766c6faa4958f969cce32fef89485ce4934c
BPFTOOL_SHA256_aarch64=2b3fc4dd5e4e40bd8d670c5f1fa9693b3f879a122c0f6a3eb806dfc6735da6b7
LIBBPF_HEADERS_SHA256=d712858662168e4e04cdc35e4a962a6056c429ed57461b974ec59b819c60e3c3
LIBBPF_HEADERS_SHA256=f20bbda5a384eb358927f5cb8332d56f8391847674fbef3f9afbf5340f719559

# veristat — BPF verifier statistics tool, used to check that built `*.bpf.o`
# programs load and to track verifier complexity. Official static binary from
Expand All @@ -51,8 +51,8 @@ MAKE_SHA256_aarch64=d5d5a80c7d57795d9f13c57ecd5315b9602327370094830d7fa9e490fa21
# source, lean (NO_CURL/NO_OPENSSL): init/add/commit/local ops only, no https
# remotes (host git or yeet's resolver handle those). CI records checksums.
GIT_VERSION=2.54.0
GIT_SHA256_x86_64=0e9dff2f8fc0d44fa67971c01c46ddba710d07a2911278f7f066abec422f24b6
GIT_SHA256_aarch64=19c6dda22c811324649e6e4aa8c369a8d822463d61d794d0e23e72fb77b5376c
GIT_SHA256_x86_64=59f561315854bddf56b77bf0557b73231431e17b0750f613ef2e4e6c8050c5ec
GIT_SHA256_aarch64=ff2519a8d32b789c570a3f2e25ad7b4c7d79eeef963d23b3ddbcb679fa78e8a6

# esbuild — official static (Go) binary from the @esbuild/<platform> npm
# package, re-hosted on our "toolchain" release. CI records the binary
Expand Down Expand Up @@ -89,8 +89,8 @@ LVH_SHA256_x86_64=ca3b958ffc08a4b65e4c6c8d29a4dad077acd11f146bc84f75a30ecaa031e9
LVH_SHA256_aarch64=49b7cef6376c445c0ab23465ecc984a771e06b3b37c39b486a4fed7fb1ded476
# Per-arch checksum of the published qemu-<arch>.tar.gz (binary + minimal
# share/qemu blobs). CI records these; the matrix runner verifies the tarball.
QEMU_SHA256_x86_64=2e26722e965018c145bab180cee8feace50f91841bf51b350f14527c0d5da637
QEMU_SHA256_aarch64=6fe353ef43918c14088c7a3741bfac54e6c17084ea462454a5b2a525ba0aa330
QEMU_SHA256_x86_64=4869e83d3ba4be16521cba6801005cf031da00d8ddf3401e5f4a505817ad5393
QEMU_SHA256_aarch64=5daf84e2eace328e722a9804f25fd778197b5d3dcc0047402a778f3e0c99d9bc

# Alpine base used for the musl-static clang build.
ALPINE_TAG=alpine:3.21
Loading