Because those Bazel toolchains don’t come with a glibc? How could they?

steeve · 2025-09-21T20:26:26 1758486386

This one does, we use it with great success: https://github.com/cerisier/toolchains_llvm_bootstrapped

lokar · 2025-09-21T02:24:02 1758421442

What? Of course they can, how is that hard?

jmmv · 2025-09-21T02:31:02 1758421862

You need that glibc on the target system, and glibc doesn’t like static linking. How do you ship the built binary?

lokar · 2025-09-21T02:34:28 1758422068

You include the target glibc as part of your toolchain

And, I always prefer to actually pick my glibc independently from the host os and ship it with the binary (generally in an OCI image). This way you can patch/update the host without breaking the service.

jmmv · 2025-09-21T03:08:00 1758424080

Right, so you need to end up creating a container to package the glibc with the binary. Which is not very different from having sysroots.

But what about any tools compiled from source and used during the build? Those can also suffer from these issues.

lokar · 2025-09-21T03:19:38 1758424778

Yeah, ideally you could build your toolchain from source on any platform. But, in some cases that’s not possible

remexre · 2025-09-21T02:35:08 1758422108

Does that result in working NSS?

lokar · 2025-09-21T02:37:38 1758422258

I normally statically link as much as possible and avoid nss, but you can make that work as well, just include it along with glibc.

throwaway2046 · 2025-09-21T12:02:42 1758456162

Is musl not an option? It's best to avoid glibc altogether if possible.

prpl · 2025-09-21T03:27:31 1758425251

no, you just need a compatible starlit/glibc. you pick an old version (e.g. RHEL8) or otherwise compile with multiple tool chains if you need newer glibc features