chrony 静态编译和笔记
由来 写于 2022/05/07 ,我们 docker 和 k8s 都是 bin 文件部署的,但是集群的时间同步 chrony 还是包管理安装的,每个系统维护一个包(而且有几率客户环境本身依赖就有问题,会导致离线安装我们的包报错)太麻烦,想着静态编译试下。后半部分写 chrony 的配置笔记,主要是静态编译
chrony 静态编译 官方文档 先找源码,github 上没找到,于是 man chronyd 找到 https://chrony.tuxfamily.org/ ,以及下面 url:
参考信息 1 2 3 4 5 6 7 # centos 7 chronyd -v chronyd (chrony) version 3.4 (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 +DEBUG) # ubuntu 22.04 chronyd -v chronyd (chrony) version 4.2 (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
alpine 静态编译尝试 1 2 3 4 5 6 git clone https://git.tuxfamily.org/chrony/chrony.git docker run --name t1 -tid -v $PWD/chrony:/opt --workdir /opt alpine docker exec -ti t1 sh -c 'sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && apk add bash' docker exec -ti t1 bash
查看了下 ./configure --help 支持 CFLAGS 和 LDFLAGS,安装基础的编译依赖:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 apk --no-cache add \ make \ binutils \ file \ file-dev \ git \ gcc \ g++ \ musl-dev \ libcap-static \ libseccomp-static \ nettle-static \ pps-tools-dev \ gnutls-dev \ libedit-dev # nss-dev ( cd /mnt git clone https://github.com/libtom/libtomcrypt.git -b v1.18.2 cd libtomcrypt make install ) CFLAGS='-static -s' LDFLAGS=-static ./configure
找依赖,下面会利用里面的 test_code 探测一些库的 h 文件路径(config.h 是源码里的路径),可以在 https://pkgs.alpinelinux.org/contents 上查找,例如 editline/readline.h 则搜索 readline.h 找到 libedit-dev
1 CFLAGS='-static -s' LDFLAGS=-static ./configure
可以看 config.log 内容看为啥某些选项 check 为 No ,alpine 上的尝试里的报错给俺整不会了,换 ubuntu 试试。
ubuntu 静态编译 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 docker run --name t1 -tid -v $PWD/chrony:/opt --workdir /opt ubuntu docker exec -ti t1 sh -c "sed -ri 's/(ports|deb|security|archive).(debian.org|ubuntu.com)/mirrors.aliyun.com/g' /etc/apt/sources.list && apt-get update" docker exec -ti t1 bash # apt-get install apt-file # apt-file update # apt-file search sys/timepps.h # ------------ # libcap-dev sys/capability.h # pps-tools sys/timepps.h # libedit-dev editline/readline.h # nettle-dev nettle/nettle-meta.h # libnss3-dev hasht.h # libtomcrypt-dev tomcrypt.h # libgnutls28-dev gnutls/gnutls.h apt-get install -y \ bison asciidoctor \ gcc \ make \ pkg-config \ libcap-dev \ pps-tools \ libedit-dev \ nettle-dev \ libnss3-dev \ libtomcrypt-dev \ libgnutls28-dev \ libseccomp-dev CFLAGS='-static -s' LDFLAGS='-static -lm' ./configure --enable-scfilter --enable-ntp-signd # NTS 和 gnutls/gnutls.h 有关 make; echo $? make install $ chronyd -v chronyd (chrony) version 4.2 (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS -NTS +SECHASH +IPV6 -DEBUG) $ ldd `which chronyd` not a dynamic executable
buildx 一步到位:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 FROM docker.mirrors.ustc.edu.cn/library/ubuntu as buildARG branch=4.2 ENV DEBIAN_FRONTEND noninteractiveRUN sed -ri 's/(ports|deb|security|archive).(debian.org|ubuntu.com)/mirrors.aliyun.com/g' /etc/apt/sources.list \ && apt-get update WORKDIR /opt RUN apt-get install -y wget && wget https://download.tuxfamily.org/chrony/chrony-${branch} .tar.gz \ && tar zxf chrony-${branch} .tar.gz \ && mv chrony-${branch} chrony \ && rm -f chrony-${branch} .tar.gz RUN apt-get install -y \ bison asciidoctor \ gcc \ make \ pkg-config \ libcap-dev \ pps-tools \ libedit-dev \ nettle-dev \ libnss3-dev \ libtomcrypt-dev \ libgnutls28-dev \ libseccomp-dev RUN cd chrony; \ CFLAGS='-static -s' LDFLAGS='-static -lm' \ ./configure \ --enable-scfilter \ --enable-ntp-signd \ && make; echo $?; \ mkdir -p /install_root; \ make DESTDIR=/install_root install \ && find /install_root RUN rm -rf /install_root/usr/local/share \ && rmdir /install_root/var/lib/chrony/ /install_root/etc FROM scratch AS binCOPY --from=build /install_root /
构建
1 2 3 4 5 6 7 docker buildx build . --platform linux/amd64,linux/arm64 --target bin --output . $ file linux_a*/usr/local/bin/chronyc linux_a*/usr/local/sbin/chronyd linux_amd64/usr/local/bin/chronyc: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=e38ff142cd3225f5ec8475fcb2d64eef4bf18fe0, for GNU/Linux 3.2.0, stripped linux_arm64/usr/local/bin/chronyc: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, BuildID[sha1]=c617ae18102728c16d8982500df160d664ea8649, for GNU/Linux 3.7.0, stripped linux_amd64/usr/local/sbin/chronyd: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=00a7f09053b1c9685529883388d6bad929a6be2d, for GNU/Linux 3.2.0, stripped linux_arm64/usr/local/sbin/chronyd: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, BuildID[sha1]=78f6bfd99a5c0b0843c8525acff1e8bf1dc03a62, for GNU/Linux 3.7.0, stripped
遇到的问题 LDFLAGS 加 -lm 的原因,开启 math
1 2 3 4 5 6 7 $ gcc -lm -static -s -Wmissing-prototypes -Wall -o /tmp/conftest test.c -static /usr/bin/ld: /tmp/ccXh9njR.o: in function `main': test.c:(.text+0x19): undefined reference to `sqrt' /usr/bin/ld: test.c:(.text+0x1e): undefined reference to `log' /usr/bin/ld: test.c:(.text+0x33): undefined reference to `pow' collect2: error: ld returned 1 exit status $ gcc -static -s -Wmissing-prototypes -Wall -o /tmp/conftest test.c -static -lm
chrony 配置 https://chrony.tuxfamily.org/doc/devel/chrony.conf.html
参考
