Trying to fix the broken OCaml mainstream, but I have zero previous experience with Alpine, so if anyone wants to take a look - I would appreciate this:
I tried to build packages locally then install with apk --allow-untrusted, it installs fine, but the binaries compiled with this now throw this error:
Error relocating ./mybinary: secure_getenv: symbol not found
P.S. What is worse, I can’t base my image on Alpine:3.10 release e.g., because both 4.08.1 and 4.09.0 releases fail with this bug https://github.com/ocaml/ocaml/issues/8965. It was fixed, but no release available yet.
To summarize the issue: the OCaml upstream was incompatible with Alpine starting with 4.08, and there is now a fix upstream, which may not reach upstream-released versions of OCaml before 4.10. The question is how to get a working Alpine+OCaml in the meantime.
I don’t know of any plans to make a new 4.09 bugfix release yet, and I’m pretty sure that there will not be another 4.08 release. On the other hand, there is an upstream patch that is already included in the 4.09 maintenance branch, and should be pretty easy to backport to 4.08 as well (ask me if you need help).
What’s the package-management process for Alpine in these situations? Is there a way to apply a patch in the distribution, as is routinely done by Debian or Fedora? It sounds like a pretty natural thing to do here, it should be easy, and would solve the problem for all Alpine users of 4.08 and 4.09.
Yes, I know about the patch. But I don’t know any way to tell opam to use the patch when you choose the switch. I can build the package manually from the container with abuild -r, but then it generates the wrong binaries with the error I mentioned. I found a workaround by using ocaml/opam2:alpine image, but it’s needlessly big, compared to the vanilla Alpine.
I’m suggesting that you send a pull-request to the Alpine packages repository, fixing the issues for all affected versions of OCaml available through this channel, by adding this patch (or a variant of this patch if necessary) to their patchset.
That problems affects only building with opam, but if you build from the package source the patch is unnecessary. The package source pull request already linked, they need just to accept the patch and rebuild it. Trickier part would be about secure_getenv: symbol not found error which I have no idea where to start from.
Just a start… Something like configure detects the presence of secure_getenv, which means it gets used by the runtime system, but the libc hasn’t the symbol.
Among other things, it will install the GNU variant of stat.
I cannot remember seeing the secure_getenv problem under
Alpine (where we do build vanilla OCaml), but you might be
interested in the following patch (disabling the detection of
the secure function):
Yesterday updated to Fedora 31 and it made the things even worse - it doesn’t support docker because of the switch to cgroups-v2, so you can use the rootless podman, but it’s incompatible with docker in some edge cases. Every single thing I touch while doing my simple OCaml development breaks. Every single one!
I was lucky, only 2 bugs were blocking my workflow to work on podman, I was able to start using it a few weeks ago. In general they are quite responsive and fix reported problems.
Just an update - 4.09.0 landed in Alpine Edge and works fine. I am using podman these days with some workarounds against its bugs. It is not as stable as the original Docker, but 99.999% of my cases work just fine now.