-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update .NET Linux Build for .NET 10 #109939
Comments
Tagging subscribers to this area: @dotnet/area-infrastructure-libraries |
@dotnet/distro-maintainers @omajid @dviererbe @mateoatr @normj |
Tagging subscribers to this area: @dotnet/runtime-infrastructure |
I talked today to Mateus and Samir about this issue and we think it is totally reasonable, that .NET 10 will not support the glibc version of Ubuntu 16.04. Thanks for keeping us in the loop :) |
Great! Thanks for the feedback. For clarity, this plan only affects the Microsoft build. It would be possible for another party to build .NET targeting a different glibc or musl version, higher or lower. We have no expectation that others follow our approach. |
Doesn't your comment in the post "take advantage of low-level capabilities that are present in newer libc versions." imply that .NET will start calling APIs that are only available in newer versions of libc which would block users from building with older versions glibc? Not that I'm saying this shouldn't be done but it does seem the change raises the contract between .NET and the platform for everybody. |
Great q. Those calls can always be made conditional. For example, .NET 9+ Arm32 is now built for Ubuntu 22.04+. It's possible to build it another way. Example: #107989 |
Contributes to dotnet/runtime#109939. These images have LLVM 19.1.0, but will be updated to LLVM 20 per the plan, once that is released.
If the reason for increasing the minimum libc version is that we are genuinely utilizing features from a modern version which simplifies runtime code (by removing fallback paths for older libc) or addressing a breaking change like However, increasing the libc version doesn't seem ideal otherwise. Microsoft's builds use modern Azure Linux 3.0 containers with a cross-compiling toolchain for various targets (x64, arm64, etc.). The way these builds use the cross-toolchain on Linux is by importing some C/C++ headers and linking to libraries under the sysroot ( Since these libraries are neither statically linked nor executed during the build, the cross-build process treats them merely as files providing symbols. When build artifacts are downloaded to a consumer machine, the only items carried over from the build machine are these symbols and their versions. There is no security risk here, even if a) Nothing is executed from the |
See Security-related servicing for an analysis of which elements are "copied" from the rootfs. |
@richlander, Under glibc Compatibility section , remove the reference to Ubuntu 18.04 inclusion of glibc 2.27 as it confuses because immediately succeeding is Fedora distro and we do have a separate Ubuntu section which already listed Ubuntu 18.04 with glibc 2.7. Listing the required minimum glibc version at the beginning will help. Same with musl too. |
I'm not quite following. My goal was to make the top section about distro versions not about libc versions (which most users don't know about). I don't grasp the point about Fedora.
The reason I have the distro there is that I'm trying to make it clear where the glibc version is coming from. I'm trying to establish a strong association. |
As promised, I added a link (in the initial text above) to the .NET 10 supported OSes file once it was available. https://github.com/dotnet/core/blob/main/release-notes/10.0/supported-os.md The OS/distro versions are subject to change. When in doubt, ask. |
Since Linux 3.17, the syscall `getrandom` can be used to generate bytes from the same entropy source as `/dev/urandom`. This makes it suitable for cryptographic random number generation, something our Guid generator needs. If `getrandom` is not available because the LibC provided is too old - or if the syscall itself is not available, it will fall back to the previous method of reading from `/dev/urandom`. `EPERM` is treated like `ENOSYS` - some older Linux kernels returned this when the syscall is not available. The syscall can also be blocked by seccomp. That would be weird, and Docker permits it by default, but if anyone has explicitly gone out of their way to block it, it falls back to using the file descriptor mechanism. The use of the syscall implementation instead of the file device offers some performance improvements. Anywhere from 10% to 15% in benchmarks. This does require glibc 2.25. For non-portable builds, that's largely fine. For Microsoft builds, those are (currently) being done on Ubuntu Xenial, which has 2.23. However, it is expected that with .NET 10, the glibc floor is going to change to 2.27 with dotnet#109939. If that happens, then the Microsoft portable builds will pick this up as well. This PR does _not_ change the user-facing `RandomNumberGenerator` that will continue to use `RAND_bytes` from OpenSSL. | Method | Toolchain | Mean | Error | StdDev | Ratio | |--------------- |---------- |---------:|--------:|--------:|------:| | NewGuid | branch | 265.1 ns | 0.24 ns | 0.22 ns | 0.87 | | NewGuid | main | 304.6 ns | 0.16 ns | 0.15 ns | 1.00 | | | | | | | | | CreateVersion7 | branch | 293.2 ns | 0.20 ns | 0.18 ns | 0.88 | | CreateVersion7 | main | 335.0 ns | 0.27 ns | 0.23 ns | 1.00 |
The Microsoft distribution of .NET is built to be compatible with the broad Linux ecosystem. We decide and communicate minimum supported distro versions with each release, first to get feedback, and then to set expectations. Distro compatibility is an important property of each release.
Minimum compatible distros:
We model compatibility on Ubuntu for glibc distros and Alpine for musl distros.
This means that .NET 10 apps will run on Alpine 3.17 and Ubuntu 18.04 and later (and other compatible distro versions). They will not run on distros versions before that (like Ubuntu 16.04), while .NET 8 and 9 apps will.
If an app is run on a distro with an older
libc
than the .NET build targets, the app will fail to launch with errors related to missinglibc
exports.We have communicated similar plans for .NET 8 and .NET 9.
Details
The Microsoft distribution for .NET 10 is built in an Azure Linux 3.0 container and targets the minimum supported distro using cross-compilation techniques. The approach we use is covered in more detail in Linux build methodology.
It is important that we continue to move the minimum supported versions forward so that we can securely build .NET and to take advantage of low-level capabilities that are present in newer
libc
versions. For example, we were forced to do that Arm32.The versions listed in this document are a compatibility not support statement. Supported distros and versions are provided separately.
glibc compatibility
Ubuntu 18.04 includes glibc version
2.27
.The following distro versions (and higher) are compatible:
Recent Ubuntu glibc versions:
musl compatibility
Alpine 3.17 includes musl version
1.2.3
.The following distro versions (and higher) are compatible:
Recent Alpine musl versions:
Toolset
The Microsoft build uses a variety of tools. This choice is most relevant for distros that build .NET from source and want to use the same or similar tool versions to ensure compatible results. It can also be important for users that want to understand if an observed behavior is due to known issues with those tools.
Tools:
clang
20cmake
3.26The text was updated successfully, but these errors were encountered: