diff --git a/.github/workflows/prof_asan.yml b/.github/workflows/prof_asan.yml index 7513ad148f5..80d385a4e6f 100644 --- a/.github/workflows/prof_asan.yml +++ b/.github/workflows/prof_asan.yml @@ -16,7 +16,7 @@ jobs: CARGO_TARGET_DIR: /tmp/build-cargo RUST_TOOLCHAIN: nightly-2025-06-13 container: - image: datadog/dd-trace-ci:php-${{matrix.php-version}}_bookworm-6 + image: datadog/dd-trace-ci:php-${{matrix.php-version}}_bookworm-7 # https://docs.github.com/en/actions/creating-actions/dockerfile-support-for-github-actions#user options: --user root --privileged @@ -49,7 +49,7 @@ jobs: set -eux switch-php nts-asan cd profiling - export CC=clang-17 + export CC=clang-19 export CFLAGS='-fsanitize=address -fno-omit-frame-pointer' export LDFLAGS='-fsanitize=address -shared-libasan' export RUSTC_LINKER=lld-17 diff --git a/.gitlab/build-profiler.sh b/.gitlab/build-profiler.sh index c4182c48817..21c94a8ba4b 100755 --- a/.gitlab/build-profiler.sh +++ b/.gitlab/build-profiler.sh @@ -17,7 +17,7 @@ fi # /usr/lib/llvm20/lib/clang/20/include/arm_neon.h:6374:25: error: incompatible constant for this __builtin_neon function # etc. if [ -f /sbin/apk ] && [ $(uname -m) = "aarch64" ]; then - ln -sf ../lib/llvm17/bin/clang /usr/bin/clang + ln -sf ../lib/llvm19/bin/clang /usr/bin/clang fi set -u diff --git a/.gitlab/ci-images.yml b/.gitlab/ci-images.yml index 2a13c35123b..52fd5cd2c62 100644 --- a/.gitlab/ci-images.yml +++ b/.gitlab/ci-images.yml @@ -34,7 +34,7 @@ CentOS: - php-7.0 script: - cd dockerfiles/ci/centos/7 - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY + - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" - docker buildx bake --no-cache --pull --push $PHP_VERSION Alpine: @@ -63,7 +63,7 @@ Alpine: - 7.0-alpine script: - cd dockerfiles/ci/alpine_compile_extension - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY + - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" - docker buildx bake --no-cache --pull --push $PHP_VERSION Bookworm: @@ -94,7 +94,7 @@ Bookworm: - php-7.0 script: - cd dockerfiles/ci/bookworm - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY + - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" - docker buildx bake --no-cache --pull --push $PHP_VERSION Buster: @@ -125,5 +125,5 @@ Buster: - php-7.0 script: - cd dockerfiles/ci/buster - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_TOKEN" $CI_REGISTRY + - echo "$CI_REGISTRY_TOKEN" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY" - docker buildx bake --no-cache --pull --push $PHP_VERSION diff --git a/.gitlab/generate-package.php b/.gitlab/generate-package.php index 13b800e5cd7..ce8a1141dd2 100644 --- a/.gitlab/generate-package.php +++ b/.gitlab/generate-package.php @@ -48,13 +48,13 @@ $asan_build_platforms = [ [ "triplet" => "x86_64-unknown-linux-gnu", - "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-6", + "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-7", "arch" => "amd64", "host_os" => "linux-gnu", ], [ "triplet" => "aarch64-unknown-linux-gnu", - "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-6", + "image_template" => "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-%s_bookworm-7", "arch" => "arm64", "host_os" => "linux-gnu", ] @@ -319,7 +319,7 @@ "pecl build": stage: tracing - image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-6" + image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-7" tags: [ "arch:amd64" ] needs: [ "prepare code" ] script: @@ -369,7 +369,7 @@ "aggregate tracing extension: []": stage: tracing - image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-6" + image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-7.4_bookworm-7" tags: [ "arch:amd64" ] script: ls ./ variables: @@ -1136,7 +1136,7 @@ "pecl tests": stage: verify - image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_VERSION}_bookworm-6" + image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_VERSION}_bookworm-7" tags: [ "arch:amd64" ] services: - !reference [.services, request-replayer] @@ -1307,7 +1307,7 @@ variables: VALGRIND: false ARCH: "" - CONTAINER_SUFFIX: bookworm-6 + CONTAINER_SUFFIX: bookworm-7 needs: - job: "package loader: []" artifacts: true diff --git a/.gitlab/generate-profiler.php b/.gitlab/generate-profiler.php index 0ed90db7330..8fd01b50873 100644 --- a/.gitlab/generate-profiler.php +++ b/.gitlab/generate-profiler.php @@ -43,7 +43,7 @@ IMAGE_SUFFIX: _centos-7 script: - if [ -d '/opt/rh/devtoolset-7' ]; then set +eo pipefail; source scl_source enable devtoolset-7; set -eo pipefail; fi - - if [ -f /sbin/apk ] && [ $(uname -m) = "aarch64" ]; then ln -sf ../lib/llvm17/bin/clang /usr/bin/clang; fi + - if [ -f /sbin/apk ] && [ $(uname -m) = "aarch64" ]; then ln -sf ../lib/llvm19/bin/clang /usr/bin/clang; fi - cd profiling - 'echo "nproc: $(nproc)"' @@ -82,7 +82,7 @@ "clippy NTS": stage: test tags: [ "arch:amd64" ] - image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6 + image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7 variables: KUBERNETES_CPU_REQUEST: 5 KUBERNETES_MEMORY_REQUEST: 3Gi @@ -101,7 +101,7 @@ "Cargo test": stage: test tags: [ "arch:amd64" ] - image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-8.5_bookworm-5 + image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-8.5_bookworm-7 variables: KUBERNETES_CPU_REQUEST: 5 KUBERNETES_MEMORY_REQUEST: 3Gi diff --git a/.gitlab/generate-shared.php b/.gitlab/generate-shared.php index 6b6cb13990f..eb200835a9e 100644 --- a/.gitlab/generate-shared.php +++ b/.gitlab/generate-shared.php @@ -21,7 +21,7 @@ - IMAGE: - "datadog/dd-trace-ci:centos-7" - "datadog/dd-trace-ci:php-compile-extension-alpine" - - "datadog/dd-trace-ci:bookworm-6" + - "datadog/dd-trace-ci:bookworm-7" script: - if [ -f "/opt/libuv/lib/pkgconfig/libuv.pc" ]; then export PKG_CONFIG_PATH="/opt/libuv/lib/pkgconfig:$PKG_CONFIG_PATH"; fi - if [ -d "/opt/catch2" ]; then export CMAKE_PREFIX_PATH=/opt/catch2; fi @@ -45,7 +45,7 @@ "C components UBSAN": tags: [ "arch:amd64" ] stage: test - image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:bookworm-6" + image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:bookworm-7" needs: [] script: - if [ -f "/opt/libuv/lib/pkgconfig/libuv.pc" ]; then export PKG_CONFIG_PATH="/opt/libuv/lib/pkgconfig:$PKG_CONFIG_PATH"; fi @@ -69,7 +69,7 @@ "Build & Test Tea": tags: [ "arch:amd64" ] stage: build - image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6" + image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7" parallel: matrix: - PHP_MAJOR_MINOR: *no_asan_minor_major_targets @@ -98,7 +98,7 @@ .tea_test: tags: [ "arch:amd64" ] stage: test - image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6" + image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7" interruptible: true rules: - if: $CI_COMMIT_BRANCH == "master" @@ -122,7 +122,7 @@ needs: [] variables: PHP_MAJOR_MINOR: "" - image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6" + image: "registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7" script: - | if ! command -v cc >/dev/null 2>&1 && ! command -v clang >/dev/null 2>&1 && ! command -v gcc >/dev/null 2>&1; then @@ -157,6 +157,9 @@ extends: .tea_test variables: PHP_MAJOR_MINOR: "" + + ASAN_OPTIONS: "detect_stack_use_after_return=0" + needs: - job: "Build & Test Tea" parallel: diff --git a/.gitlab/generate-tracer.php b/.gitlab/generate-tracer.php index 029fa85ee0e..456ce70b086 100644 --- a/.gitlab/generate-tracer.php +++ b/.gitlab/generate-tracer.php @@ -67,7 +67,7 @@ function before_script_steps($with_docker_auth = false) { "compile extension: debug": stage: compile tags: [ "arch:${ARCH}" ] - image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6 + image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7 parallel: matrix: - PHP_MAJOR_MINOR: *all_minor_major_targets @@ -187,7 +187,7 @@ function before_script_steps($with_docker_auth = false) { .base_test: stage: test tags: [ "arch:${ARCH}" ] - image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-6 + image: registry.ddbuild.io/images/mirror/datadog/dd-trace-ci:php-${PHP_MAJOR_MINOR}_bookworm-7 timeout: 60m interruptible: true rules: @@ -311,6 +311,7 @@ function before_script_steps($with_docker_auth = false) { PHP_MAJOR_MINOR: "" ARCH: "amd64" TEST_PHP_JUNIT: "${CI_PROJECT_DIR}/tmp/build_extension/artifacts/tests/php-tests.xml" + ASAN_OPTIONS: "abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1:detect_stack_use_after_return=0" script: - mkdir -p "${CI_PROJECT_DIR}/tmp/build_extension/artifacts/tests" - make test_c_observer diff --git a/appsec/cmake/clang-format.cmake b/appsec/cmake/clang-format.cmake index 22d9f47ae28..ee33f590420 100644 --- a/appsec/cmake/clang-format.cmake +++ b/appsec/cmake/clang-format.cmake @@ -1,9 +1,9 @@ -set(_LLVM17_FORMAT /opt/homebrew/opt/llvm@17/bin/clang-format) -if(EXISTS ${_LLVM17_FORMAT}) - set(CLANG_FORMAT ${_LLVM17_FORMAT}) - message(STATUS "Using Homebrew LLVM 17 clang-format: ${CLANG_FORMAT}") +set(_LLVM19_FORMAT /opt/homebrew/opt/llvm@19/bin/clang-format) +if(EXISTS ${_LLVM19_FORMAT}) + set(CLANG_FORMAT ${_LLVM19_FORMAT}) + message(STATUS "Using Homebrew LLVM 19 clang-format: ${CLANG_FORMAT}") else() - find_program(_CF_VERSIONED clang-format-17) + find_program(_CF_VERSIONED clang-format-19) if(NOT _CF_VERSIONED STREQUAL _CF_VERSIONED-NOTFOUND) set(CLANG_FORMAT ${_CF_VERSIONED}) else() @@ -14,7 +14,7 @@ else() OUTPUT_VARIABLE _CF_VERSION OUTPUT_STRIP_TRAILING_WHITESPACE ERROR_QUIET) - if(_CF_VERSION MATCHES " 17\\.") + if(_CF_VERSION MATCHES " 19\\.") set(CLANG_FORMAT ${_CF_UNVERSIONED}) endif() endif() @@ -22,7 +22,7 @@ else() if(NOT CLANG_FORMAT) set(CLANG_FORMAT ${CMAKE_CURRENT_LIST_DIR}/clang-tools/clang-format) if(NOT EXISTS ${CLANG_FORMAT}) - message(STATUS "Cannot find clang-format version 17, either set CLANG_FORMAT or make it discoverable") + message(STATUS "Cannot find clang-format version 19, either set CLANG_FORMAT or make it discoverable") return() endif() message(STATUS "Using Docker-based clang-format wrapper: ${CLANG_FORMAT}") diff --git a/appsec/cmake/clang-tidy.cmake b/appsec/cmake/clang-tidy.cmake index f10567020d5..fd334caeb63 100644 --- a/appsec/cmake/clang-tidy.cmake +++ b/appsec/cmake/clang-tidy.cmake @@ -1,17 +1,17 @@ -# Prefer a locally installed LLVM 17 run-clang-tidy (e.g. via brew install llvm@17) +# Prefer a locally installed LLVM 19 run-clang-tidy (e.g. via brew install llvm@19) # over the Docker-based wrapper, since native execution avoids SDK incompatibilities. -set(_LLVM17_BIN /opt/homebrew/opt/llvm@17/bin) -set(_LLVM17_TIDY ${_LLVM17_BIN}/run-clang-tidy) +set(_LLVM19_BIN /opt/homebrew/opt/llvm@19/bin) +set(_LLVM19_TIDY ${_LLVM19_BIN}/run-clang-tidy) set(CLANG_TIDY_BINARY_OPT "") -if(EXISTS ${_LLVM17_TIDY}) - set(CLANG_TIDY ${_LLVM17_TIDY}) - set(CLANG_TIDY_BINARY_OPT -clang-tidy-binary ${_LLVM17_BIN}/clang-tidy) - message(STATUS "Using Homebrew LLVM 17 run-clang-tidy: ${CLANG_TIDY}") +if(EXISTS ${_LLVM19_TIDY}) + set(CLANG_TIDY ${_LLVM19_TIDY}) + set(CLANG_TIDY_BINARY_OPT -clang-tidy-binary ${_LLVM19_BIN}/clang-tidy) + message(STATUS "Using Homebrew LLVM 19 run-clang-tidy: ${CLANG_TIDY}") else() - find_program(_RCT_VERSIONED run-clang-tidy-17) + find_program(_RCT_VERSIONED run-clang-tidy-19) if(NOT _RCT_VERSIONED STREQUAL _RCT_VERSIONED-NOTFOUND) set(CLANG_TIDY ${_RCT_VERSIONED}) - find_program(_CT_VERSIONED clang-tidy-17) + find_program(_CT_VERSIONED clang-tidy-19) if(NOT _CT_VERSIONED STREQUAL _CT_VERSIONED-NOTFOUND) set(CLANG_TIDY_BINARY_OPT -clang-tidy-binary ${_CT_VERSIONED}) endif() @@ -37,7 +37,7 @@ else() if(NOT CLANG_TIDY) set(CLANG_TIDY ${CMAKE_CURRENT_LIST_DIR}/clang-tools/run-clang-tidy) if(NOT EXISTS ${CLANG_TIDY}) - message(STATUS "Cannot find clang-tidy version 17, either set CLANG_TIDY or make it discoverable") + message(STATUS "Cannot find clang-tidy version 19, either set CLANG_TIDY or make it discoverable") return() endif() message(STATUS "Using Docker-based run-clang-tidy wrapper: ${CLANG_TIDY}") diff --git a/appsec/tests/fuzzer/CMakeLists.txt b/appsec/tests/fuzzer/CMakeLists.txt index 221be2d7a50..6880518269f 100644 --- a/appsec/tests/fuzzer/CMakeLists.txt +++ b/appsec/tests/fuzzer/CMakeLists.txt @@ -19,20 +19,24 @@ if (CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND CMAKE_CXX_COMPILER_VERSION VERSIO OUTPUT_VARIABLE LLVM_RUNTIME_DIR OUTPUT_STRIP_TRAILING_WHITESPACE ) + # Newer clang versions return a per-target path (e.g. .../lib/x86_64-pc-linux-gnu) but + # Debian/Ubuntu packages install runtime libs in the sibling "linux" directory. + get_filename_component(LLVM_RUNTIME_PARENT "${LLVM_RUNTIME_DIR}" DIRECTORY) + set(LLVM_RUNTIME_LINUX_DIR "${LLVM_RUNTIME_PARENT}/linux") execute_process(COMMAND uname -m COMMAND tr -d '\n' OUTPUT_VARIABLE ARCHITECTURE) target_compile_definitions(ddappsec_helper_fuzzer PUBLIC ZLIB_CONST=1) - target_link_directories(ddappsec_helper_fuzzer PRIVATE ${LLVM_RUNTIME_DIR}) + target_link_directories(ddappsec_helper_fuzzer PRIVATE ${LLVM_RUNTIME_DIR} ${LLVM_RUNTIME_LINUX_DIR}) target_link_libraries(ddappsec_helper_fuzzer PRIVATE libddwaf_objects pthread spdlog cpp-base64 msgpack_c rapidjson_appsec boost_system zlibstatic) set(FUZZER_LIB_NAME "libclang_rt.fuzzer_no_main-${ARCHITECTURE}.a") - find_library(FUZZER_LIB ${FUZZER_LIB_NAME} PATHS ${LLVM_RUNTIME_DIR}) + find_library(FUZZER_LIB ${FUZZER_LIB_NAME} PATHS ${LLVM_RUNTIME_DIR} ${LLVM_RUNTIME_LINUX_DIR}) if(NOT FUZZER_LIB) set(FUZZER_LIB_NAME_FALLBACK "libclang_rt.fuzzer_no_main.a") - find_library(FUZZER_LIB ${FUZZER_LIB_NAME_FALLBACK} PATHS ${LLVM_RUNTIME_DIR}) + find_library(FUZZER_LIB ${FUZZER_LIB_NAME_FALLBACK} PATHS ${LLVM_RUNTIME_DIR} ${LLVM_RUNTIME_LINUX_DIR}) endif() if(NOT FUZZER_LIB) diff --git a/docker-compose.yml b/docker-compose.yml index 9bf6080cffd..a77598f7ed3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -73,19 +73,19 @@ services: # --- Alpine --- '8.0-alpine': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.0_alpine' } # --- Bookworm --- - '7.0-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.0_bookworm-6' } - '7.1-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.1_bookworm-6' } - '7.2-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.2_bookworm-6' } - '7.3-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.3_bookworm-6' } - '7.4-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.4_bookworm-6' } + '7.0-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.0_bookworm-7' } + '7.1-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.1_bookworm-7' } + '7.2-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.2_bookworm-7' } + '7.3-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.3_bookworm-7' } + '7.4-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.4_bookworm-7' } '7.4-bookworm-shared-ext': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.4-shared-ext-6' } - '8.0-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.0_bookworm-6' } + '8.0-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.0_bookworm-7' } '8.0-bookworm-shared-ext': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.0-shared-ext-6' } - '8.1-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.1_bookworm-6' } - '8.2-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.2_bookworm-6' } - '8.3-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.3_bookworm-6' } - '8.4-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.4_bookworm-6' } - '8.5-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.5_bookworm-6' } + '8.1-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.1_bookworm-7' } + '8.2-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.2_bookworm-7' } + '8.3-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.3_bookworm-7' } + '8.4-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.4_bookworm-7' } + '8.5-bookworm': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-8.5_bookworm-7' } 'php-master-buster': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-master_buster' } # --- CentOS 6 --- '7.0-centos7': { <<: *linux_php_service, image: 'datadog/dd-trace-ci:php-7.0_centos-7' } diff --git a/dockerfiles/ci/alpine_compile_extension/base.Dockerfile b/dockerfiles/ci/alpine_compile_extension/base.Dockerfile index 86d3c905770..aff36105b8e 100644 --- a/dockerfiles/ci/alpine_compile_extension/base.Dockerfile +++ b/dockerfiles/ci/alpine_compile_extension/base.Dockerfile @@ -34,7 +34,7 @@ RUN set -eux; \ # Minimum: libclang. Nice-to-have: full toolchain including linker to play # with cross-language link-time optimization. Needs to match rustc -Vv's llvm # version. -RUN apk add --no-cache llvm17-libs clang17-dev lld llvm17 rust-stdlib rust-src cargo clang git protoc unzip +RUN apk add --no-cache llvm19-libs clang19-dev lld llvm19 rust-stdlib rust-src cargo clang git protoc unzip RUN cargo install --force --locked bindgen-cli && mv /root/.cargo/bin/bindgen /usr/local/bin/ && rm -rf /root/.cargo diff --git a/dockerfiles/ci/bookworm/.env b/dockerfiles/ci/bookworm/.env index 6d5f820f4d5..c262c5f2817 100644 --- a/dockerfiles/ci/bookworm/.env +++ b/dockerfiles/ci/bookworm/.env @@ -1,2 +1,2 @@ -BOOKWORM_CURRENT_VERSION=6 -BOOKWORM_NEXT_VERSION=6 +BOOKWORM_CURRENT_VERSION=7 +BOOKWORM_NEXT_VERSION=8 diff --git a/dockerfiles/ci/bookworm/Dockerfile b/dockerfiles/ci/bookworm/Dockerfile index ef314993bbf..53ca77f14ab 100644 --- a/dockerfiles/ci/bookworm/Dockerfile +++ b/dockerfiles/ci/bookworm/Dockerfile @@ -9,10 +9,10 @@ ENV ACCEPT_EULA=Y # with cross-language link-time optimization. Needs to match rustc -Vv's llvm # version. ENV DEVLIBS \ - libclang-17-dev \ - libclang-rt-17-dev \ - llvm-17-dev \ - lld-17 \ + libclang-19-dev \ + libclang-rt-19-dev \ + llvm-19-dev \ + lld-19 \ libbrotli-dev \ libcurl4-openssl-dev \ libedit-dev \ @@ -48,8 +48,8 @@ ENV RUNTIME_DEPS \ apache2 \ apache2-dev \ ca-certificates \ - clang-format-17 \ - clang-tidy-17 \ + clang-format-19 \ + clang-tidy-19 \ curl \ debian-goodies \ git \ @@ -70,7 +70,7 @@ ENV RUNTIME_DEPS \ ENV PHPIZE_DEPS \ autoconf \ bison \ - clang-17 \ + clang-19 \ cmake \ dpkg-dev \ file \ @@ -97,12 +97,12 @@ RUN set -eux; \ echo "deb http://deb.debian.org/debian-debug/ bookworm-debug main" | \ tee -a /etc/apt/sources.list; \ \ -# Use LLVM from orig vendor (also LLVM 17 is not shipped with bookworm) +# Use LLVM from orig vendor (also LLVM 19 is not shipped with bookworm) apt-get update; \ apt-get install -y curl gnupg software-properties-common; \ curl https://apt.llvm.org/llvm-snapshot.gpg.key | tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc; \ - add-apt-repository "deb http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-17 main"; \ - add-apt-repository "deb-src http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-17 main"; \ + add-apt-repository "deb http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-19 main"; \ + add-apt-repository "deb-src http://apt.llvm.org/bookworm/ llvm-toolchain-bookworm-19 main"; \ \ # prevent Debian's PHP packages from being installed # https://github.com/docker-library/php/pull/542 @@ -136,14 +136,14 @@ RUN set -eux; \ chown -R circleci:circleci /var/log/nginx/ /var/lib/nginx/; \ \ # Make clang the default compiler - update-alternatives --install /usr/bin/cc cc /usr/bin/clang-17 100; \ - update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++-17 100; \ - update-alternatives --install /usr/bin/clang clang /usr/bin/clang-17 100; \ - update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-17 100; \ - update-alternatives --install /usr/bin/ld ld /usr/bin/ld.lld-17 100; \ - echo "-L /usr/lib/llvm-17/lib/clang/17/lib/linux" > /usr/lib/llvm-17/bin/clang.cfg; \ + update-alternatives --install /usr/bin/cc cc /usr/bin/clang-19 100; \ + update-alternatives --install /usr/bin/c++ c++ /usr/bin/clang++-19 100; \ + update-alternatives --install /usr/bin/clang clang /usr/bin/clang-19 100; \ + update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-19 100; \ + update-alternatives --install /usr/bin/ld ld /usr/bin/ld.lld-19 100; \ + echo "-L /usr/lib/llvm-19/lib/clang/19/lib/linux" > /usr/lib/llvm-19/bin/clang.cfg; \ # Include libasan library path - echo /usr/lib/llvm-17/lib/clang/17/lib/linux > /etc/ld.so.conf.d/libasan.conf && ldconfig + echo /usr/lib/llvm-19/lib/clang/19/lib/linux > /etc/ld.so.conf.d/libasan.conf && ldconfig ENV CMAKE_VERSION="3.24.4" diff --git a/dockerfiles/ci/bookworm/build-extensions.sh b/dockerfiles/ci/bookworm/build-extensions.sh index bb643e266b8..8a6ebe891bb 100755 --- a/dockerfiles/ci/bookworm/build-extensions.sh +++ b/dockerfiles/ci/bookworm/build-extensions.sh @@ -8,7 +8,7 @@ PHP_ZTS=$(php -r 'echo PHP_ZTS;') EXTENSION_DIR=$(php-config --extension-dir) # This make `pecl install` use all available cores -export MAKEFLAGS="-j $(nproc)" +export MAKEFLAGS="-s -j $(nproc)" XDEBUG_VERSIONS=(-3.1.2) if [[ $PHP_VERSION_ID -le 70 ]]; then @@ -64,6 +64,8 @@ elif [[ $PHP_VERSION_ID -le 74 ]]; then SQLSRV_VERSION=-5.8.0 elif [[ $PHP_VERSION_ID -le 80 ]]; then SQLSRV_VERSION=-5.11.0 +elif [[ $PHP_VERSION_ID -le 82 ]]; then + SQLSRV_VERSION=-5.12.0 fi HOST_ARCH=$(if [[ $(file $(readlink -f $(which php))) == *aarch64* ]]; then echo "aarch64"; else echo "x86_64"; fi) @@ -195,7 +197,7 @@ else # ext-grpc is needed for google spanner if [[ $PHP_VERSION_ID -ge 80 && $PHP_VERSION_ID -lt 85 ]]; then - pecl install grpc; + pecl install grpc-1.78.0; # avoid installing it by default, it seems to stall some testsuites. fi diff --git a/dockerfiles/ci/bookworm/build-php.sh b/dockerfiles/ci/bookworm/build-php.sh index 1f3a60de6f7..29e622b447d 100755 --- a/dockerfiles/ci/bookworm/build-php.sh +++ b/dockerfiles/ci/bookworm/build-php.sh @@ -91,7 +91,7 @@ ${PHP_SRC_DIR}/configure \ --with-config-file-path=${INSTALL_DIR} \ --with-config-file-scan-dir=${INSTALL_DIR}/conf.d -make -j "$((`nproc`+1))" || true +make -s -j "$((`nproc`+1))" || true if ! [[ -f ext/phar/phar.phar ]] && [[ ${INSTALL_VERSION} == *asan* ]]; then # Cross-compilation with asan and qemu will fail with a segfault instead. Handle this. @@ -99,7 +99,7 @@ if ! [[ -f ext/phar/phar.phar ]] && [[ ${INSTALL_VERSION} == *asan* ]]; then mkdir -p ext/phar/ touch ext/phar/phar.phar # ensure compilation finishes, then back up php - make || true; + make -s || true; exit; fi @@ -109,7 +109,7 @@ if [[ ${INSTALL_VERSION} != *asan* ]]; then # In two steps, because: You've configured multiple SAPIs to be built. You can build only one SAPI module plus CGI, CLI and FPM binaries at the same time. sed -i 's/--enable-embed/--with-apxs2=\/usr\/bin\/apxs2/' config.nice ./config.nice - make -j "$((`nproc`+1))" + make -s -j "$((`nproc`+1))" cp .libs/libphp*.so ${INSTALL_DIR}/lib/apache2handler-libphp.so fi diff --git a/dockerfiles/ci/bookworm/docker-compose.yml b/dockerfiles/ci/bookworm/docker-compose.yml index fa7315ca71b..b771375e0b3 100644 --- a/dockerfiles/ci/bookworm/docker-compose.yml +++ b/dockerfiles/ci/bookworm/docker-compose.yml @@ -22,8 +22,8 @@ services: args: <<: *build-base phpVersion: "8.5" - phpTarGzUrl: https://www.php.net/distributions/php-8.5.1.tar.gz - phpSha256Hash: "915492958081409a5e3ef99df969bcfa5b33bdf9517bd077991747e17fa2c1b7" + phpTarGzUrl: https://www.php.net/distributions/php-8.5.4.tar.gz + phpSha256Hash: "4fef7f44eff3c18e329504cb0d3eb30b41cf54e2db05cb4ebe8b78fc37d38ce1" php-8.4: image: datadog/dd-trace-ci:php-8.4_bookworm-$BOOKWORM_NEXT_VERSION @@ -34,8 +34,8 @@ services: args: <<: *build-base phpVersion: "8.4" - phpTarGzUrl: https://www.php.net/distributions/php-8.4.16.tar.gz - phpSha256Hash: "8e35d24f148ea7c2a93e9b9bcc329e8bf78b5bb922f3723a727c74c19d184e98" + phpTarGzUrl: https://www.php.net/distributions/php-8.4.19.tar.gz + phpSha256Hash: "9e862435ffb533dc5b0eb486170a74e5f7c8095e8eb8819a2ff5aad430292a18" php-8.3: image: datadog/dd-trace-ci:php-8.3_bookworm-$BOOKWORM_NEXT_VERSION @@ -46,8 +46,8 @@ services: args: <<: *build-base phpVersion: "8.3" - phpTarGzUrl: https://www.php.net/distributions/php-8.3.29.tar.gz - phpSha256Hash: "8565fa8733c640b60da5ab4944bf2d4081f859915b39e29b3af26cf23443ed97" + phpTarGzUrl: https://www.php.net/distributions/php-8.3.30.tar.gz + phpSha256Hash: "e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386" php-8.2: image: datadog/dd-trace-ci:php-8.2_bookworm-$BOOKWORM_NEXT_VERSION @@ -58,8 +58,8 @@ services: args: <<: *build-base phpVersion: "8.2" - phpTarGzUrl: https://www.php.net/distributions/php-8.2.28.tar.gz - phpSha256Hash: "3318300888de5023720cc84efad5e005e53f30b5f0072fae65a750dabcaf6ec3" + phpTarGzUrl: https://www.php.net/distributions/php-8.2.30.tar.gz + phpSha256Hash: "a0fa6673ba4b0c8335fbab08afb7c2e13a3791f2b5a0928c7ad3d7ad872edf26" php-8.1: image: datadog/dd-trace-ci:php-8.1_bookworm-$BOOKWORM_NEXT_VERSION diff --git a/dockerfiles/ci/bookworm/php-8.5/0001-Disable-preserve_none-under-ASan.patch b/dockerfiles/ci/bookworm/php-8.5/0001-Disable-preserve_none-under-ASan.patch new file mode 100644 index 00000000000..7014fac1c71 --- /dev/null +++ b/dockerfiles/ci/bookworm/php-8.5/0001-Disable-preserve_none-under-ASan.patch @@ -0,0 +1,32 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Levi Morrison +Date: Mon, 07 Apr 2026 00:00:00 +0000 +Subject: [PATCH] Disable preserve_none under ASan + +preserve_none combined with -fsanitize=address crashes clang 19+ on +x86-64. Disable it when ASan is active, following the same fix applied +in llvm-project (commit 996157c). + +See: https://github.com/llvm/llvm-project/issues/95928 +--- + Zend/zend_portability.h | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/Zend/zend_portability.h b/Zend/zend_portability.h +index 6546ebfb5b7..3b657f7b9d9 100644 +--- a/Zend/zend_portability.h ++++ b/Zend/zend_portability.h +@@ -333,7 +333,12 @@ char *alloca(); + #endif + + #ifdef HAVE_PRESERVE_NONE +-# define ZEND_PRESERVE_NONE __attribute__((preserve_none)) ++# if __has_feature(address_sanitizer) || defined(__SANITIZE_ADDRESS__) ++/* preserve_none + ASan crashes clang 19+ on x86-64, see llvm/llvm-project#95928 */ ++# define ZEND_PRESERVE_NONE ++# else ++# define ZEND_PRESERVE_NONE __attribute__((preserve_none)) ++# endif + #endif + + diff --git a/dockerfiles/ci/bookworm/php-8.5/Dockerfile b/dockerfiles/ci/bookworm/php-8.5/Dockerfile index c342f2c81ba..5a98c2832af 100644 --- a/dockerfiles/ci/bookworm/php-8.5/Dockerfile +++ b/dockerfiles/ci/bookworm/php-8.5/Dockerfile @@ -10,12 +10,14 @@ COPY php-8.5/suppr.txt /home/circleci/suppr.txt FROM --platform=$BUILDPLATFORM $BUILD_BASE AS src ARG phpTarGzUrl ARG phpSha256Hash +COPY php-8.5/0001-Disable-preserve_none-under-ASan.patch /home/circleci RUN set -eux; \ curl -fsSL -o /tmp/php.tar.gz "${phpTarGzUrl}"; \ (echo "${phpSha256Hash} /tmp/php.tar.gz" | sha256sum -c -); \ tar xf /tmp/php.tar.gz -C "${PHP_SRC_DIR}" --strip-components=1; \ rm -f /tmp/php.tar.gz; \ cd ${PHP_SRC_DIR}; \ + git apply /home/circleci/0001-Disable-preserve_none-under-ASan.patch; \ # We need to remove the dl() calls from run-tests as some extensions don't properly switch interned string storage for INIs. \ sed -i 's/\bdl(/(bool)(/' run-tests.php; \ ./buildconf --force; diff --git a/dockerfiles/ci/centos/7/base.Dockerfile b/dockerfiles/ci/centos/7/base.Dockerfile index 23198e0e55b..7c697400776 100644 --- a/dockerfiles/ci/centos/7/base.Dockerfile +++ b/dockerfiles/ci/centos/7/base.Dockerfile @@ -7,6 +7,9 @@ RUN set -eux; \ sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo; \ sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo; \ echo 'ip_resolve = IPv4' >>/etc/yum.conf; \ +# kernel and linux-firmware are useless in containers (host kernel is used); +# excluding them globally prevents ~183 MB of waste from being pulled in as side-effects. + echo 'exclude=kernel-core* kernel-modules* linux-firmware' >>/etc/yum.conf; \ yum update -y; \ yum install -y \ centos-release-scl \ @@ -33,7 +36,6 @@ RUN set -eux; \ sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/CentOS-SCLo-*.repo; \ yum update nss nss-util nss-sysinit nss-tools; \ yum install -y --nogpgcheck devtoolset-7; \ - yum install -y --nogpgcheck devtoolset-9; \ yum clean all; ENV SRC_DIR=/usr/local/src @@ -46,7 +48,7 @@ RUN source scl_source enable devtoolset-7; set -eux; \ cd "${SRC_DIR}/m4"; \ mkdir -v 'build' && cd 'build'; \ ../configure && make -j $(nproc) && make install; \ - cd - && rm -fr build + cd - && rm -fr build "${SRC_DIR}/m4" # Latest version of autoconf required RUN set -eux; \ @@ -54,7 +56,7 @@ RUN set -eux; \ cd "${SRC_DIR}/autoconf"; \ mkdir -v 'build' && cd 'build'; \ ../configure && make -j $(nproc) && make install; \ - cd - && rm -fr build + cd - && rm -fr build "${SRC_DIR}/autoconf" # Automake required RUN set -eux; \ @@ -62,7 +64,7 @@ RUN set -eux; \ cd "${SRC_DIR}/automake"; \ mkdir -v 'build' && cd 'build'; \ ../configure && make -j $(nproc) && make install; \ - cd - && rm -fr build + cd - && rm -fr build "${SRC_DIR}/automake" # Libtool required RUN set -eux; \ @@ -70,14 +72,14 @@ RUN set -eux; \ cd "${SRC_DIR}/libtool"; \ mkdir -v 'build' && cd 'build'; \ ../configure && make -j $(nproc) && make install; \ - cd - && rm -fr build + cd - && rm -fr build "${SRC_DIR}/libtool" # Required: libxml >= 2.9.0 (default version is 2.7.6) RUN source scl_source enable devtoolset-7; set -eux; \ /root/download-src.sh libxml2 http://xmlsoft.org/sources/libxml2-2.9.10.tar.gz; \ cd "${SRC_DIR}/libxml2"; \ mkdir -v 'build' && cd 'build'; \ - ../configure --with-python=no && make -j $(nproc) && make install; \ + ../configure --with-python=no --disable-static && make -j $(nproc) && make install; \ cd - && rm -fr build # Required: libffi >= 3.0.11 (default version is 3.0.5) @@ -85,7 +87,7 @@ RUN source scl_source enable devtoolset-7; set -eux; \ /root/download-src.sh libffi https://github.com/libffi/libffi/releases/download/v3.4.2/libffi-3.4.2.tar.gz; \ cd "${SRC_DIR}/libffi"; \ mkdir -v 'build' && cd 'build'; \ - ../configure && make -j $(nproc) && make install; \ + ../configure --disable-static && make -j $(nproc) && make install; \ cd - && rm -fr build # Required: oniguruma (not installed by default) @@ -93,7 +95,7 @@ RUN source scl_source enable devtoolset-7; set -eux; \ /root/download-src.sh oniguruma https://github.com/kkos/oniguruma/releases/download/v6.9.5_rev1/onig-6.9.5-rev1.tar.gz; \ cd "${SRC_DIR}/oniguruma"; \ mkdir -v 'build' && cd 'build'; \ - ../configure && make -j $(nproc) && make install; \ + ../configure --disable-static && make -j $(nproc) && make install; \ cd - && rm -fr build # Required: bison >= 3.0.0 (not installed by default) @@ -102,7 +104,7 @@ RUN source scl_source enable devtoolset-7; set -eux; \ cd "${SRC_DIR}/bison"; \ mkdir -v 'build' && cd 'build'; \ ../configure && make -j $(nproc) && make install; \ - cd - && rm -fr build + cd - && rm -fr build "${SRC_DIR}/bison" # Required: re2c >= 0.13.4 (not installed by default) RUN source scl_source enable devtoolset-7; set -eux; \ @@ -110,15 +112,17 @@ RUN source scl_source enable devtoolset-7; set -eux; \ cd "${SRC_DIR}/re2c"; \ mkdir -v 'build' && cd 'build'; \ ../configure && make -j $(nproc) && make install; \ - cd - && rm -fr build + cd - && rm -fr build "${SRC_DIR}/re2c" # Required: CMake >= 3.20.0 (default version is 2.8.12.2) RUN source scl_source enable devtoolset-7; set -eux; \ /root/download-src.sh cmake https://github.com/Kitware/CMake/releases/download/v3.28.6/cmake-3.28.6.tar.gz; \ cd "${SRC_DIR}/cmake"; \ mkdir -v 'build' && cd 'build'; \ - ../bootstrap && make -j $(nproc) && make install; \ - cd - && rm -fr build + ../bootstrap -- -DBUILD_CursesDialog=OFF && make -j $(nproc) && make install; \ + cd - && rm -fr build "${SRC_DIR}/cmake" \ + && rm -f /usr/local/bin/cpack \ + && rm -rf /usr/local/share/cmake-*/Help /usr/local/share/doc/cmake* /usr/local/share/man/man1/cmake* # Install Catch2 RUN set -eux; \ @@ -126,7 +130,7 @@ RUN set -eux; \ cd "${SRC_DIR}/catch2"; \ cmake -Bbuild -H. -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/opt/catch2 -DCATCH_BUILD_STATIC_LIBRARY=ON; \ cmake --build build/ --target install; \ - cd - && rm -fr build + rm -fr "${SRC_DIR}/catch2" # PHP 8.4+ requires OpenSSL >= 1.1.1 RUN source scl_source enable devtoolset-7; set -ex; \ @@ -135,6 +139,7 @@ RUN source scl_source enable devtoolset-7; set -ex; \ mkdir -v 'build' && cd 'build'; \ ../config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib; \ make -j $(nproc) && make install; \ + rm -f /usr/local/openssl/lib/*.a; \ echo "export PATH=/usr/local/openssl/bin:\$PATH" > /etc/profile.d/openssl.sh; \ echo "export LD_LIBRARY_PATH=/usr/local/openssl/lib:\$LD_LIBRARY_PATH" >> /etc/profile.d/openssl.sh; \ source /etc/profile.d/openssl.sh; \ @@ -148,6 +153,7 @@ RUN source scl_source enable devtoolset-7; set -ex; \ mkdir -v 'build' && cd 'build'; \ ../configure --prefix=/usr/local/zlib; \ make -j $(nproc) && make install; \ + rm -f /usr/local/zlib/lib/*.a; \ cd - && rm -fr build RUN source scl_source enable devtoolset-7; set -eux; \ @@ -172,7 +178,7 @@ RUN source scl_source enable devtoolset-7; set -ex; \ /root/download-src.sh curl https://curl.se/download/curl-7.61.1.tar.gz; \ cd "${SRC_DIR}/curl"; \ mkdir -v 'build' && cd 'build'; \ - ../configure --prefix=/usr/local/curl --with-ssl=/usr/local/openssl; \ + ../configure --prefix=/usr/local/curl --with-ssl=/usr/local/openssl --disable-static; \ make -j $(nproc) && make install; \ cd - && rm -fr build @@ -181,19 +187,20 @@ RUN source scl_source enable devtoolset-7; set -ex; \ /root/download-src.sh sqlite3 https://www.sqlite.org/2024/sqlite-autoconf-3460000.tar.gz; \ cd "${SRC_DIR}/sqlite3"; \ mkdir -v 'build' && cd 'build'; \ - ../configure --prefix=/usr/local/sqlite3; \ + ../configure --prefix=/usr/local/sqlite3 --disable-static; \ make -j $(nproc) && make install; \ cd - && rm -fr build ENV PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/local/lib/pkgconfig:/usr/local/lib64/pkgconfig:/usr/local/openssl/lib/pkgconfig:/usr/local/zlib/lib/pkgconfig:/usr/local/curl/lib/pkgconfig:/usr/local/sqlite3/lib/pkgconfig" # Caution, takes a very long time! Since we have to build one from source, -# I picked LLVM 17, which matches Rust 1.76. +# I picked LLVM 19, which matches Rust 1.84. # Ordinarily we leave sources, but LLVM is 2GiB just for the sources... # Minimum: libclang. Nice-to-have: full toolchain including linker to play # with cross-language link-time optimization. Needs to match rustc -Vv's llvm # version. -RUN source scl_source enable devtoolset-9 \ +RUN yum install -y --nogpgcheck devtoolset-9 \ + && source scl_source enable devtoolset-9 \ && yum install -y python3 \ && /root/download-src.sh ninja https://github.com/ninja-build/ninja/archive/refs/tags/v1.11.0.tar.gz \ && mkdir -vp "${SRC_DIR}/ninja/build" \ @@ -204,35 +211,19 @@ RUN source scl_source enable devtoolset-9 \ && cd - \ && rm -fr "${SRC_DIR}/ninja" \ && cd /usr/local/src \ - && git clone --depth 1 -b release/17.x https://github.com/llvm/llvm-project.git \ + && git clone --depth 1 -b release/19.x https://github.com/llvm/llvm-project.git \ && mkdir -vp llvm-project/build \ && cd llvm-project/build \ - && cmake -G Ninja -DLLVM_ENABLE_PROJECTS="clang;lld" -DLLVM_TARGETS_TO_BUILD=host -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local ../llvm \ + && cmake -G Ninja -DLLVM_ENABLE_PROJECTS="clang;lld" -DLLVM_TARGETS_TO_BUILD=host -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local -DLLVM_INCLUDE_TESTS=OFF -DLLVM_ENABLE_BINDINGS=OFF -DLLVM_INSTALL_TOOLCHAIN_ONLY=ON ../llvm \ && cmake --build . --parallel $(nproc) --target "install/strip" \ && rm -f /usr/local/lib/libclang*.a /usr/local/lib/libLLVM*.a \ + && rm -rf /usr/local/include/llvm /usr/local/include/clang \ + && rm -rf /usr/local/lib/cmake/llvm /usr/local/lib/cmake/clang /usr/local/lib/cmake/lld \ && cd - \ && rm -fr llvm-project \ - && yum remove -y python3 \ + && yum remove -y python3 'devtoolset-9*' \ && yum clean all -ARG PROTOBUF_VERSION="3.19.4" -ARG PROTOBUF_SHA256="89ac31a93832e204db6d73b1e80f39f142d5747b290f17340adce5be5b122f94" -RUN source scl_source enable devtoolset-7 \ - && FILENAME=protobuf-cpp-${PROTOBUF_VERSION}.tar.gz \ - && cd /usr/local/src \ - && curl -L -O "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOBUF_VERSION}/${FILENAME}" \ - && tar --no-same-owner -xf "$FILENAME" \ - && cd protobuf-${PROTOBUF_VERSION} \ - && ./configure \ - --prefix=/usr/local \ - --libdir=/usr/local/lib64 \ - --with-pic \ - --disable-shared \ - --enable-static \ - && make -j $(nproc) \ - && make install \ - && cd - \ - && rm -fr "$FILENAME" "${FILENAME%.tar.gz}" "protobuf-${PROTOBUF_VERSION}" # rust sha256sum generated locally after verifying it with sha256 ARG RUST_VERSION="1.84.1" diff --git a/dockerfiles/ci/centos/7/docker-compose.yml b/dockerfiles/ci/centos/7/docker-compose.yml index d33190384a7..fd29fa339a0 100644 --- a/dockerfiles/ci/centos/7/docker-compose.yml +++ b/dockerfiles/ci/centos/7/docker-compose.yml @@ -73,8 +73,8 @@ services: x-bake: *bake args: phpVersion: "8.0" - phpTarGzUrl: https://www.php.net/distributions/php-8.0.27.tar.gz - phpSha256Hash: fe2376faaf91c28ead89a36e118c177f4a8c9a7280a189b97265da1af1f4d305 + phpTarGzUrl: https://www.php.net/distributions/php-8.0.30.tar.gz + phpSha256Hash: 449d2048fcb20a314d8c218097c6d1047a9f1c5bb72aa54d5d3eba0a27a4c80c image: 'datadog/dd-trace-ci:php-8.0_centos-7' php-8.1: @@ -84,8 +84,8 @@ services: x-bake: *bake args: phpVersion: "8.1" - phpTarGzUrl: https://www.php.net/distributions/php-8.1.31.tar.gz - phpSha256Hash: "618923b407c4575bfee085f00c4aaa16a5cc86d4b1eb893c0f352d61541bbfb1" + phpTarGzUrl: https://www.php.net/distributions/php-8.1.32.tar.gz + phpSha256Hash: "4846836d1de27dbd28e89180f073531087029a77e98e8e019b7b2eddbdb1baff" image: 'datadog/dd-trace-ci:php-8.1_centos-7' php-8.2: @@ -95,8 +95,8 @@ services: x-bake: *bake args: phpVersion: "8.2" - phpTarGzUrl: https://www.php.net/distributions/php-8.2.26.tar.gz - phpSha256Hash: "04e47b46b347ed6404dcc9e9989486710b075eafc8490500fd271aeeac5d83cb" + phpTarGzUrl: https://www.php.net/distributions/php-8.2.30.tar.gz + phpSha256Hash: "a0fa6673ba4b0c8335fbab08afb7c2e13a3791f2b5a0928c7ad3d7ad872edf26" image: 'datadog/dd-trace-ci:php-8.2_centos-7' php-8.3: @@ -106,8 +106,8 @@ services: x-bake: *bake args: phpVersion: "8.3" - phpTarGzUrl: https://www.php.net/distributions/php-8.3.14.tar.gz - phpSha256Hash: "e4ee602c31e2f701c9f0209a2902dd4802727431246a9155bf56dda7bcf7fb4a" + phpTarGzUrl: https://www.php.net/distributions/php-8.3.30.tar.gz + phpSha256Hash: "e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386" image: 'datadog/dd-trace-ci:php-8.3_centos-7' php-8.4: @@ -117,8 +117,8 @@ services: x-bake: *bake args: phpVersion: "8.4" - phpTarGzUrl: https://www.php.net/distributions/php-8.4.1.tar.gz - phpSha256Hash: "c3d1ce4157463ea43004289c01172deb54ce9c5894d8722f4e805461bf9feaec" + phpTarGzUrl: https://www.php.net/distributions/php-8.4.19.tar.gz + phpSha256Hash: "9e862435ffb533dc5b0eb486170a74e5f7c8095e8eb8819a2ff5aad430292a18" image: 'datadog/dd-trace-ci:php-8.4_centos-7' php-8.5: @@ -128,6 +128,6 @@ services: x-bake: *bake args: phpVersion: "8.5" - phpTarGzUrl: https://downloads.php.net/~daniels/php-8.5.0RC3.tar.gz - phpSha256Hash: "937e544d72ee1eb28d2190cadaadf8e5e8d7d8c365b5c1f6a99b4f979a1f3a1b" + phpTarGzUrl: https://www.php.net/distributions/php-8.5.4.tar.gz + phpSha256Hash: "4fef7f44eff3c18e329504cb0d3eb30b41cf54e2db05cb4ebe8b78fc37d38ce1" image: 'datadog/dd-trace-ci:php-8.5_centos-7' diff --git a/dockerfiles/ci/xfail_tests/8.4.list b/dockerfiles/ci/xfail_tests/8.4.list index e68b02af9d0..3ef7b4ef41f 100644 --- a/dockerfiles/ci/xfail_tests/8.4.list +++ b/dockerfiles/ci/xfail_tests/8.4.list @@ -129,6 +129,7 @@ ext/readline/tests/libedit_callback_handler_remove_001.phpt ext/simplexml/tests/bug51615.phpt ext/soap/tests/bugs/bug77088.phpt ext/soap/tests/soap_qname_crash.phpt +ext/sockets/tests/gh21161.phpt ext/sockets/tests/socket_create_listen-nobind.phpt ext/sockets/tests/socket_import_stream-4.phpt ext/spl/tests/bug40091.phpt diff --git a/dockerfiles/ci/xfail_tests/8.5.list b/dockerfiles/ci/xfail_tests/8.5.list index 1910a73d677..0f467d89fb3 100644 --- a/dockerfiles/ci/xfail_tests/8.5.list +++ b/dockerfiles/ci/xfail_tests/8.5.list @@ -129,6 +129,7 @@ ext/readline/tests/libedit_callback_handler_remove_001.phpt ext/simplexml/tests/bug51615.phpt ext/soap/tests/bugs/bug77088.phpt ext/soap/tests/soap_qname_crash.phpt +ext/sockets/tests/gh21161.phpt ext/sockets/tests/socket_create_listen-nobind.phpt ext/sockets/tests/socket_import_stream-4.phpt ext/spl/tests/bug40091.phpt diff --git a/dockerfiles/ci/xfail_tests/README.md b/dockerfiles/ci/xfail_tests/README.md index 247506dfaaa..03e8903e422 100644 --- a/dockerfiles/ci/xfail_tests/README.md +++ b/dockerfiles/ci/xfail_tests/README.md @@ -248,3 +248,9 @@ Disabled on all versions (where present). The bundled test certificates expired on 2026-04-02. The TLS handshake fails because the client rejects the expired server certificates, causing `stream_socket_client` to return `false`. +## `ext/sockets/tests/gh21161.phpt` + +Disabled on versions: `8.4`, `8.5`. + +The test calls `socket_create(AF_INET6, ...)` without a SKIPIF guard for IPv6 availability (only skips on Windows). In CI (Kubernetes pods), IPv6 is not available, so `socket_create` returns `false`. The subsequent `socket_set_option(false, ...)` call throws a `TypeError` instead of producing the expected warnings. This is an upstream bug in the test's SKIPIF section. + diff --git a/tooling/bin/build-debug-artifact b/tooling/bin/build-debug-artifact index 1786c2af69a..8cf8bfaa41c 100755 --- a/tooling/bin/build-debug-artifact +++ b/tooling/bin/build-debug-artifact @@ -218,7 +218,7 @@ cp tmp/build_extension/modules/ddtrace.so /output/ddtrace.so")" if [[ "$BUILD_PROFILER" == "1" ]]; then PROFILER_SCRIPT="$(_preamble "if [ -f /sbin/apk ] && [ \$(uname -m) = 'aarch64' ]; then - ln -sf ../lib/llvm17/bin/clang /usr/bin/clang + ln -sf ../lib/llvm19/bin/clang /usr/bin/clang fi (cd profiling && CARGO_TARGET_DIR=${HOME_DIR}/tmp/build_profiler cargo build --profile profiler-release) cp ${HOME_DIR}/tmp/build_profiler/profiler-release/libdatadog_php_profiling.so /output/datadog-profiling${EXT_SUFFIX}.so")"