Skip to content

Commit dea02f0

Browse files
committed
CI/build: fix release matrix for macOS, Linux x86_64, and Lambda/Bref
First release run surfaced three platform-specific build breaks: - macOS (all): linking a cdylib that references Zend symbols fails because macOS ld rejects undefined symbols. Add .cargo/config.toml pinning `-undefined dynamic_lookup` for the macOS target (also fixes local macOS builds), so Zend/PHP symbols resolve at extension load time. - Linux x86_64 (8.4/8.5): bindgen hit a clang-14 emmintrin.h SSE2 bug on ubuntu-22.04. Install clang-15/libclang-15-dev and point bindgen at it via LIBCLANG_PATH; keep ubuntu-22.04 so the generic build stays glibc-2.35 portable. aarch64 was unaffected (no x86 SSE header) and already passed. - Lambda/Bref (all 4): dnf segfaulted inside the AL2023 Bref image under Docker's default seccomp profile. Run the build container with `--security-opt seccomp=unconfined`, install clang-devel for the libclang symlink, and set LIBCLANG_PATH=/usr/lib64. Mirror the Bref docker fixes in docs/install.md's build-from-source snippet. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01R3vgA3Q6PR9VQn8X5pLcMR
1 parent be7c059 commit dea02f0

3 files changed

Lines changed: 25 additions & 5 deletions

File tree

.cargo/config.toml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# PHP extensions are loaded into the running PHP process, which already provides
2+
# the Zend/PHP symbols (zend_*, php_*). On macOS the linker rejects undefined
3+
# symbols by default, so a cdylib that references them fails to link. Tell the
4+
# linker to resolve those symbols dynamically at load time instead. (On Linux
5+
# this is the default behaviour, so no flag is needed there.)
6+
[target.'cfg(target_os = "macos")']
7+
rustflags = ["-C", "link-arg=-undefined", "-C", "link-arg=dynamic_lookup"]

.github/workflows/release.yml

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -42,8 +42,13 @@ jobs:
4242
env:
4343
phpts: nts
4444
- uses: dtolnay/rust-toolchain@1.96
45-
- run: sudo apt-get update && sudo apt-get install -y clang libclang-dev
45+
# ubuntu-22.04 (kept for glibc 2.35 portability) defaults to clang 14,
46+
# whose emmintrin.h trips a bindgen SSE2 intrinsics bug when parsing the
47+
# PHP headers on x86_64. clang 15+ fixes it; aarch64 never hits it.
48+
- run: sudo apt-get update && sudo apt-get install -y clang-15 libclang-15-dev
4649
- run: cargo build --release
50+
env:
51+
LIBCLANG_PATH: /usr/lib/llvm-15/lib
4752
- name: Stage artifact
4853
run: |
4954
mkdir -p dist
@@ -79,15 +84,19 @@ jobs:
7984
# `container:`) so checkout/runner tooling stays on the host. The arm64
8085
# runner pulls the arm64 Bref image and builds an arm64 binary natively.
8186
- name: Build in Bref image (${{ matrix.image }})
87+
# --security-opt seccomp=unconfined: AL2023's rpm/dnf segfaults under
88+
# Docker's default seccomp profile, so relax it for the build container.
8289
run: |
83-
docker run --rm -v "$PWD":/src --entrypoint /bin/bash \
90+
docker run --rm --security-opt seccomp=unconfined \
91+
-v "$PWD":/src --entrypoint /bin/bash \
8492
"${{ matrix.image }}" -lc '
8593
set -euo pipefail
86-
dnf install -y clang
94+
dnf install -y clang clang-devel
8795
curl --proto "=https" --tlsv1.2 -sSf https://sh.rustup.rs \
8896
| sh -s -- -y --default-toolchain none
8997
export PATH="$HOME/.cargo/bin:/opt/bin:$PATH"
9098
export CARGO_TARGET_DIR=/tmp/target
99+
export LIBCLANG_PATH=/usr/lib64
91100
cd /src
92101
cargo build --release # rust-toolchain.toml pins the version
93102
mkdir -p dist

docs/install.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -96,10 +96,14 @@ links against Amazon Linux's glibc. Use `bref/build-php-8x` for x86_64 and
9696
`bref/arm-build-php-8x` for arm64 (and the matching PHP version):
9797

9898
```sh
99-
docker run --rm -v "$PWD":/src --entrypoint /bin/bash bref/build-php-84 -lc '
100-
dnf install -y clang
99+
# --security-opt seccomp=unconfined: AL2023's dnf segfaults under Docker's
100+
# default seccomp profile.
101+
docker run --rm --security-opt seccomp=unconfined \
102+
-v "$PWD":/src --entrypoint /bin/bash bref/build-php-84 -lc '
103+
dnf install -y clang clang-devel
101104
curl --proto "=https" -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain none
102105
export PATH="$HOME/.cargo/bin:/opt/bin:$PATH" CARGO_TARGET_DIR=/tmp/target
106+
export LIBCLANG_PATH=/usr/lib64
103107
cd /src && cargo build --release
104108
cp /tmp/target/release/libphp_quickjs.so /src/quickjs.so
105109
'

0 commit comments

Comments
 (0)