fix: glibc build for arm64

Also use ubuntu mirrors for sources which doesn't have `sha512sum` in the URL.
`libtirpc` needed to be downgraded to 1.3.6 since ubuntu mirror doesn't have the latest yet.
Glibc is switched to 2.41 since the shasums were not updated and was actually using 2.41.

Signed-off-by: Noel Georgi <[email protected]>

Author: frezbo

Makefile

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2025-11-06T12:58:59Z by kres 4ba9b0c.
+# Generated on 2025-11-07T09:07:26Z by kres 911d166.
 
 # common variables
 
@@ -25,7 +25,7 @@ SOURCE_DATE_EPOCH := $(shell git log $(INITIAL_COMMIT_SHA) --pretty=%ct)
 
 # sync bldr image with pkgfile
 
-BLDR_RELEASE := v0.5.4
+BLDR_RELEASE := v0.5.5
 BLDR_IMAGE := ghcr.io/siderolabs/bldr:$(BLDR_RELEASE)
 BLDR := docker run --rm --user $(shell id -u):$(shell id -g) --volume $(PWD):/src --entrypoint=/bldr $(BLDR_IMAGE) --root=/src
 

Pkgfile

@@ -1,4 +1,4 @@
-# syntax = ghcr.io/siderolabs/bldr:v0.5.4
+# syntax = ghcr.io/siderolabs/bldr:v0.5.5
 
 format: v1alpha2
 
@@ -16,10 +16,10 @@ vars:
   TENSTORRENT_VERSION: 2.5.0 # update this when updating PKGS_VERSION in Makefile
   HAILORT_VERSION: 4.23.0 # update this when updating PKGS_VERSION in Makefile
 
-  # renovate: datasource=git-tags extractVersion=^libtiprc-(?<version>.*)$ depName=git://linux-nfs.org/~steved/libtirpc
-  LIBTIRPC_VERSION: 1-3-7
-  LIBTIRPC_SHA256: b47d3ac19d3549e54a05d0019a6c400674da716123858cfdb6d3bdd70a66c702
-  LIBTIRPC_SHA512: 50c0153bc72a3f9578eb7a9dc123ea531df83c455f19b03d2bc59563d8453fcd278a025eef05865d1218b2c9358a9152ee069ce0e4d11dfea4ca0a8a24221fad
+  # renovate: datasource=git-tags extractVersion=^libtiprc-(?<version>.*)$ depName=git://git.linux-nfs.org/projects/steved/libtirpc.git
+  LIBTIRPC_VERSION: 1-3-6
+  LIBTIRPC_SHA256: f9eeeb368d733e11f18ddb750a41bdf9089ba5f9476404da848c2cd295624f0d
+  LIBTIRPC_SHA512: 1e20007d030df9cde23ae3ab99cabb7977c473f9f08a37154e9f43a15c804826651ada402d2075989df65bfdc55fd7a9bda959120da890df9ccf8111cca5ecc6
   # renovate: datasource=github-tags extractVersion=^v(?<version>.*)$ depName=madler/zlib
   ZLIB_VERSION: 1.3.1
   ZLIB_SHA256: 9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23

README.md

@@ -122,7 +122,7 @@ tiers based on support level:
 | Name | Tier | Image | Version | Description |
 | ---- | ---- | ----- | ------- | ----------- |
 | [binfmt-misc](misc/binfmt-misc) | :yellow_square: extra | [ghcr.io/siderolabs/binfmt-misc](https://github.com/siderolabs/extensions/pkgs/container/binfmt-misc) | `VERSION` |  This system extension provides kernel module driver for binfmt-misc built against a specific Talos version. |
-| [glibc](misc/glibc) | :green_square: core | [ghcr.io/siderolabs/glibc](https://github.com/siderolabs/extensions/pkgs/container/glibc) | `2.42` | This system extension provides glibc. |
+| [glibc](misc/glibc) | :green_square: core | [ghcr.io/siderolabs/glibc](https://github.com/siderolabs/extensions/pkgs/container/glibc) | `2.41` | This system extension provides glibc. |
 
 ### Network
 

internal/base/pkg.yaml

@@ -3,7 +3,7 @@ variant: scratch
 shell: /bin/bash
 dependencies:
   - image: "{{ .BUILD_ARG_TOOLS_PREFIX }}/tools:{{ .BUILD_ARG_TOOLS }}"
-  - image: ghcr.io/siderolabs/extensions-validator:fe85801
+  - image: ghcr.io/siderolabs/extensions-validator:52d35f8
 finalize:
   - from: /
     to: /

misc/glibc/pkg.yaml

@@ -14,8 +14,10 @@ steps:
   - env:
       CC: gcc-14
       CXX: g++-14
+      LD_LINUX_X86_64: ld-linux-x86-64.so.2
+      LD_LINUX_AARCH64: ld-linux-aarch64.so.1
     sources:
-      - url: https://src.fedoraproject.org/lookaside/pkgs/glibc/glibc-{{ .GLIBC_VERSION }}-8-g1e0e33e1b1.tar.xz/sha512/449e3d4f6b59bfde2175c5d1be71447b084e0b12b176518b65fd9b0ac8430766b25416a173fe3efd47462bc1719d59a051e7eed9544e0fba9165dd86f69ee0b9/glibc-{{ .GLIBC_VERSION }}-8-g1e0e33e1b1.tar.xz
+      - url: https://archive.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_{{ .GLIBC_VERSION }}.orig.tar.xz
         destination: glibc.tar.xz
         sha256: {{ .GLIBC_SHA256 }}
         sha512: {{ .GLIBC_SHA512 }}
@@ -54,8 +56,12 @@ steps:
 
         cp /pkg/ld.so.conf /rootfs/usr/local/glibc/etc/ld.so.conf
 
+        ARCH_UPPER="${ARCH^^}"
+        LD_LINUX_PATH="LD_LINUX_${ARCH_UPPER}"
+        export LD_LINUX_PATH="${!LD_LINUX_PATH}"
+
         mkdir -p /rootfs/usr/lib /rootfs/usr/bin
-        ln -s /usr/local/glibc/usr/lib/ld-linux-x86-64.so.2 /rootfs/usr/lib/ld-linux-x86-64.so.2
+        ln -s /usr/local/glibc/usr/lib/${LD_LINUX_PATH} /rootfs/usr/lib/${LD_LINUX_PATH}
         ln -s /usr/local/glibc/usr/sbin/ldconfig /rootfs/usr/bin/ldconfig
 
         # cleanup

misc/vars.yaml

@@ -1,4 +1,4 @@
 # renovate: datasource=git-tags extractVersion=^glibc-(?<version>.*)$ depName=https://sourceware.org/git/glibc.git
-GLIBC_VERSION: 2.42
-GLIBC_SHA256: af71d83f774c92c5ed11cb7904332041cf7cca15ff2e7b3d6c3e708e688fe400
-GLIBC_SHA512: 449e3d4f6b59bfde2175c5d1be71447b084e0b12b176518b65fd9b0ac8430766b25416a173fe3efd47462bc1719d59a051e7eed9544e0fba9165dd86f69ee0b9
+GLIBC_VERSION: 2.41
+GLIBC_SHA256: a5a26b22f545d6b7d7b3dd828e11e428f24f4fac43c934fb071b6a7d0828e901
+GLIBC_SHA512: 894a3e5a796bc13df30c26a5bfbe4d60b5dbdaac54e7763432235124b547070c7dda88c50584536870cab79183d8cad73a3ac6ed09bfe54fa8482aad07253169

nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/libtirpc/pkg.yaml

@@ -14,13 +14,13 @@ steps:
       CC: gcc-14
       CXX: g++-14
     sources:
-      - url: https://src.fedoraproject.org/lookaside/extras/libtirpc/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2/sha512/{{ .LIBTIRPC_SHA512 }}/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2
-        destination: libtirpc.tar.bz2
+      - url: https://archive.ubuntu.com/ubuntu/pool/main/libt/libtirpc/libtirpc_{{ .LIBTIRPC_VERSION | replace "-" "." }}+ds.orig.tar.gz
+        destination: libtirpc.tar.gz
         sha256: {{ .LIBTIRPC_SHA256 }}
         sha512: {{ .LIBTIRPC_SHA512 }}
     prepare:
       - |
-        tar -xf libtirpc.tar.bz2 --strip-components=1
+        tar -xf libtirpc.tar.gz --strip-components=1
 
         ./configure \
           --prefix=/usr/local/glibc \

storage/zfs/zfs-tools/libtirpc/patches/gcc15.patch

@@ -0,0 +1,117 @@
+Patch-Source: https://src.fedoraproject.org/rpms/libtirpc/blob/77cf27589f01c5277e5cdbaf9d03b9647359b41a/f/libtirpc.1.3.7-rc3.patch
+---
+commit 240ee6c774729c9c24812aa8912f1fcf8996b162
+Author: Rudi Heitbaum <[email protected]>
+Date:   Thu Jan 2 08:46:24 2025 -0500
+
+    update signal and key_call declarations to allow compile with gcc-15
+    
+    Follow up patch addressing the following declarations:
+      sed -n 75,77p libtirpc-1.3.6/src/key_call.c
+      cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
+      cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
+      des_block *(*__key_gendes_LOCAL)() = 0;
+    
+    Signed-off-by: Rudi Heitbaum <[email protected]>
+    Signed-off-by: Steve Dickson <[email protected]>
+
+diff --git a/src/auth_time.c b/src/auth_time.c
+index 936dd76..c21b1df 100644
+--- a/src/auth_time.c
++++ b/src/auth_time.c
+@@ -248,7 +248,7 @@ __rpc_get_time_offset(td, srv, thost, uaddr, netid)
+ 	char			ut[64], ipuaddr[64];
+ 	endpoint		teps[32];
+ 	nis_server		tsrv;
+-	void			(*oldsig)() = NULL; /* old alarm handler */
++	void			(*oldsig)(int) = NULL; /* old alarm handler */
+ 	struct sockaddr_in	sin;
+ 	int			s = RPC_ANYSOCK;
+ 	socklen_t len;
+@@ -417,7 +417,7 @@ __rpc_get_time_offset(td, srv, thost, uaddr, netid)
+ 		} else {
+ 			int res;
+ 
+-			oldsig = (void (*)())signal(SIGALRM, alarm_hndler);
++			oldsig = (void (*)(int))signal(SIGALRM, alarm_hndler);
+ 			saw_alarm = 0; /* global tracking the alarm */
+ 			alarm(20); /* only wait 20 seconds */
+ 			res = connect(s, (struct sockaddr *)&sin, sizeof(sin));
+diff --git a/src/key_call.c b/src/key_call.c
+index 9f4b1d2..43f990e 100644
+--- a/src/key_call.c
++++ b/src/key_call.c
+@@ -72,9 +72,9 @@
+  * implementations of these functions, and to call those in key_call().
+  */
+ 
+-cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
+-cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
+-des_block *(*__key_gendes_LOCAL)() = 0;
++cryptkeyres *(*__key_encryptsession_pk_LOCAL)(uid_t, char *) = 0;
++cryptkeyres *(*__key_decryptsession_pk_LOCAL)(uid_t, char *) = 0;
++des_block *(*__key_gendes_LOCAL)(uid_t, char *) = 0;
+ 
+ static int key_call( u_long, xdrproc_t, void *, xdrproc_t, void *);
+ 
+
+commit d473f1e1f6ba80bfaee4daa058da159305167323
+Author: Rudi Heitbaum <[email protected]>
+Date:   Thu Dec 12 04:16:02 2024 -0500
+
+    Update declarations to allow compile with gcc-15
+    
+    This patch fixes some of the compile errors with gcc 15-20241117.
+    
+    In addition the follow declarations need to be fixed:
+      sed -n 75,77p libtirpc-1.3.6/src/key_call.c
+      cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
+      cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
+      des_block *(*__key_gendes_LOCAL)() = 0;
+    
+    Signed-off-by: Rudi Heitbaum <[email protected]>
+    Signed-off-by: Steve Dickson <[email protected]>
+
+diff --git a/src/auth_none.c b/src/auth_none.c
+index 0b0bbd1..aca6e71 100644
+--- a/src/auth_none.c
++++ b/src/auth_none.c
+@@ -62,7 +62,7 @@ static bool_t authnone_validate (AUTH *, struct opaque_auth *);
+ static bool_t authnone_refresh (AUTH *, void *);
+ static void authnone_destroy (AUTH *);
+ 
+-extern bool_t xdr_opaque_auth();
++extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
+ 
+ static struct auth_ops *authnone_ops();
+ 
+diff --git a/src/getpublickey.c b/src/getpublickey.c
+index be37a24..4e96c7c 100644
+--- a/src/getpublickey.c
++++ b/src/getpublickey.c
+@@ -52,7 +52,7 @@
+ /*
+  * Hack to let ypserv/rpc.nisd use AUTH_DES.
+  */
+-int (*__getpublickey_LOCAL)() = 0;
++int (*__getpublickey_LOCAL)(const char *, char *) = 0;
+ 
+ /*
+  * Get somebody's public key
+diff --git a/src/svc_auth_none.c b/src/svc_auth_none.c
+index 887e809..5ca98e9 100644
+--- a/src/svc_auth_none.c
++++ b/src/svc_auth_none.c
+@@ -37,8 +37,8 @@
+ 
+ #include <rpc/rpc.h>
+ 
+-static bool_t	svcauth_none_destroy();
+-static bool_t   svcauth_none_wrap();
++static bool_t	svcauth_none_destroy(SVCAUTH *);
++static bool_t   svcauth_none_wrap(SVCAUTH *, XDR *, bool_t (*)(XDR *, ...), char *);
+ 
+ struct svc_auth_ops svc_auth_none_ops = {
+ 	svcauth_none_wrap,
+
+

storage/zfs/zfs-tools/libtirpc/pkg.yaml

@@ -6,13 +6,15 @@ dependencies:
   - stage: base
 steps:
   - sources:
-      - url: https://src.fedoraproject.org/lookaside/extras/libtirpc/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2/sha512/{{ .LIBTIRPC_SHA512 }}/libtirpc-{{ .LIBTIRPC_VERSION | replace "-" "." }}.tar.bz2
-        destination: libtirpc.tar.bz2
+      - url: https://archive.ubuntu.com/ubuntu/pool/main/libt/libtirpc/libtirpc_{{ .LIBTIRPC_VERSION | replace "-" "." }}+ds.orig.tar.gz
+        destination: libtirpc.tar.gz
         sha256: {{ .LIBTIRPC_SHA256 }}
         sha512: {{ .LIBTIRPC_SHA512 }}
     prepare:
       - |
-        tar -xf libtirpc.tar.bz2 --strip-components=1
+        tar -xf libtirpc.tar.gz --strip-components=1
+
+        patch -p1 < /pkg/patches/gcc15.patch
 
         mkdir -p /usr/local/include/sys
         cp /pkg/patches/sys-queue.h /usr/local/include/sys/queue.h