Fix library paths in Apline containers

elezar · elezar · commit 0b9f8cc8f2b5 · 2025-12-09T17:50:32.000+01:00
Signed-off-by: Evan Lezar &lt;elezar@nvidia.com&gt;
diff --git a/internal/ldconfig/ldconfig.go b/internal/ldconfig/ldconfig.go
@@ -21,6 +21,7 @@ import (
 	"bufio"
 	"flag"
 	"fmt"
+	"io"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -168,6 +169,7 @@ func (l *Ldconfig) UpdateLDCache() error {
 		return fmt.Errorf("failed to write %s drop-in: %w", ldsoconfdFilenamePattern, err)
 	}
 
+	systemSearchPaths := l.getSystemSearchPaths()
 	// In most cases, the hook will be executing a host ldconfig that may be configured widely
 	// differently from what the container image expects.
 	// The common case is Debian-like (e.g. Debian, Ubuntu) vs non-Debian-like (e.g. RHEL, Fedora).
@@ -176,10 +178,15 @@ func (l *Ldconfig) UpdateLDCache() error {
 	// paths to a drop-in conf file that is likely to be last in lexicographic order. Entries in the
 	// top-level ld.so.conf file may be processed after this drop-in, but this hook does not modify
 	// the top-level file if it exists.
-	if err := createLdsoconfdFile(defaultLdsoconfdDir, ldsoconfdSystemDirsFilenamePattern, l.getSystemSearchPaths()...); err != nil {
+	if err := createLdsoconfdFile(defaultLdsoconfdDir, ldsoconfdSystemDirsFilenamePattern, systemSearchPaths...); err != nil {
 		return fmt.Errorf("failed to write %s drop-in: %w", ldsoconfdSystemDirsFilenamePattern, err)
 	}
 
+	// Also output the folders to the alpine .path file as required.
+	if err := createAlpinePathFileIfRequired(append(filteredDirectories, systemSearchPaths...)...); err != nil {
+		return err
+	}
+
 	return SafeExec(ldconfigPath, args, nil)
 }
 
@@ -246,23 +253,30 @@ func createLdsoconfdFile(ldsoconfdDir, pattern string, dirs ...string) error {
 		_ = configFile.Close()
 	}()
 
+	if err := outputListToFile(configFile, dirs...); err != nil {
+		return err
+	}
+
+	// The created file needs to be world readable for the cases where the container is run as a non-root user.
+	if err := configFile.Chmod(0644); err != nil {
+		return fmt.Errorf("failed to chmod config file: %w", err)
+	}
+
+	return nil
+}
+
+func outputListToFile(w io.Writer, dirs ...string) error {
 	added := make(map[string]bool)
 	for _, dir := range dirs {
 		if added[dir] {
 			continue
 		}
-		_, err := fmt.Fprintf(configFile, "%s\n", dir)
+		_, err := fmt.Fprintf(w, "%s\n", dir)
 		if err != nil {
 			return fmt.Errorf("failed to update config file: %w", err)
 		}
 		added[dir] = true
 	}
-
-	// The created file needs to be world readable for the cases where the container is run as a non-root user.
-	if err := configFile.Chmod(0644); err != nil {
-		return fmt.Errorf("failed to chmod config file: %w", err)
-	}
-
 	return nil
 }
 
@@ -360,6 +374,38 @@ func processLdsoconfFile(ldsoconfFilename string) ([]string, []string, error) {
 	return directories, includedFilenames, nil
 }
 
+func createAlpinePathFileIfRequired(dirs ...string) error {
+	if !isAlpine() {
+		return nil
+	}
+
+	var pathFileName string
+	switch runtime.GOARCH {
+	case "amd64":
+		pathFileName = "/etc/ld-musl-x86_64.path"
+	case "arm64":
+		pathFileName = "/etc/ld-musl-aarch64.path"
+	}
+
+	pathFile, err := os.OpenFile(pathFileName, os.O_CREATE|os.O_APPEND|os.O_RDWR, 0644)
+	if err != nil {
+		return fmt.Errorf("could not open .path file: %w", err)
+	}
+	defer func() {
+		_ = pathFile.Close()
+	}()
+
+	return outputListToFile(pathFile, dirs...)
+}
+
+func isAlpine() bool {
+	info, err := os.Stat("/etc/alpine-release")
+	if err != nil {
+		return false
+	}
+	return !info.IsDir()
+}
+
 // isDebianLike returns true if a Debian-like distribution is detected.
 // Debian-like distributions include Debian and Ubuntu, whereas non-Debian-like
 // distributions include RHEL and Fedora.
