fix: CentOS 7 recipes (x64-glibc-217 & x64-pointer-compression & x86)

[henry-hsieh]

Why another CentOS 7 recipes fix?

In #174 , @vitaliylag provides an excellent fix for broken CentOS 7 recipes. @rvagg wants to push the PR forward, but @vitaliylag is inactive in GitHub for more than half a year now. Also, there still some users requested the older glibc version, including #190 and #192.

Can we switch to newer version of glibc?

In the last comment of #174 from @MikeMcC399 , he says the CentOS 7 is EOL for a long time and the PR might be irrelevant. I have no strong opinion to add a new recipe for higher version of glibc or keep current one (glibc 2.17). Here is a summarize table for some LTS distributions and its glibc version (information from endoflife.date):

Reference or Distro	glibc version	EoL Date (including security maintenance)
NodeJS 16 LTS	2.17	11 Sep 2023
NodeJS 18 LTS and after	2.28	N/A
Ubuntu 18.04 LTS	2.27	01 Apr 2028
Ubuntu 20.04 LTS	2.31	02 Apr 2030
Debian 10	2.28	30 Jun 2024
Debian 11	2.31	31 Aug 2026
CentOS 7	2.17	30 Jun 2024
CentOS Stream 8	2.28	31 May 2024
RHEL 7 ELS	2.17	31 May 2029
RHEL 8 ELS	2.28	31 May 2032
Oracle Linux 7	2.17	30 Jun 2028
Oracle Linux 8	2.28	31 Jul 2032
Rocky Linux 8	2.28	31 May 2029

There still some paid RHEL 7 variations are active. But if we only consider community distributions, I think it's okay to upgrade glibc to 2.27 for Ubuntu 18.04 LTS (in security maintenance period). Or completely drop the old glibc supports.

The updates since last change in #174

I kept all @vitaliylag 's commits except the last merge commit with main branch.

In response to @rvagg 's suggestions

• RAM is oging to be tight for this compile on the server we do this on, might need to add swap but it could work
• It would be nice to do some checksum verification of the downloads since we're pinning and have that opportunity

I have added it to recipes/centos7-toolchain/files/checksums.sh and recipes/x86/files/checksums.sh. The Dockerfile loads the checksums.sh and compares it with toolchain archive.

• installFromSourceCode has an id=$1 that doesn't seem to do anything

In recipes/centos7-toolchain/files/installFromSourceCode, this is replaced with expectedSha256 for the checksum checking.

• My biggest beef here is the copy-recipes.sh pattern, it breaks the isolation and adds magic that's going to be difficult to maintain into the future. There's a couple of options I see here: (1) just copypasta and be honest about the duplication, keep a note in each of them about this, or (2) how about a local base image that the others FROM? We control the order of build, so make a centos7-toolchain base and inherit from that?

I used the both approaches, the shared recipes is centos7-toolchain. The x64 variants derive their Dockerfile from the shared Dockerfile in centos7-toolchain. The docker image of x86 cannot share with x64 variants. If we want to reduce the duplication, we could create symbolic links. For example, the run.sh inside centos7-toolchain is completely the same as x86. We can symbolic-link one to another. During COPY command inside Dockerfile, it copies the content of symbolic link instead of the link itself, unless the command is assigned --link flag.

Additional changes

1. Merge latest main branch into this PR

• There are some minor conflicts with main branch. Most due to set CCACHE_BASEDIR to properly enable ccache on all builds #215. I have enabled them in all 3 recipes.
• In chore: switch to official release-keys repo #216, the gpg keys are explicitly set to gpg-only-active-keys. If we want to build the old NodeJS versions, the GPG key check will be failed because the source code of older version, e.g., v24.2.0, is signed by retired GPG key. Therefore, I change it to use the public keyring with retired keys. However, if we want to skip the absent versions, it should be reverted.

2. Build system

• In local build, if the recipe depends on shared recipe, it should build the shared recipe first.
• The x64-glibc-217 and x64-pointer-compression share the same run.sh, put in centos7-toolchain. The x86 uses its own run.sh, although it's the same as the one in centos7-toolchain.

3. Chore changes

• Align shebang with the conventions of this repo. (#!/usr/bin/env bash)
• Change yum package url from http to https