Possible to leverage nix to build container images with very old glibc version?

To build for very old glibc targets (e.g. arm NAS with glibc versions as old as 2.17) I’m using custom build containers based on very old debian and ubuntu images that are selected specifically for their glibc version. The building of these images is tedious, inconsistent and error-prone, because for some deps they need to include updated versions of e.g. gcc and openssl, that need to be built from source, because they are not available via apt (backports).

I’m using buildah with Makefile and custom builder sh scripts to build the images, but for most arch/glibc pairs I need specific workarounds, so it’s kind of cumbersome.

I recently had a great experience building a very specific build image in a devShell flake, i.e. get an image that has similar inputs as the devShell and will therefore behave the same in a CI as in a dev env, and as a workflow I find this very attractive.

So my thought was whether it could be at all possible to build the above mentioned images leveraging nix, but with Nix Package Versions it doesn’t nearly go back far enough.

So the next possibility could be to “just” override the versions of packages in an overlay (and especially the components of stdenv (and use qemu for non-native archs), but given the notorious difficulty of bootstrapping old glibc this is probably doomed to fail?

Or is it?

Any informed opinions?

I’ve never done this for something as low-level as glibc, so I guess my opinion is only semi-informed, but: it is possible to ‘import’ old versions of nixpkgs side-by-side your ‘current’ version and get the glibc from there. I’m fairly confident that should provide an ‘easy’ way to build that old glibc - though how easy it would be to effectively use it I’m not so sure.

1 Like

Possibly one challenge with the import strategy is, that if we’re talking nixpkgs 17.xx-ish it could still be ok (even though one would have to get the glibc version by actually importing it, since it’s not anymore(?) available from above mentioned search site), but I fear that going much further back (~2014-ish?) might bring it’s own compatibility problems, but I guess there’s only one way to find out…(i.e. try it).