Pin Linux release runner to ubuntu-22.04, bump to 0.2.3#1
Merged
gordonwoodhull merged 2 commits intomainfrom Apr 27, 2026
Merged
Pin Linux release runner to ubuntu-22.04, bump to 0.2.3#1gordonwoodhull merged 2 commits intomainfrom
gordonwoodhull merged 2 commits intomainfrom
Conversation
ubuntu-latest now resolves to Ubuntu 24.04 (glibc 2.39), which causes gcc to redirect strtol calls to __isoc23_strtol (new in glibc 2.38) when compiling vendored OpenSSL. The resulting binaries fail to load on Ubuntu 22.04, Debian 12, and RHEL 9 with: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.38' not found Pinning to ubuntu-22.04 builds against glibc 2.35 headers, which do not emit the C23 redirect. The floor drops to glibc 2.34 (the next-highest symbol used) and binaries again run on the distros Quarto targets. Reported in quarto-dev/quarto-cli#14445.
Functionally identical — same vendored OpenSSL ends up in the binary — but we no longer have to track the openssl crate version directly. One less knob to keep in sync on typst-kit upgrades. Verified resolution: - with --features vendored-openssl on x86_64-unknown-linux-gnu, cargo tree shows openssl-src 300.5.4+3.5.4 (the static OpenSSL source build) pulled in transitively as before - without the feature, openssl-src is absent and openssl-sys falls back to dynamic linking against the system libssl
Member
Author
|
Pushed a small cleanup commit (696d9f1): switched our |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
x86_64-unknown-linux-gnuandaarch64-unknown-linux-gnurelease jobs toubuntu-22.04(wasubuntu-latest).0.2.3.Why
Reported in quarto-dev/quarto-cli#14445:
typst-gatherv0.2.2 binaries fail on Ubuntu 22.04, Debian 12, and RHEL 9 with:This breaks Quarto 1.10's Typst pipeline, including in Quarto's own first-party container image (
ghcr.io/quarto-dev/quarto:1.10.3, based on Ubuntu 22.04).Root cause
objdump -Ton the v0.2.2 release artefacts (both x64 and arm64) shows a single symbol holding the GLIBC floor at 2.38:__isoc23_strtol. Every other libc symbol is<= 2.34.All three call sites land inside vendored OpenSSL — two in DRBG seed-source code (
seed_src_*) and one in X.509 verification (verify_chainneighbourhood). No other dep contributes.ubuntu-latestnow resolves to Ubuntu 24.04 (glibc 2.39). Starting in glibc 2.38, the headers redirectstrtol(and friends) to__isoc23_strtolfor C23 conformance. OpenSSL's static archive picks up that redirect at compile time and bakes the symbol into our binary.v0.1.x was unaffected because it had no
vendored-opensslfeature —openssl-sysdynamic-linked to the system libssl, so the strtol call resolved at the user's runtime against the user's libc. The static-vendor switch landed in 7f33d8c (March 2026) to fix aarch64 cross-compile linking; that's when the floor appeared. The runner image bump (22 -> 24) had to happen too, which is why this only bit Quarto 1.10.The fix
Pin the Linux release matrix entries to
ubuntu-22.04. That image ships glibc 2.35, whose headers do not define the C23 strtol redirect macros, so OpenSSL compiles plainstrtolcalls. The binary's floor drops to glibc 2.34 (the next-highest symbol used), restoring compatibility with the distros Quarto documents.ubuntu-22.04runners are supported until June 2027. We should plan a more durable answer (cargo-zigbuildwith a pinned glibc target, or a manylinux-style container build) before the runner is retired. Filed as a follow-up.Test plan
cargo build --releaseclean locallycargo test --release— 41 passed, 5 ignored (network), 0 failedtypst-gather analyzeend-to-end on a sample config +.typfile with@previewimportsobjdump -T | grep GLIBC_2.38returns nothingghcr.io/quarto-dev/quarto:1.10.3(Ubuntu 22.04)