build: update benv to trixie (#401)

- update clang/llvm versions
- update linter versions
- fix usage of depreceated apt-key
- increase Java version
- update ares for new version of c-ares headers
- fix cstdint includes, now required
- update cmake for stricter checks in newer version
- add fuse-overlayfs to build environment to allow podman inside benv
- use host networking in to build podman via makefile

Author: yonch

build-tools/base/Dockerfile

@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ARG BENV_BASE_IMAGE_DISTRO=debian
-ARG BENV_BASE_IMAGE_VERSION=bookworm@sha256:731dd1380d6a8d170a695dbeb17fe0eade0e1c29f654cf0a3a07f372191c3f4b
+ARG BENV_BASE_IMAGE_VERSION=trixie@sha256:72547dd722cd005a8c2aa2079af9ca0ee93aad8e589689135feaed60b0a8c08d
 FROM ${BENV_BASE_IMAGE_DISTRO}:${BENV_BASE_IMAGE_VERSION} AS build-main
 
 ################ DEPENDENCIES ################
@@ -19,14 +19,14 @@ ARG PKG_CORE="wget curl git gnupg bc aptitude netcat-openbsd sudo"
 ARG PKG_TEXT="xxd sed ripgrep less jq"
 ARG PKG_COMPILERS="g++"
 ARG PKG_BUILD="ninja-build"
-ARG PKG_LINTERS="clang-format-16 clang-tidy-16 shellcheck"
+ARG PKG_LINTERS="clang-format-19 clang-tidy-19 shellcheck"
 ARG PKG_MANAGERS="pkg-config rpm"
 ARG PKG_KERNEL="dkms build-essential"
 ARG PKG_DEV="gdb cgdb tmux strace"
 ARG PKG_LIBS="libc-ares-dev libelf-dev libssl-dev libzstd-dev libgrpc-dev libcurl4-openssl-dev libabsl-dev protobuf-compiler-grpc libcurlpp-dev libgrpc++-dev libprotobuf-dev"
 ARG PKG_PY_TEST="python3-pytest python3-dev python3-pip python3-setuptools python3-wheel pylint"
 ARG PKG_JAVA="default-jdk-headless"
-ARG PKG_LLVM="llvm-16-dev libclang-16-dev clang-16 libpolly-16-dev"
+ARG PKG_LLVM="llvm-19-dev libclang-19-dev clang-19 libpolly-19-dev"
 ARG PKG_MAKE="cmake ccache autoconf autoconf-archive automake libtool make"
 ARG PKG_BCC="bison flex zip"
 ARG PKG_LIBBPF="zip pkg-config libelf-dev zlib1g-dev libbfd-dev libcap-dev"

build-tools/final/Dockerfile

@@ -29,17 +29,18 @@ FROM $libbpf_IMAGE_TAG as build-libbpf
 FROM build-main AS build-result
 
 # Package definitions
-ARG PKG_DOCKER="podman uidmap slirp4netns"
+# Include fuse-overlayfs so rootless podman can run on overlayfs (e.g., in containers)
+ARG PKG_DOCKER="podman uidmap fuse-overlayfs"
 ARG PKG_KERNEL_TOOLS="kmod selinux-utils"
 ARG PKG_CORE_TOOLS="pass"
 ARG PKG_DEV_TOOLS="vim-nox lsof silversearcher-ag ssh"
 ARG PKG_AWS_TOOLS="awscli"
-ARG BENV_JAVA_VERSION=17
+ARG BENV_JAVA_VERSION=21
 ARG PKG_EXTRA_PACKAGES="openjdk-${BENV_JAVA_VERSION}-jdk-headless google-cloud-sdk google-cloud-sdk-skaffold"
 ARG PKG_PYTHON_LIBS="python3-ijson python3-docker"
 
 RUN sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list' && \
-    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && \
+    curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo tee /usr/share/keyrings/cloud.google.gpg && \
     sudo apt-get -y update && \
     sudo apt-get install --no-install-recommends -y \
         $PKG_DOCKER \
@@ -59,6 +60,13 @@ RUN sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http:
     sudo apt-get clean && \
     sudo rm -rf /var/lib/apt/lists/*
 
+# Ensure podman uses fuse-overlayfs in rootless environments where kernel overlay is unavailable
+RUN mkdir -p $HOME/.config/containers && \
+    printf "[storage]\n" > $HOME/.config/containers/storage.conf && \
+    printf "driver = \"overlay\"\n" >> $HOME/.config/containers/storage.conf && \
+    printf "[storage.options]\n" >> $HOME/.config/containers/storage.conf && \
+    printf "mount_program = \"/usr/bin/fuse-overlayfs\"\n" >> $HOME/.config/containers/storage.conf
+
 # For info on the fix to podman in container, see https://samuel.forestier.app/blog/security/podman-rootless-in-podman-rootless-the-debian-way
 # Replace setuid bits by proper file capabilities for uidmap binaries.
 # See <https://github.com/containers/podman/discussions/19931>.

cmake/docker-utils.cmake

@@ -95,6 +95,7 @@ function(build_custom_docker_image IMAGE_NAME)
   add_custom_command(
     TARGET
       "${IMAGE_NAME}-docker"
+    POST_BUILD
     COMMAND
       ${CMAKE_COMMAND} -E make_directory "${out_path}"
     COMMAND
@@ -104,6 +105,7 @@ function(build_custom_docker_image IMAGE_NAME)
   add_custom_command(
     TARGET
       "${IMAGE_NAME}-docker"
+    POST_BUILD
     WORKING_DIRECTORY
       "${out_path}"
     COMMAND
@@ -114,6 +116,7 @@ function(build_custom_docker_image IMAGE_NAME)
     add_custom_command(
       TARGET
         "${IMAGE_NAME}-docker"
+      POST_BUILD
       WORKING_DIRECTORY
         "${out_path}"
       COMMAND
@@ -125,6 +128,7 @@ function(build_custom_docker_image IMAGE_NAME)
     add_custom_command(
       TARGET
         "${IMAGE_NAME}-docker"
+      POST_BUILD
       WORKING_DIRECTORY
         "${out_path}"
       COMMAND
@@ -138,6 +142,7 @@ function(build_custom_docker_image IMAGE_NAME)
     add_custom_command(
       TARGET
         "${IMAGE_NAME}-docker"
+      POST_BUILD
       WORKING_DIRECTORY
         "${out_path}"
       COMMAND
@@ -151,10 +156,15 @@ function(build_custom_docker_image IMAGE_NAME)
     add_custom_command(
       TARGET
         "${IMAGE_NAME}-docker"
+      POST_BUILD
       WORKING_DIRECTORY
         "${out_path}"
+      # Intentionally build with host networking to avoid relying on
+      # rootless networking helpers (pasta/slirp4netns) inside nested CI
+      # containers. This improves reliability of podman builds in GitHub
+      # Actions and similar environments.
       COMMAND
-        podman build -t "${IMAGE_NAME}" ${DOCKER_ARGS} .
+        podman build --network host -t "${IMAGE_NAME}" ${DOCKER_ARGS} .
     )
   endif()
 
@@ -188,6 +198,7 @@ function(build_custom_docker_image IMAGE_NAME)
       add_custom_command(
         TARGET
           "${IMAGE_NAME}-docker-registry"
+        POST_BUILD
         COMMAND
           podman tag "${IMAGE_NAME}" "${IMAGE_NAME}:${IMAGE_TAG}"
         COMMAND

cmake/golang.cmake

@@ -26,6 +26,7 @@ function(setup_go_module NAME DOMAIN)
   add_custom_command(
     TARGET
       "${TARGET}"
+    POST_BUILD
     COMMAND
       ${CMAKE_COMMAND} -E make_directory
         "${MOD_BUILD_DIR}"
@@ -39,6 +40,7 @@ function(setup_go_module NAME DOMAIN)
     add_custom_command(
       TARGET
         "${TARGET}"
+      POST_BUILD
       WORKING_DIRECTORY
         "${MOD_BUILD_DIR}"
       COMMAND
@@ -50,6 +52,7 @@ function(setup_go_module NAME DOMAIN)
     add_custom_command(
       TARGET
         "${TARGET}"
+      POST_BUILD
       WORKING_DIRECTORY
         "${MOD_BUILD_DIR}"
       COMMAND
@@ -101,6 +104,7 @@ function(build_go_package NAME MODULE)
     add_custom_command(
       TARGET
         "${TARGET}"
+      POST_BUILD
       COMMAND
         ${CMAKE_COMMAND} -E copy_directory
           "${CMAKE_CURRENT_SOURCE_DIR}"
@@ -121,6 +125,7 @@ function(build_go_package NAME MODULE)
     add_custom_command(
       TARGET
         "${TARGET}"
+      POST_BUILD
       WORKING_DIRECTORY
         "${BUILD_DIR}"
       BYPRODUCTS

cmake/protobuf.cmake

@@ -47,6 +47,7 @@ function (build_protobuf NAME)
     add_custom_command(
       TARGET
         "${TARGET_PREPARE}"
+      POST_BUILD
       COMMAND
         ${CMAKE_COMMAND} -E make_directory
           "${CMAKE_CURRENT_BINARY_DIR}/generated"

cmake/render.cmake

@@ -21,7 +21,13 @@ function(render_compile INPUT_DIR)
   if(DEFINED ARG_COMPILER)
     set(RENDER_COMPILER ${ARG_COMPILER})
   else()
-    get_target_property(RENDER_COMPILER render_compiler LOCATION)
+    get_property(
+      RENDER_COMPILER
+      TARGET
+        render_compiler
+      PROPERTY
+        RENDER_COMPILER_PATH
+    )
   endif()
 
   set(RENDER_${PACKAGE}_OUTPUTS "")

cmake/shell.cmake

@@ -46,6 +46,7 @@ function(lint_shell_script_bundle TARGET)
     add_custom_command(
       TARGET
         ${TARGET}
+      POST_BUILD
       WORKING_DIRECTORY
         "${CMAKE_CURRENT_SOURCE_DIR}"
       COMMAND

collector/kernel/dns/ares.h

@@ -19,7 +19,6 @@
 #define ARES__H
 
 #include "ares_build.h"   /* c-ares build definitions */
-#include "ares_rules.h"   /* c-ares rules enforcement */
 #include "ares_version.h" /* c-ares version defines   */
 
 /*
@@ -69,6 +68,9 @@
 #include <jni.h>
 #endif
 
+typedef CARES_TYPEOF_ARES_SOCKLEN_T ares_socklen_t;
+typedef CARES_TYPEOF_ARES_SSIZE_T ares_ssize_t;
+
 #ifdef __cplusplus
 extern "C" {
 #endif

render/CMakeLists.txt

@@ -2,9 +2,12 @@
 # SPDX-License-Identifier: Apache-2.0
 
 
-get_target_property(
+get_property(
   RENDER_COMPILER
-   render_compiler LOCATION
+  TARGET
+    render_compiler
+  PROPERTY
+    RENDER_COMPILER_PATH
 )
 render_compile(
   ${CMAKE_CURRENT_SOURCE_DIR}

renderc/CMakeLists.txt

@@ -117,10 +117,12 @@ add_custom_target(
   DEPENDS
     ${RENDER_COMPILER}
 )
-set_target_properties(
-  render_compiler
-  PROPERTIES
-    LOCATION ${RENDER_COMPILER}
+set_property(
+  TARGET
+    render_compiler
+  PROPERTY
+    RENDER_COMPILER_PATH
+      "${RENDER_COMPILER}"
 )
 
 add_subdirectory(test)