Add powerpc64-unknown-linux-musl target

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"

.github/workflows/scorecards.yml

@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecards supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '27 17 * * 1'
+  push:
+    branches: [ "main" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5
+        with:
+          sarif_file: results.sarif

CODEOWNERS

@@ -0,0 +1 @@
+.github/workflows @messense

Dockerfile

@@ -8,44 +8,48 @@ ENV DEBIAN_FRONTEND=noninteractive
 #
 RUN apt-get update && \
     apt-get install -y \
-        build-essential \
-        cmake \
-        curl \
-        file \
-        git \
-        sudo \
-        xutils-dev \
-        unzip \
-        ca-certificates \
-        python3 \
-        python3-pip \
-        autoconf \
-        autoconf-archive \
-        automake \
-        flex \
-        bison \
-        llvm-dev \
-        libclang-dev \
-        clang \
-        && \
+    build-essential \
+    cmake \
+    curl \
+    file \
+    git \
+    sudo \
+    xutils-dev \
+    unzip \
+    ca-certificates \
+    python3 \
+    python3-pip \
+    autoconf \
+    autoconf-archive \
+    automake \
+    flex \
+    bison \
+    llvm-dev \
+    libclang-dev \
+    clang \
+    && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install Let's Encrypt R3 CA certificate from https://letsencrypt.org/certificates/
 COPY lets-encrypt-r3.crt /usr/local/share/ca-certificates
 RUN update-ca-certificates
 
 ARG TARGET=x86_64-unknown-linux-musl
-ENV RUST_MUSL_CROSS_TARGET=$TARGET
+ARG MUSL_TARGET=$TARGET
+ENV RUST_MUSL_CROSS_TARGET=$MUSL_TARGET
 ARG RUST_MUSL_MAKE_CONFIG=config.mak
 
 COPY $RUST_MUSL_MAKE_CONFIG /tmp/config.mak
+
 RUN cd /tmp && \
     git clone --depth 1 https://github.com/richfelker/musl-cross-make.git && \
     cp /tmp/config.mak /tmp/musl-cross-make/config.mak && \
     cd /tmp/musl-cross-make && \
-    export TARGET=$TARGET && \
-    make -j$(nproc) > /tmp/musl-cross-make.log && \
-    make install >> /tmp/musl-cross-make.log && \
+    export CFLAGS="-fPIC -g1 $CFLAGS" && \
+    export TARGET=$MUSL_TARGET && \
+    if [ `dpkg --print-architecture` = 'armhf' ] && [ `uname -m` = 'aarch64' ]; then SETARCH=linux32; else SETARCH= ; fi && \
+    $SETARCH make -j$(nproc) > /tmp/musl-cross-make.log && \
+    $SETARCH make install >> /tmp/musl-cross-make.log && \
     ln -s /usr/local/musl/bin/$TARGET-strip /usr/local/musl/bin/musl-strip && \
     cd /tmp && \
     rm -rf /tmp/musl-cross-make /tmp/musl-cross-make.log
@@ -55,11 +59,11 @@ RUN mkdir -p /home/rust/libs /home/rust/src
 # Set up our path with all our binary directories, including those for the
 # musl-gcc toolchain and for our Rust toolchain.
 ENV PATH=/root/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-ENV TARGET_CC=$TARGET-gcc
-ENV TARGET_CXX=$TARGET-g++
-ENV TARGET_AR=$TARGET-ar
-ENV TARGET_RANLIB=$TARGET-ranlib
-ENV TARGET_HOME=/usr/local/musl/$TARGET
+ENV TARGET_CC=$MUSL_TARGET-gcc
+ENV TARGET_CXX=$MUSL_TARGET-g++
+ENV TARGET_AR=$MUSL_TARGET-ar
+ENV TARGET_RANLIB=$MUSL_TARGET-ranlib
+ENV TARGET_HOME=/usr/local/musl/$MUSL_TARGET
 ENV TARGET_C_INCLUDE_PATH=$TARGET_HOME/include/
 
 # pkg-config cross compilation support
@@ -77,10 +81,10 @@ RUN export CC=$TARGET_CC && \
     export AR=$TARGET_AR && \
     export RANLIB=$TARGET_RANLIB && \
     echo "Building zlib" && \
-    VERS=1.2.12 && \
-    CHECKSUM=91844808532e5ce316b3c010929493c0244f3d37593afd6de04f71821d5136d9 && \
+    VERS=1.2.13 && \
+    CHECKSUM=b3a24de97a8fdbc835b9833169501030b8977031bcb54b3b3ac13740f846ab30 && \
     cd /home/rust/libs && \
-    curl -sqLO https://zlib.net/zlib-$VERS.tar.gz && \
+    curl -sqLO https://zlib.net/fossils/zlib-$VERS.tar.gz && \
     echo "$CHECKSUM zlib-$VERS.tar.gz" > checksums.txt && \
     sha256sum -c checksums.txt && \
     tar xzf zlib-$VERS.tar.gz && cd zlib-$VERS && \
@@ -99,19 +103,20 @@ ARG TOOLCHAIN=stable
 #
 # Remove docs and more stuff not needed in this images to make them smaller
 RUN chmod 755 /root/ && \
+    if [ `dpkg --print-architecture` = 'armhf' ]; then GNU_TARGET="armv7-unknown-linux-gnueabihf"; else GNU_TARGET=`uname -m`-unknown-linux-gnu; fi && \
+    export RUSTUP_USE_CURL=1 && \
     curl https://sh.rustup.rs -sqSf | \
-    sh -s -- -y --profile minimal --default-toolchain $TOOLCHAIN && \
+    sh -s -- -y --profile minimal --default-toolchain $TOOLCHAIN --default-host $GNU_TARGET && \
     rustup target add $TARGET || rustup component add --toolchain $TOOLCHAIN rust-src && \
     rustup component add --toolchain $TOOLCHAIN rustfmt clippy && \
-    rm -rf /root/.rustup/toolchains/$TOOLCHAIN-$(uname -m)-unknown-linux-gnu/share/
+    rm -rf /root/.rustup/toolchains/$TOOLCHAIN-$GNU_TARGET/share/
 
-RUN echo "[target.$TARGET]\nlinker = \"$TARGET-gcc\"\n" > /root/.cargo/config
+RUN echo "[target.$TARGET]\nlinker = \"$TARGET_CC\"\n" > /root/.cargo/config.toml
 
 # Build std sysroot for targets that doesn't have official std release
-ADD Xargo.toml /tmp/Xargo.toml
 ADD s390x-unwind.patch /tmp/s390x-unwind.patch
+ADD build-sysroot /home/rust/src/build-sysroot
 ADD build-std.sh .
-COPY compile-libunwind /tmp/compile-libunwind
 RUN bash build-std.sh
 
 ENV RUSTUP_HOME=/root/.rustup

README.md

@@ -1,8 +1,8 @@
 # rust-musl-cross
 
 [![Docker Image](https://img.shields.io/docker/pulls/messense/rust-musl-cross.svg?maxAge=2592000)](https://hub.docker.com/r/messense/rust-musl-cross/)
-[![Build](https://github.com/messense/rust-musl-cross/workflows/Build/badge.svg)](https://github.com/messense/rust-musl-cross/actions?query=workflow%3ABuild)
-[![Bors enabled](https://bors.tech/images/badge_small.svg)](https://app.bors.tech/repositories/48252)
+[![Build](https://github.com/rust-cross/rust-musl-cross/workflows/Build/badge.svg)](https://github.com/rust-cross/rust-musl-cross/actions?query=workflow%3ABuild)
+[![Bors enabled](https://bors.tech/images/badge_small.svg)](https://app.bors.tech/repositories/58197)
 
 > 🚀 Help me to become a full-time open-source developer by [sponsoring me on GitHub](https://github.com/sponsors/messense)
 
@@ -14,35 +14,37 @@ inspired by [rust-musl-builder](https://github.com/emk/rust-musl-builder)
 Currently we have the following [prebuilt Docker images on Docker Hub](https://hub.docker.com/r/messense/rust-musl-cross/),
  supports x86_64(amd64) and aarch64(arm64) architectures.
 
-| Rust toolchain | Cross Compile Target                        | Docker Image Tag    |
-|----------------|---------------------------------------------|---------------------|
-| stable         | aarch64-unknown-linux-musl                  | aarch64-musl        |
-| stable         | arm-unknown-linux-musleabi                  | arm-musleabi        |
-| stable         | arm-unknown-linux-musleabihf                | arm-musleabihf      |
-| stable         | armv5te-unknown-linux-musleabi              | armv5te-musleabi    |
-| stable         | armv7-unknown-linux-musleabi                | armv7-musleabi      |
-| stable         | armv7-unknown-linux-musleabihf              | armv7-musleabihf    |
-| stable         | i586-unknown-linux-musl                     | i586-musl           |
-| stable         | i686-unknown-linux-musl                     | i686-musl           |
-| stable         | mips-unknown-linux-musl                     | mips-musl           |
-| stable         | mipsel-unknown-linux-musl                   | mipsel-musl         |
-| stable         | mips64-unknown-linux-muslabi64              | mips64-muslabi64    |
-| stable         | mips64el-unknown-linux-muslabi64            | mips64el-muslabi64  |
-| nightly        | powerpc64le-unknown-linux-musl              | powerpc64le-musl    |
-| stable         | x86\_64-unknown-linux-musl                  | x86\_64-musl        |
+| Rust toolchain | Cross Compile Target             | Docker Image Tag   |
+| -------------- | -------------------------------- | ------------------ |
+| stable         | aarch64-unknown-linux-musl       | aarch64-musl       |
+| stable         | arm-unknown-linux-musleabi       | arm-musleabi       |
+| stable         | arm-unknown-linux-musleabihf     | arm-musleabihf     |
+| stable         | armv5te-unknown-linux-musleabi   | armv5te-musleabi   |
+| stable         | armv7-unknown-linux-musleabi     | armv7-musleabi     |
+| stable         | armv7-unknown-linux-musleabihf   | armv7-musleabihf   |
+| stable         | i586-unknown-linux-musl          | i586-musl          |
+| stable         | i686-unknown-linux-musl          | i686-musl          |
+| stable         | mips-unknown-linux-musl          | mips-musl          |
+| stable         | loongarch64-unknown-linux-musl   | loongarch64-musl   |
+| stable         | mipsel-unknown-linux-musl        | mipsel-musl        |
+| stable         | mips64-unknown-linux-muslabi64   | mips64-muslabi64   |
+| stable         | mips64el-unknown-linux-muslabi64 | mips64el-muslabi64 |
+| stable         | powerpc64le-unknown-linux-musl   | powerpc64le-musl   |
+| stable         | riscv64gc-unknown-linux-musl     | riscv64gc-musl     |
+| stable         | x86\_64-unknown-linux-musl       | x86\_64-musl       |
 
 To use `armv7-unknown-linux-musleabihf` target for example, first pull the image:
 
 ```bash
-docker pull messense/rust-musl-cross:armv7-musleabihf
-# Also available on ghcr.io
-# docker pull ghcr.io/messense/rust-musl-cross:armv7-musleabihf
+docker pull ghcr.io/rust-cross/rust-musl-cross:armv7-musleabihf
+# Also available on Docker Hub
+# docker pull messense/rust-musl-cross:armv7-musleabihf
 ```
 
 Then you can do:
 
 ```bash
-alias rust-musl-builder='docker run --rm -it -v "$(pwd)":/home/rust/src messense/rust-musl-cross:armv7-musleabihf'
+alias rust-musl-builder='docker run --rm -it -v "$(pwd)":/home/rust/src ghcr.io/rust-cross/rust-musl-cross:armv7-musleabihf'
 rust-musl-builder cargo build --release
 ```
 
@@ -61,7 +63,7 @@ Currently we install stable Rust by default, if you want to switch to beta/night
 from our Docker image, for example to use beta Rust for target `x86_64-unknown-linux-musl`:
 
 ```dockerfile
-FROM messense/rust-musl-cross:x86_64-musl
+FROM ghcr.io/rust-cross/rust-musl-cross:x86_64-musl
 RUN rustup update beta && \
     rustup target add --toolchain beta x86_64-unknown-linux-musl
 ```
@@ -71,7 +73,7 @@ RUN rustup update beta && \
 You can use the `musl-strip` command inside the image to strip binaries, for example:
 
 ```bash
-docker run --rm -it -v "$(pwd)":/home/rust/src messense/rust-musl-cross:armv7-musleabihf musl-strip /home/rust/src/target/release/example
+docker run --rm -it -v "$(pwd)":/home/rust/src ghcr.io/rust-cross/rust-musl-cross:armv7-musleabihf musl-strip /home/rust/src/target/release/example
 ```
 
 [musl-libc]: http://www.musl-libc.org/

build-std.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-if [[ "$TARGET" = "powerpc64le-unknown-linux-musl" || "$TARGET" = "s390x-unknown-linux-musl" ]]
+if [[ "$TOOLCHAIN" = "nightly" && ("$TARGET" =~ ^s390x) ]]
 then
   export CARGO_NET_GIT_FETCH_WITH_CLI=true
   export CARGO_UNSTABLE_SPARSE_REGISTRY=true
@@ -14,24 +14,45 @@ then
 	cd -
   fi
 
-  cargo install xargo
-  cargo new --lib custom-std
-  cd custom-std
-  cp /tmp/Xargo.toml .
-  rustc -Z unstable-options --print target-spec-json --target "$TARGET" | tee "$TARGET.json"
-  RUSTFLAGS="-L/usr/local/musl/$TARGET/lib -L/usr/local/musl/lib/gcc/$TARGET/11.2.0/" xargo build --target "$TARGET"
-  cp -r "/root/.xargo/lib/rustlib/$TARGET" "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/"
-  mkdir "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/$TARGET/lib/self-contained"
+  # Build and install the sysroot builder tool
+  cd /tmp
+  cp -r /home/rust/src/build-sysroot .
+  cd build-sysroot
+  cargo build --release
+
+  # Build the sysroot using rustc-build-sysroot
+  # Find the GCC library directory dynamically (using the highest version)
+  if [ -d "/usr/local/musl/lib/gcc/$TARGET" ]; then
+    GCC_LIB_DIR=$(find /usr/local/musl/lib/gcc/"$TARGET" -maxdepth 1 -type d -name "[0-9]*" | sort -V | tail -n 1)
+  else
+    GCC_LIB_DIR=""
+  fi
+
+  if [ -z "$GCC_LIB_DIR" ]; then
+    echo "Warning: GCC library directory not found, using default RUSTFLAGS"
+    export RUSTFLAGS="-L/usr/local/musl/$TARGET/lib"
+  else
+    echo "Found GCC library directory: $GCC_LIB_DIR"
+    export RUSTFLAGS="-L/usr/local/musl/$TARGET/lib -L$GCC_LIB_DIR"
+  fi
+  ./target/release/build-sysroot "$TARGET"
+
+  # Copy self-contained objects
+  mkdir -p "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/$TARGET/lib/self-contained"
   cp /usr/local/musl/"$TARGET"/lib/*.o "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/$TARGET/lib/self-contained/"
-  cp /usr/local/musl/lib/gcc/"$TARGET"/11.2.0/c*.o "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/$TARGET/lib/self-contained/"
-  cd ..
-  rm -rf /root/.xargo /root/.cargo/registry /root/.cargo/git custom-std
-
-  # compile libunwind
-  if [[ "$TARGET" = "powerpc64le-unknown-linux-musl" ]]
-  then
-    cargo run --manifest-path /tmp/compile-libunwind/Cargo.toml -- --target "$TARGET" "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/src/rust/src/llvm-project/libunwind" out
-    cp out/libunwind*.a "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/$TARGET/lib/"
-    rm -rf out /tmp/compile-libunwind
+  # Copy GCC C runtime objects if they exist
+  if [ -n "$GCC_LIB_DIR" ]; then
+    if ls "$GCC_LIB_DIR"/c*.o 1> /dev/null 2>&1; then
+      cp "$GCC_LIB_DIR"/c*.o "/root/.rustup/toolchains/$TOOLCHAIN-$HOST/lib/rustlib/$TARGET/lib/self-contained/"
+    else
+      echo "Warning: GCC C runtime objects not found in $GCC_LIB_DIR, skipping"
+    fi
+  else
+    echo "Warning: GCC library directory not found, skipping C runtime objects"
   fi
+
+  # Cleanup
+  cd /tmp
+  rm -rf build-sysroot /root/.cargo/registry /root/.cargo/git
+
 fi

build-sysroot/.gitignore

@@ -0,0 +1,2 @@
+target/
+Cargo.lock

build-sysroot/Cargo.toml

@@ -0,0 +1,8 @@
+[package]
+name = "build-sysroot"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+rustc-build-sysroot = "0.5"
+anyhow = "1.0"