alloy: add libzstd1 and liblzma5 for journal decompression#419
Open
to-kr wants to merge 1 commit into
Open
Conversation
Author
|
One heads-up on the CVE surface of the two added packages, so it doesn't come as a surprise from the scanner:
If the open CVE is a concern, this PR can be narrowed to References: Debian tracker (xz-utils), CVE-2026-34743 |
55e92d5 to
fab8a77
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The
alloyruntime image shipslibsystemd0but notlibzstd1. libsystemddlopenslibzstd.so.1at runtime to decode zstd-compressed journal fields — the default journal compression since systemd 246 (2020). Without it, theloki.source.journalcomponent fails on every entry withfailed to read message field: operation not supported(EOPNOTSUPP fromsd_journal_get_data()) and silently forwards nothing, while still reporting the component as healthy.This adds
libzstd1andliblzma5to the runtime package list of both variants. Both dependencies are declared by thelibsystemd0package itself (Recommends: libzstd1,Suggests: liblzma5) and by libsystemd's embedded dlopen feature manifest ("feature":"zstd","priority":"recommended"); since the image builder intentionally does not install Recommends, listing them explicitly is the intended mechanism.liblzma5covers legacy XZ-compressed journals. Combined size is ~800 KB; both are plain compression libraries already used as runtime dependencies elsewhere in the catalog (e.g.percona-xtrabackup,pgvector,python).Type of Change
Related Issues
Fixes #388
Changes Made
libzstd1andliblzma5tocontents.packagesinimage/alloy/debian-13/1.yamlimage/alloy/debian-13/1-dev.yamlTesting
Verified end-to-end against a real zstd-compressed journal (created with
systemd-journal-remote257, file header showsIncompatible flags: COMPRESSED-ZSTD), using the reproduction config from #388 withloki.echoas the sink:operation not supportederrorsdhi.io/alloy:1.16.2(published)libzstd1/liblzma5from the DHI trixie repoAlso verified that a minimal build through the
dhi.io/build:2-debian13frontend with the updated package list resolves both packages from the DHI Debian repo and placeslibzstd.so.1/liblzma.so.5next tolibsystemd.so.0.40.0in the final filesystem. (A full local pipeline build wasn't possible — it requires access to the privatedefinitionsrepo and SBOM indexer.)Checklist