Re: [PR] GH-49767: [CI][C++] Install mold 2.37.1 in ODBC Linux job (fix for rui314/mold#1247) [arrow]

Mon, 25 May 2026 13:22:31 -0700 


Copilot commented on code in PR #50033:
URL: https://github.com/apache/arrow/pull/50033#discussion_r3299829165


##########
compose.yaml:
##########
@@ -516,9 +516,17 @@ services:
       ARROW_PARQUET: "OFF"
       ARROW_S3: "OFF"
       ARROW_SUBSTRAIT: "OFF"
+      # GH-49767: Ubuntu 24.04 apt mold predates the fix for rui314/mold#1247
+      # (fixed in mold 2.31.0). Remove this if apt ships mold >= 2.31.0.
+      # see https://github.com/rui314/mold/issues/1247
+      MOLD_URL: 
"https://archive.ubuntu.com/ubuntu/pool/universe/m/mold/mold_2.37.1+dfsg-1_amd64.deb";
     # Register ODBC before running tests
     command: >
       /bin/bash -c "
+        curl -fsSL $$MOLD_URL -o /tmp/mold.deb &&
+        sudo apt-get update &&
+        sudo apt-get install -y /tmp/mold.deb &&

Review Comment:
   The job downloads and installs a `.deb` directly via `curl` without any 
integrity check. Because this is a local `.deb` install, apt/dpkg won’t verify 
it against signed repository metadata, so a corrupted/poisoned download could 
go unnoticed. Consider pinning and verifying a SHA256 (or similar) before 
installing (e.g., add `MOLD_SHA256` and run `sha256sum -c`).



##########
compose.yaml:
##########
@@ -516,9 +516,17 @@ services:
       ARROW_PARQUET: "OFF"
       ARROW_S3: "OFF"
       ARROW_SUBSTRAIT: "OFF"
+      # GH-49767: Ubuntu 24.04 apt mold predates the fix for rui314/mold#1247
+      # (fixed in mold 2.31.0). Remove this if apt ships mold >= 2.31.0.
+      # see https://github.com/rui314/mold/issues/1247
+      MOLD_URL: 
"https://archive.ubuntu.com/ubuntu/pool/universe/m/mold/mold_2.37.1+dfsg-1_amd64.deb";
     # Register ODBC before running tests
     command: >
       /bin/bash -c "
+        curl -fsSL $$MOLD_URL -o /tmp/mold.deb &&
+        sudo apt-get update &&
+        sudo apt-get install -y /tmp/mold.deb &&
+        ld.mold --version &&
         /arrow/ci/scripts/cpp_build.sh /arrow /build &&
         sudo /arrow/cpp/src/arrow/flight/sql/odbc/install/unix/install_odbc.sh 
/usr/local/lib/libarrow_flight_sql_odbc.so &&
         /arrow/ci/scripts/cpp_test.sh /arrow /build"

Review Comment:
   `MOLD_URL` points to an `amd64` .deb unconditionally. This makes 
`ubuntu-cpp-odbc` fail if someone runs it with a different `ARCH`/Docker 
platform (the compose file documents multiple architectures for Ubuntu 
services). Consider deriving the deb architecture at runtime (e.g., `dpkg 
--print-architecture`) and constructing the URL accordingly, or guarding the 
install so it only runs on `amd64`.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to