You include the target glibc as part of your toolchain

And, I always prefer to actually pick my glibc independently from the host os and ship it with the binary (generally in an OCI image). This way you can patch/update the host without breaking the service.

▲

jmmv 2 days ago | parent | next [-]

Right, so you need to end up creating a container to package the glibc with the binary. Which is not very different from having sysroots.

But what about any tools compiled from source and used during the build? Those can also suffer from these issues.

	▲	lokar 2 days ago \| parent [-]
		Yeah, ideally you could build your toolchain from source on any platform. But, in some cases that’s not possible

▲

remexre 2 days ago | parent | prev [-]

Does that result in working NSS?

	▲	lokar 2 days ago \| parent [-]
		I normally statically link as much as possible and avoid nss, but you can make that work as well, just include it along with glibc.