SECNG-4492 | Move from buildpacks/xenial to debian/stable

[mcab]

Clever Coding Standards Agreement

• Author and Review Statement, "We agree this code adheres to our Clever Global Coding Standards and other applicable Coding Standards"

JIRA

SECNG-4492

Overview

This is a really weird build process. It relies on copying from some build process, which is uhhh. Unknown.

But! Since nothing is built in the image shipped to ECR, we should be able to get away with having a very slim distribution for launch.

This is being done to address a gap with the repo's bump to a modern version of go, which uses a modern version of libc. Currently, when run on this version, there's an issue:

2026-03-02 11:49:34.881 info sphinxd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by sphinxd) 
2026-03-02 11:49:34.881 info sphinxd: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by sphinxd) 

Testing

This wasn't tested end-to-end, because this relies on our build process, and the underlying image that is pushed to ECR.

Pretty sure that this just copies the artifact from CI. CI uses https://circleci.com/developer/images/image/cimg/go, which uses:

build-essential 12.10ubuntu1, curl 8.5.0, docker 28.1.1, docker-compose version, dockerize v0.8.0, git 2.49.0, go 1.24.13, gotestsum v1.13.0+dirty, jq 1.7, ubuntu 24.04.2 LTS, wget 1.21.4

xenial (at best) has libc6 v2.23. noble (at best) has libc6 v2.39. However, we use slim debian images, which should still have a modern version of libc, which should be supported.

By downloading this built image and running, we can see that the issue is no longer on running sphinxd:

❯ docker container run --platform linux/amd64 [...].dkr.ecr.us-west-2.amazonaws.com/sphinx:9d81cbe
2026/03/03 17:59:11 LOAD_CONFIG_FAILED: failed to read /etc/sphinx/sphinx.yaml. Aborting with error: open /etc/sphinx/sphinx.yaml: no such file or directory

Rollout

(are there any special rollout considerations? specific steps? risks?)

Rollback

(specific steps? risks?)