libssl and zlib not statically linked

[svbaelen]

First of all: let's keep an eye on this one: rust-lang/rust#39998

One can check dependencies in the Cargo.lock file.

To check which dependencies are linked dynamically, run

cargo clean && cargo build -vv 2>/dev/null | grep 'rustc-link-lib'

(Note that not all printed lines are necessarily a dynamic link to a library (e.g. there is rustc-link-lib=static=...))

This returns:

[libz-sys 1.1.8] cargo:rustc-link-lib=z
[bzip2-sys 0.1.11+1.0.8] cargo:rustc-link-lib=static=bz2
[openssl-sys 0.9.75] cargo:rustc-link-lib=ssl
[openssl-sys 0.9.75] cargo:rustc-link-lib=crypto
[libssh2-sys 0.2.23] cargo:rustc-link-lib=static=ssh2
[libgit2-sys 0.14.0+1.5.0] cargo:rustc-link-lib=static=git2
[zstd-sys 1.6.3+zstd.1.5.2] cargo:rustc-link-lib=static=zstd

Alternatively, one could find out such info via:

readelf -d target/debug/compono | grep NEEDED

ssh2 and git2 have openssl-rust-binder dependencies,.

By default, it will use pkg-config on Linux to find out where libssl is located, and as such link it dynamically (https://docs.rs/openssl/0.10.24/openssl/#automatic)

Alternatives

• https://docs.rs/openssl/0.10.24/openssl/#vendored
• https://docs.rs/openssl/0.10.24/openssl/#manual
• https://stackoverflow.com/a/49268370

So for the ssh2 crate, we could set: https://docs.rs/crate/ssh2/latest/features, i.e., in the toml-config:

ssh2 = { version = "0.9", features = ["vendored-openssl"] }

Flate2, as well as git2 and others use the zlib, but this library seems to be linked dynamically as well.

They all use the libz-sys lib, which has a static feature. So, let's use another approach that also works here, i.e., declaring the dependency explicitly in your Cargo.toml file, that is, with the appropriate features enabled. In this case:

libz-sys = { version = "1.1", features = ["static"] }

[svbaelen]

Static linking of these libs increase the binary size with 3MB, but still reasonable!

[svbaelen]

Maybe in the future this would be an opt-in feature (dynamic vs static), but for now the static binary is more important

[svbaelen]

After the above config options, the command readelf -d target/debug/compono | grep NEEDED still returns

 0x0000000000000001 (NEEDED)             Shared library: [libgcc_s.so.1]               
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.6]                   
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]                   
 0x0000000000000001 (NEEDED)             Shared library: [ld-linux-x86-64.so.2]        

This can be resolved by providing additional build options, either via build flags, of using a .cargo/config.toml file with

[build]
rustflags = ["-C", "target-feature=+crt-static"]
target = "x86_64-unknown-linux-gnu"

[svbaelen]

This can no also be verified on a clean ubuntu image: https://github.com/digitaldasein/compono/blob/main/README.md#tests

[svbaelen]

Successfully tested on Ubuntu for x86_64-unknown-linux-gnu:

docker build -t compono-test-ubuntu20 \
  -f test/integration/linux-ubuntu-20/Dockerfile .
docker run compono-test-ubuntu20 compono