From 1cc4f8300258a4c68c4036d08d53fd907d444e34 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Jul 08 2024 13:21:08 +0000 Subject: Link systemd-executor statically --- diff --git a/0001-meson-rename-libbasic-to-libbasic_static.patch b/0001-meson-rename-libbasic-to-libbasic_static.patch new file mode 100644 index 0000000..b1fdd9e --- /dev/null +++ b/0001-meson-rename-libbasic-to-libbasic_static.patch @@ -0,0 +1,176 @@ +From d5534ba7444f7733b55e56284eb27d16dc6a267d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 16:51:05 +0200 +Subject: [PATCH 1/3] meson: rename libbasic to libbasic_static + +Our variables for internal libraries are named 'libfoo' for the shared lib +variant, and 'libfoo_static' for the static lib variant. The only exception was +libbasic, because we didn't have a shared variant for it. But let's rename it +for consitency. This makes the build config easier to understand. + +(cherry picked from commit 732ed8a84e8b264fccd3f5c0fc68ec2894b6d8ea) +--- + meson.build | 4 ++-- + src/basic/meson.build | 2 +- + src/libsystemd/meson.build | 2 +- + src/partition/meson.build | 2 +- + src/shared/meson.build | 2 +- + src/shutdown/meson.build | 2 +- + src/sysusers/meson.build | 2 +- + src/test/meson.build | 8 ++++---- + src/tmpfiles/meson.build | 2 +- + 9 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/meson.build b/meson.build +index e42151998b..18115cad5e 100644 +--- a/meson.build ++++ b/meson.build +@@ -2078,7 +2078,7 @@ libsystemd = shared_library( + # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles. + '-z', 'nodelete', + '-Wl,--version-script=' + libsystemd_sym_path], +- link_with : [libbasic], ++ link_with : [libbasic_static], + link_whole : [libsystemd_static], + dependencies : [librt, + threads, +@@ -2243,7 +2243,7 @@ nss_template = { + 'link_with' : [ + libsystemd_static, + libshared_static, +- libbasic, ++ libbasic_static, + ], + 'dependencies' : [ + librt, +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 9a214575a5..b538775576 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -274,7 +274,7 @@ filesystem_switch_case_h = custom_target( + + basic_sources += [filesystem_list_h, filesystem_switch_case_h, filesystems_gperf_h] + +-libbasic = static_library( ++libbasic_static = static_library( + 'basic', + basic_sources, + fundamental_sources, +diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build +index 6d4337d1a7..243549299f 100644 +--- a/src/libsystemd/meson.build ++++ b/src/libsystemd/meson.build +@@ -118,7 +118,7 @@ libsystemd_static = static_library( + libsystemd_sources, + include_directories : libsystemd_includes, + c_args : libsystemd_c_args, +- link_with : [libbasic], ++ link_with : [libbasic_static], + dependencies : [threads, + librt, + userspace], +diff --git a/src/partition/meson.build b/src/partition/meson.build +index 52e1368116..2cfe43e029 100644 +--- a/src/partition/meson.build ++++ b/src/partition/meson.build +@@ -32,7 +32,7 @@ executables += [ + 'sources' : files('repart.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_fdisk, + libshared_static, + libsystemd_static, +diff --git a/src/shared/meson.build b/src/shared/meson.build +index c5106d87d5..e513c0ec1c 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -358,7 +358,7 @@ libshared = shared_library( + '-Wl,--version-script=' + libshared_sym_path], + link_depends : libshared_sym_path, + link_whole : [libshared_static, +- libbasic, ++ libbasic_static, + libsystemd_static], + dependencies : [libshared_deps, + userspace], +diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build +index 219f9fd308..9bc60f83e5 100644 +--- a/src/shutdown/meson.build ++++ b/src/shutdown/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_shutdown_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/sysusers/meson.build b/src/sysusers/meson.build +index 0f9c067d50..403d82a340 100644 +--- a/src/sysusers/meson.build ++++ b/src/sysusers/meson.build +@@ -14,7 +14,7 @@ executables += [ + 'sources' : files('sysusers.c'), + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], +diff --git a/src/test/meson.build b/src/test/meson.build +index 3abbb94d9f..9d3c7d675f 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -274,7 +274,7 @@ executables += [ + # only static linking apart from libdl, to make sure that the + # module is linked to all libraries that it uses. + 'sources' : files('test-dlopen.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + 'dependencies' : libdl, + 'install' : false, + 'type' : 'manual', +@@ -410,7 +410,7 @@ executables += [ + }, + test_template + { + 'sources' : files('test-sizeof.c'), +- 'link_with' : libbasic, ++ 'link_with' : libbasic_static, + }, + test_template + { + 'sources' : files('test-time-util.c'), +@@ -590,7 +590,7 @@ executables += [ + test_template + { + 'sources' : files('../libsystemd/sd-device/test-sd-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libsystemd, + ], + 'dependencies' : threads, +@@ -598,7 +598,7 @@ executables += [ + test_template + { + 'sources' : files('../libudev/test-udev-device-thread.c'), + 'link_with' : [ +- libbasic, ++ libbasic_static, + libudev, + ], + 'dependencies' : threads, +diff --git a/src/tmpfiles/meson.build b/src/tmpfiles/meson.build +index 2e918509a7..09ad839586 100644 +--- a/src/tmpfiles/meson.build ++++ b/src/tmpfiles/meson.build +@@ -20,7 +20,7 @@ executables += [ + 'sources' : systemd_tmpfiles_sources, + 'c_args' : '-DSTANDALONE', + 'link_with' : [ +- libbasic, ++ libbasic_static, + libshared_static, + libsystemd_static, + ], diff --git a/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch new file mode 100644 index 0000000..1d27b04 --- /dev/null +++ b/0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch @@ -0,0 +1,59 @@ +From 63178ad7e51dae8730158573318388ea8c3e488e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:03:26 +0200 +Subject: [PATCH 2/3] meson: build libsystemd-core via an intermediate static + library + +By itself, this is not useful. I'm making this a separate commit to +make debugging easier. It turns out that meson does static libraries +using references, so the "static library" a tiny stub stub that refers +to the object files on disk and this has negligible cost: +$ ls -lhd build/src/core/libsystemd-core-257.{a,so} +-rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a +-rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so + +(cherry picked from commit d0689ee5fbfafa736e6eca89bc80cb2d372f2229) +--- + src/core/meson.build | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/core/meson.build b/src/core/meson.build +index 7a2012a372..1ef31cc529 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -110,17 +110,13 @@ load_fragment_gperf_nulstr_c = custom_target( + + libcore_name = 'systemd-core-@0@'.format(shared_lib_tag) + +-libcore = shared_library( ++libcore_static = static_library( + libcore_name, + libcore_sources, + load_fragment_gperf_c, + load_fragment_gperf_nulstr_c, + include_directories : includes, + c_args : ['-fvisibility=default'], +- link_args : ['-shared', +- '-Wl,--version-script=' + libshared_sym_path], +- link_depends : libshared_sym_path, +- link_with : libshared, + dependencies : [libacl, + libapparmor, + libaudit, +@@ -135,6 +131,16 @@ libcore = shared_library( + libselinux, + threads, + userspace], ++ build_by_default : false) ++ ++libcore = shared_library( ++ libcore_name, ++ c_args : ['-fvisibility=default'], ++ link_args : ['-shared', ++ '-Wl,--version-script=' + libshared_sym_path], ++ link_depends : libshared_sym_path, ++ link_whole: libcore_static, ++ link_with : libshared, + install : true, + install_dir : pkglibdir) + diff --git a/0003-meson-add-option-to-build-systemd-executor-staticall.patch b/0003-meson-add-option-to-build-systemd-executor-staticall.patch new file mode 100644 index 0000000..f942c59 --- /dev/null +++ b/0003-meson-add-option-to-build-systemd-executor-staticall.patch @@ -0,0 +1,97 @@ +From 66df80d8c37dce4b597dfa26e1050856a610cf7f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Jul 2024 17:05:31 +0200 +Subject: [PATCH 3/3] meson: add option to build systemd-executor "statically" + +The new link-executor-shared option is similar to the existing +link-udev-shared: when set to false, we link to the static versions of our +internal libraries. + +The resulting exuctor binary is fairly large, about as large as libsystemd-core +(14 MB without lto, 8 with lto). + +This is intended as a workaround for the fuckup with the pinned executor +binary: +when an upgrade is performed, the package manager will install new version of +the libraries and new version of the code, and some time later reexecute the +managers. This creates a window when the pinned executor binary will fail to +execute. There are two factors which make the issue easier to hit: + +- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora + uses version-release as the tag, which means that the issue occurs on + every package upgrade. This is the right thing to do, because the + ABI of our internal libraries is not stable at all, so replacing the + library from a different version in place creates a window where our + programs may crash or misbehave. + +- when the distribution doesn't immediately reexec all the managers after + upgrade. In early versions of systemd, we used to hammer the machine during + upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and + wasteful. Doing the reexecs while the upgrade is in progres also creates a + window where a mix of old and new configs or both is loaded. Users are + particularly annoyed by those reloads if there is some issue in the + configuration causing us to emit warnings on every reexec. Doing the + reexecs once after the new configuration and libraries have been put + in place is nicer. + +The pinning of the executor binary breaks upgrades and in particular +it penalizes the distributions which make use of the features which +were previously added to avoid bugs and inefficiency during upgrades. + +When the executor is linked statically, there is a smaller chance that it'll +fail to load libraries. The issue can still occur because other libraries, not +our own, are linked dynamically. + +(cherry picked from commit d59cae6cebd0fc25a16a020bd28e5303901f1b19) +--- + meson_options.txt | 2 ++ + src/core/meson.build | 16 ++++++++++++---- + 2 files changed, 14 insertions(+), 4 deletions(-) + +diff --git a/meson_options.txt b/meson_options.txt +index d52ca4e4b5..3cce818392 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -21,6 +21,8 @@ option('rootprefix', type : 'string', deprecated: true, + description : '''This option is deprecated and will be removed in a future release''') + option('link-udev-shared', type : 'boolean', + description : 'link systemd-udevd and its helpers to libsystemd-shared.so') ++option('link-executor-shared', type : 'boolean', ++ description : 'link systemd-executor to libsystemd-shared.so and libsystemd-core.so') + option('link-systemctl-shared', type: 'boolean', + description : 'link systemctl against libsystemd-shared.so') + option('link-networkd-shared', type: 'boolean', +diff --git a/src/core/meson.build b/src/core/meson.build +index 1ef31cc529..dbeb752977 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -156,6 +156,17 @@ systemd_executor_sources = files( + 'exec-invoke.c', + ) + ++executor_libs = get_option('link-executor-shared') ? \ ++ [ ++ libcore, ++ libshared, ++ ] : [ ++ libcore_static, ++ libshared_static, ++ libbasic_static, ++ libsystemd_static, ++ ] ++ + executables += [ + libexec_template + { + 'name' : 'systemd', +@@ -173,10 +184,7 @@ executables += [ + 'public' : true, + 'sources' : systemd_executor_sources, + 'include_directories' : core_includes, +- 'link_with' : [ +- libcore, +- libshared, +- ], ++ 'link_with' : executor_libs, + 'dependencies' : [ + libapparmor, + libpam, diff --git a/systemd.spec b/systemd.spec index 0dc781e..2aba928 100644 --- a/systemd.spec +++ b/systemd.spec @@ -119,6 +119,10 @@ Patch0001: 0001-Revert-machined-add-varlink-interface-for-registerin.patch Patch0010: https://github.com/systemd/systemd/pull/26494.patch %endif +Patch0020: 0001-meson-rename-libbasic-to-libbasic_static.patch +Patch0021: 0002-meson-build-libsystemd-core-via-an-intermediate-stat.patch +Patch0022: 0003-meson-add-option-to-build-systemd-executor-staticall.patch + # Those are downstream-only patches, but we don't want them in packit builds: # https://bugzilla.redhat.com/show_bug.cgi?id=1738828 Patch0490: use-bfq-scheduler.patch @@ -761,6 +765,7 @@ CONFIGURE_OPTS=( -Dversion-tag=%{version}%[%{without upstream}?"-%{release}":""] # https://bugzilla.redhat.com/show_bug.cgi?id=1906010 -Dshared-lib-tag=%{version_no_tilde}%[%{without upstream}?"-%{release}":""] + -Dlink-executor-shared=false -Dfallback-hostname="localhost" -Ddefault-dnssec=no -Ddefault-dns-over-tls=no