Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
openssl: split the (mostly empty) runtime dependencies of static builds into a separate output #87879
Motivation for this change
This closure size of all packages that statically link
This is because the paths to several mostly empty directories and files in
$ strings /nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/lib/libcrypto.a | grep /nix/store /nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/etc/ssl/ct_log_list.cnf OPENSSLDIR: "/nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/etc/ssl" ENGINESDIR: "/nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/lib/engines-1.1" /nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/lib/engines-1.1 /nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/etc/ssl/private /nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/etc/ssl /nix/store/qlw2d1jwjijm1g70f0p4cbwqf9ccmw78-openssl-1.1.1d/etc/ssl/certs
This is an attempt to reduce the runtime dependencies of packages that statically link openssl by:
This is relatively simple and clean, but unfortunately not enough, as the ENGINESDIR, which is also being baked into the static library and it cannot be configured (hardcoded to be under
This is a bit messy, but I could't figure out a cleaner solution so far... The substitution is only done on static builds, as the dynamic
I would be very grateful for any hints on how to improve this PR!
In my use case, this reduces the closure size of e.g. https://github.com/PostgREST/postgrest by over 60%, from 13mb compressed to about 5mb.