Skip to content

build: use static glibc linking for Linux releases #76

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 3, 2025
Merged

build: use static glibc linking for Linux releases #76

merged 2 commits into from
Oct 3, 2025
+136 −0

Conversation

ammario
Copy link
Member

@ammario ammario commented Oct 3, 2025
edited
Loading

Summary

Implements static linking for Linux releases to improve portability across different Linux distributions.

Problem

Current Linux releases use dynamic linking, which means:

  • Binaries may not work on systems with older or different glibc versions
  • Users need compatible system libraries installed
  • Distribution compatibility is limited

Solution

Use static glibc linking with the gnu target and crt-static flag:

  • Binaries are fully statically linked using static-pie
  • Works across a wide range of Linux distributions (glibc 2.17+)
  • V8 prebuilt binaries are available for gnu targets (musl not supported by V8)

Changes

  • Update build.rs to configure -static-libgcc for Linux gnu targets
  • Add scripts/build-static.sh for building with RUSTFLAGS="-C target-feature=+crt-static"
  • Update release workflow to build static binaries for Linux targets
  • Remove ARM64 cross-compilation setup (now handled by build script)

Testing

Verified on ci-1 (Debian 12, glibc 2.36):

  • ✅ Binary is fully statically linked (static-pie)
  • ✅ Binary size: 52M unstripped / 39M stripped
  • ✅ Works on Ubuntu 18.04 (glibc 2.27)
  • ✅ Works on CentOS 7 (glibc 2.17)
  • ✅ Fast builds using V8 prebuilt binaries
$ file httpjail
httpjail: ELF 64-bit LSB pie executable, x86-64, version 1 (GNU/Linux), static-pie linked, for GNU/Linux 3.2.0, not stripped

$ ldd httpjail
	statically linked

Benefits

  1. Portability: Works on Linux systems from 2014+ (glibc 2.17+)
  2. Build speed: Uses V8 prebuilt binaries (no lengthy source compilation)
  3. Simplicity: Single binary works across distributions
  4. Size: Minimal overhead (52M total, 39M stripped)

Note on musl

We use gnu (glibc) instead of musl because V8 doesn't provide prebuilt musl binaries and building V8 from source for musl is not currently feasible.

🤖 Generated with Claude Code

@ammario @claude
build: use static glibc linking for Linux releases instead of musl
f7590c9 
Switches Linux releases from musl to static glibc (gnu) targets with crt-static.
This change is necessary because V8 doesn't provide prebuilt musl binaries and
building V8 from source for musl fails with 404 errors on dependency downloads.

Changes:
- Update build.rs to configure static-libgcc for Linux gnu targets
- Add scripts/build-static.sh for building with RUSTFLAGS crt-static
- Update release workflow to use x86_64/aarch64-unknown-linux-gnu targets
- Remove musl build script and ARM64 cross-compilation setup

Benefits:
- Fully statically linked binaries (static-pie) for excellent portability
- Tested working on Ubuntu 18.04 (glibc 2.27) and CentOS 7 (glibc 2.17)
- Binary size: 52M unstripped / 39M stripped (comparable to dynamic builds)
- Fast builds using V8 prebuilt binaries (no 20-30min source compilation)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@ammario ammario changed the title build: use static glibc linking for Linux releases instead of musl build: use static glibc linking for Linux releases Oct 3, 2025
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Oct 3, 2025
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting

@ammario @claude
fix: build-static.sh ignores matrix target in release workflow
dd448ec 
The build script determined target solely from uname -m, causing
ARM64 builds on x86_64 runners to produce wrong architecture binaries.

Changes:
- Update build-static.sh to accept target as argument
- Pass matrix.target from workflow to build script
- Re-add ARM64 cross-compilation tools setup
- Improve output messages to distinguish auto-detected vs specified targets

Fixes the P0 issue where aarch64-unknown-linux-gnu builds failed because
the script built x86_64 binaries while tarball step expected aarch64.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@ammario ammario merged commit cb5c602 into main Oct 3, 2025
6 checks passed
@ammario ammario deleted the static-link branch October 3, 2025 15:28
@ammario ammario mentioned this pull request Oct 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ammario