-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
linux: Using system versions of libraries #13073
Comments
@ReillyBrogan Thanks for writing this up! I'd just begun the process of doing something similar in parallel. I'll take a pass at merging the suggestions to dynamically link soon; and in the longer term I'd love to move away from libssl/libcurl if we can avoid them |
There should probably be a separate issue about not linking to Fontconfig/Freetype2. That one is strange, perhaps LTO in the release build is optimizing something necessary away? The yeslogic-fontconfig-sys library version is almost two years old, it might be an upstream issue that is already resolved. Actually, in general it seems that a lot of dependencies are rather out of date. Does Zed have dependabot/renovate setup to keep those updated? The configuration might need looking at if so. I also noticed extraneous Cargo.lock files throughout the repo that I'm pretty sure are unused. They are probably leftover from a migration of some kind or use of an old cargo version and can likely be deleted without issue. |
@ReillyBrogan I think we're using font-config for Mac, but probably don't need it on linux. In general we don't have anything automatically updating dependencies (though the codebase is now old enough we probably should). |
Yeah, this is going to be problematic as most distributions have policies in place for cargo builds that require the use of the With how many dependencies you use the only scalable solution is an automated dependency management tool like Dependabot or Renovate. Since you seem to have many Rust repositories Renovate is probably going to be a better choice since you can define a common configuration in one repo and have your other ones inherit from that config. It'll probably be a bit painful to get caught up but once you are and have it configured to your preference it's much easier to stay updated (most people end up with a weekly or bi-weekly PR with all updates bundled rather than a single PR-per-update).
That would explain why it's not linking in the release profile with dead code elimination removing the need for the linker to do so. That's interesting that you're not using it on Linux, I would have assumed you still would as fontconfig is more or less the core font configuration library for most (all?) Linux distros. Would that mean that Zed isn't obeying the system-wide defaults for say, monospace fonts? That wouldn't be ideal from a user perspective since most users would prefer that it uses the system-wide default monospace font unless they manually specified an alternative in the Zed config. |
Fixes #13073 Note that, contrary to the issue's text, we're still shipping a statically bundled sqlite3 after this PR. We use enough new features of sqlite, like `sqlite3_error_offset` and `STRICT`, that our minimum version (v3.38.0) is higher than is presumably accessible on Ubuntu. Release Notes: - N/A --------- Co-authored-by: Mikayla <mikayla@zed.dev>
Check for existing issues
Describe the feature
We just got done packaging the pre-release of Zed 0.139.3 on Solus so this is part feature request, part bug report, and part guide for other packagers on how to de-bundle Zed.
Linux distributions strongly prefer when applications use system versions of libraries instead of bundled versions for the following reasons (listed roughly in order of priority)
(I feel like I'm missing a couple of reasons but I'll edit them in later)
While working on our Zed package I went through and identified all native libs that it was bundling that it could be using system versions for, and here are the list of them and how each can be resolved:
Openssl:
This is IMO the most important library that is bundled and the one that is most likely to see CVEs that need it to be patched. It is also the package that is most frequently patched to work with distribution policies.
Diff
libcurl:
This is another frequent source of CVEs and is also frequently patched, though not as often as openssl
Diff
sqlite3:
This library is ubiquitous and IMO there is no reason not to use the system version.
Diff
libzstd:
This library is also fairly ubiquitous now and is also frequently PGO and BOLT compiled in order to make it faster.
Diff
Fontconfig/freetype2
These libraries are already linked against if present and the devel packages are present. Libraries are linked against unless
RUST_FONTCONFIG_DLOPEN=on
is defined during the build.There is something broken here though. Our ABI scanning tools detect that libfontconfig and libfreetype2 are only linked against when Zed is built in dev profile. When it's built in release profile they are not linked against and using file open detection tools I confirmed that neither library was loaded when launching in release profile when they were with the dev profile.
ALSA
Linked against as part of the build. I didn't check whether or not this was optional (based on detecting the pkgconfig). I did look into what was using ALSA directly instead of linking against something modern like libpulse and it looks like an issue with the CPAL Rust library not supporting pulse. They do have a PR open for using PipeWire APIs so hopefully we can get this using a modern audio library instead
libgit2
As anyone familiar with anything that links against libgit2 can tell you libgit2 bindings are notoriously flaky and are almost always pinned to a very specific range of libgit2 versions. Our version on Solus is slightly too old for it so I didn't really look into it too much, but it appears that your system libgit2 library should be used automatically assuming it's new enough (At or above v1.7.2 but not v1.8.0). TBH given the fragility of these bindings I'd probably make sure that libgit2 devel packages are available in your build root and if they're used great if not then it's probably not worth the hassle and just mark in your package metadata that the package bundles libgit2.
libz
I also didn't look too much into it but it looks like it builds a bundled libz library but uses the system one via dlopen() if compatible (which almost all distro builds are going to be). I confirmed that it loaded the libz library at startup.
Wayland
The wayland libraries are built and bundled from included headers and if the system has a compatible version (IE all systems with anything even remotely Wayland-related installed) then the system one is dlopen()ed. I don't think this can actually use the bundled version in any scenario and in fact might just build the bindings for Wayland (didn't check that far enough)
(If anyone is interested in it here is our complete patch that we apply as part of the build).
Regarding making this easier for building for distributions without requiring patches it seems to me that we could modify the
build.rs
files of the given crates in order to change the features during the build if certain environmental variables are set, and defaulting to bundled if not. This would also improve things for the Flatpak since they also provide a runtime with most (all?) of these libs that they keep updated without requiring the application layer to be rebuilt on updates.If applicable, add mockups / screenshots to help present your vision of the feature
No response
The text was updated successfully, but these errors were encountered: