Skip to content

Copy go-systemd/activation.Files code to avoid bringing in crypto/tls #5057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kolyshkin wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Copy go-systemd/activation.Files code to avoid bringing in crypto/tls #5057

kolyshkin wants to merge 2 commits into from

Conversation

@kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Dec 5, 2025

Inspired by PR #5056.

kolyshkin
kolyshkin commented Dec 5, 2025
View reviewed changes
internal/third_party/systemd/activation/files_unix.go
@@ -51,7 +55,7 @@ func Files(unsetEnv bool) []*os.File {
}

nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
if err != nil || nfds == 0 {
if err != nil || nfds <= 0 {
Copy link
Contributor Author

@kolyshkin kolyshkin Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: I used the latest version of this file; this change comes from coreos/go-systemd@de1b3a8

@kolyshkin kolyshkin mentioned this pull request Dec 5, 2025
Open
@cyphar cyphar changed the title Copy go-systemd/actvation.Files code to avoid brining in crypto/tls Copy go-systemd/activation.Files code to avoid brining in crypto/tls Dec 7, 2025
@cyphar cyphar changed the title Copy go-systemd/activation.Files code to avoid brining in crypto/tls Copy go-systemd/activation.Files code to avoid bringing in crypto/tls Dec 7, 2025
@cyphar
Copy link
Member

cyphar commented Dec 7, 2025

This is probably an even better solution than a build tag to be honest...

@cyphar
Copy link
Member

cyphar commented Dec 7, 2025

My only question is whether we should put this in internal/third_party/systemd to make the provenence more obvious.

@kolyshkin
Remove crypto/tls dependency
ba9e60f 
It appears that when we import github.com/coreos/go-systemd/activation,
it brings in the whole crypto/tls package (which is not used by runc
directly or indirectly), making the runc binary size larger and
potentially creating issues with FIPS compliance.

Let's copy the code of function we use from go-systemd/activation
to avoid that.

The space savings are:

$ size runc.before runc.after
   text	   data	    bss	    dec	    hex	filename
7101084	5049593	 271560	12422237	 bd8c5d	runc.before
6508796	4623281	 229128	11361205	 ad5bb5	runc.after

Reported-by: Dimitri John Ledkov <[email protected]>
Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin
internal/systemd: simplify
6ede591 
Remove unused code and argument from the ActivationFiles,
and simplify its usage.

Signed-off-by: Kir Kolyshkin <[email protected]>
@kolyshkin
Copy link
Contributor Author

kolyshkin commented Dec 8, 2025

My only question is whether we should put this in internal/third_party/systemd to make the provenence more obvious.

implemented

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cyphar cyphar cyphar approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kolyshkin @cyphar