-
-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jre_minimal: strip libraries #115523
jre_minimal: strip libraries #115523
Conversation
Should we maybe also strip the full variant? |
I think we already do. (if you want to check for yourself, the most interesting file to look at is |
199M -> 38M 🎉
I checked and thats true. |
25149aa
to
a08cfa1
Compare
Wasn't there an automatic stripping phase in stdenv? |
runCommand doesn't invoke the automatic stripping from stdenv, expanding the derivation like this does. Fixes NixOS#115486
a08cfa1
to
d3e9040
Compare
Thanks for the nudge. I was going to reply binaries aren't fully stripped anyway with that (since #21667), but making this a regular derivation and using |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
as an upshot - this also stops dragging |
passthru = { | ||
home = "${jre}"; | ||
}; | ||
} '' | ||
jlink --module-path ${jdk}/lib/openjdk/jmods --add-modules ${lib.concatStringsSep "," modules} --output $out | ||
patchelf --shrink-rpath $out/bin/* $out/lib/jexec $out/lib/jspawnhelper $out/lib/*.so $out/lib/*/*.so |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose --shrink-rpath
has become redundant?
It would be nice to have a test in passthru
. Perhaps just a small package that uses this jre in its tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose
--shrink-rpath
has become redundant?
Yes - I tried patchelf --shrink-rpath
on the resulting binaries and it doesn't produce any change anymore
It would be nice to have a test in
passthru
. Perhaps just a small package that uses this jre in its tests.
I agree that would be nice, though I'd rather not grow this PR with it..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I respect that.
Result of 1 package built:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I couldn't find a package to test this. openapi-generator-cli
needs org/xml/sax/InputSource
. Jitsi needs java.util.logging
. These were jre_headless
use cases, not jre_minimal
. jre_minimal
isn't used by nixpkgs itself atm. It's also a fairly new package.
If this breaks anything, the impact seems to be small.
I'm even more interested in having a test case now. I wonder if we should define another jre variation with only a couple of frequently used modules. |
I made a basic start in #121043, feedback welcome.
I think we should follow the approach that AFAIK upstream recommends and other distro's also follow, which is to use the full JDK for 'general-purpose' systems and only use jlink'ed 'minimal' JRE's for bespoke systems (i.e. not in nixpkgs). If you create 'variations', before you know it a typical system will include multiple of those 'variations', defeating the original purpose. |
Yea, the monolithic modules file is a problem. I wonder if we should just unpack all modules into separate derivations and put only the ones an app needs in its runtime |
That's an interesting idea - hard to predict if it's be worth the extra complexity though.. |
Motivation for this change
If you're building a bespoke minimal JRE, there is a good chance you
want it to be stripped, so do that by default (but allow overriding this
behavior).
Fixes #115486
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)