Implicit runtime dependencies (with examples from core/go)

ssd · July 3, 2018, 12:34pm

Hi,

I am putting together a patch for our core/go plan and have stubled into a problem that is part practical and part philosophical. Here is the problem:

The go standard library has hard-coded paths to zoneinfo data. Those paths are incorrect on our minimal Habitat hosts:

github.com

golang/go/blob/161874da2ab6d5372043a1f3938a81a19d1165ad/src/time/zoneinfo_unix.go#L21-L26


var zoneSources = []string{
	"/usr/share/zoneinfo/",
	"/usr/share/lib/zoneinfo/",
	"/usr/lib/locale/TZ/",
	runtime.GOROOT() + "/lib/time/zoneinfo.zip",
}

This is easy enough to fix via a small patch, and the core/go plan already has examples where we patch in paths to files contained in habitat packages:

github.com

habitat-sh/core-plans/blob/master/go/plan.sh#L44-L57


cat "$PLAN_CONTEXT/cacerts.patch" \
  | sed -e "s,@cacerts@,$(pkg_path_for cacerts)/ssl/cert.pem,g" \
  | patch -p1


# Set the dynamic linker from `glibc`
dynamic_linker="$(pkg_path_for glibc)/lib/ld-linux-x86-64.so.2"
sed -e "s,/lib64/ld-linux-x86-64.so.2,$dynamic_linker," \
  -i src/cmd/link/internal/amd64/obj.go


# Use the services database from `iana-etc`
for f in src/net/port_unix.go src/net/parse_test.go; do
  sed -e "s,/etc/services,$(pkg_path_for iana-etc)/etc/services," -i $f
done
}

However, both my proposed fix for zoneinfo and the existing patch for cacerts have a problem. Namely, any app that is built with core/go now, technically, has an undeclared runtime dependency on core/cacerts (or core/zoneinfo or core/iana-etc). Any go application that fails to explicitly declare this dependency may fail at runtime.

Declaring the dependency is straightforward once you know it is there, but right now we don’t have anything that alerts the user to this situation. Thoughts?

Cheers,

Steven

predominant · July 3, 2018, 12:46pm

Can we not just declare these dependencies in core/go to fix this?

Edit: No, because core/go is a build dep, not a runtime dep. Got it… Hmm!

holoway · July 3, 2018, 3:19pm

This smells like a missing type of dependency. Like we need a way for core/go to say it needs zoneinfo and cacerts at runtime if it was used at build time.

sfalcon · July 3, 2018, 6:31pm

The tricky thing is that a given use of core/go may not use those libraries. It would be a bummer to have to consume a runtime dependency for something you don’t need.

ssd · February 26, 2019, 12:04am

Want to start this thread again as we just found another of this in go as well.

Namely, depending on how you build your executable, you may get linked against whatever copy of core/glibc that core/go got built with. This can be completely different from whatever core/glibc resolves to in your build, especially if you are pinned to an older version of core/go.

Like we need a way for core/go to say it needs zoneinfo and cacerts at runtime if it was used at build time.

A potential alternative is something where the package declares some set of dependencies that aren't pulled in by default but are used for the purposes of version resolution. That is. If the user says "yeah, I need core/cacerts", then the version baked into core/go becomes a dependency for the version of detecting possible conflicts.

We could add to that some UI that alerts the user at build time that they might need to pull in some other dependencies.

Topic		Replies	Views
Temporary workaround for glibc dependency errors Habitat Wiki	0	668	July 10, 2018
When to patchelf Habitat Help	2	1124	May 10, 2019
Reviewing Core Plans example - binaries Habitat Wiki	2	728	March 20, 2018
Dependency conflicts between different versions of glibc Habitat Help	12	1663	July 10, 2018
Building Software with Dependencies not in Builder Habitat Wiki depot	0	737	March 13, 2018

Implicit runtime dependencies (with examples from core/go)

Related topics