Skip to content

Copy go-systemd/actvation.Files code to avoid brining in crypto/tls #5057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kolyshkin wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Copy go-systemd/actvation.Files code to avoid brining in crypto/tls #5057

kolyshkin wants to merge 2 commits into from
+11 −187

Conversation

@kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Dec 5, 2025

Inspired by PR #5056.

@kolyshkin
Remove crypto/tls dependency
ecb718c 
It appears that when we import github.com/coreos/go-systemd/activation,
it brings in the whole crypto/tls package (which is not used by runc
directly or indirectly), making the runc binary size larger and
potentially creating issues with FIPS compliance.

Let's copy the code of function we use from go-systemd/activation
to avoid that.

The space savings are:

$ size runc.before runc.after
   text	   data	    bss	    dec	    hex	filename
7101084	5049593	 271560	12422237	 bd8c5d	runc.before
6508796	4623281	 229128	11361205	 ad5bb5	runc.after

Reported-by: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin
internal/systemd: simplify
577d4ca 
Remove unused code and argument from the ActivationFiles,
and simplify its usage.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
kolyshkin
kolyshkin commented Dec 5, 2025
View reviewed changes
internal/systemd/files_unix.go

nfds, err := strconv.Atoi(os.Getenv("LISTEN_FDS"))
if err != nil || nfds == 0 {
if err != nil || nfds <= 0 {
Copy link
Contributor Author

@kolyshkin kolyshkin Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: I used the latest version of this file; this change comes from coreos/go-systemd@de1b3a8

@kolyshkin kolyshkin mentioned this pull request Dec 5, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kolyshkin