Build option to omit ssh?

Question

Build option to omit ssh?

jim-easterbrook opened this issue a year ago · 4 comments

My Python wrapper for libexiv2 is released as "manylinux" binary wheels. These include copies of all libraries not guaranteed to be on any Linux system, so users can install a Python package without root access etc.

With EXIV2_ENABLE_WEBREADY disabled the bundled libraries are:

-rwxr-xr-x 1 jim users 135913 Dec 29 11:53 libbrotlicommon-6ce2a53c.so.1.0.6
-rwxr-xr-x 1 jim users  62193 Dec 29 11:53 libbrotlidec-811d1be3.so.1.0.6
-rwxr-xr-x 1 jim users  13161 Dec 29 11:53 libinih-c1f723f1.so.0
-rwxr-xr-x 1 jim users  33057 Dec 29 11:53 libINIReader-f49a69f4.so.0

When I enable EXIV2_ENABLE_WEBREADY they become:

-rwxr-xr-x 1 jim users  135913 Dec 29 12:11 libbrotlicommon-6ce2a53c.so.1.0.6
-rwxr-xr-x 1 jim users   62193 Dec 29 12:11 libbrotlidec-811d1be3.so.1.0.6
-rwxr-xr-x 1 jim users   21545 Dec 29 12:11 libcom_err-bb8268a4.so.2.1
-rwxr-xr-x 1 jim users  140977 Dec 29 12:11 libcrypt-52aca757.so.1.1.0
-rwxr-xr-x 1 jim users 3211825 Dec 29 12:11 libcrypto-0a45f796.so.1.1.1k
-rwxr-xr-x 1 jim users  619945 Dec 29 12:11 libcurl-0f8b79dc.so.4.5.0
-rwxr-xr-x 1 jim users  378601 Dec 29 12:11 libgssapi_krb5-99a927e0.so.2.2
-rwxr-xr-x 1 jim users  140377 Dec 29 12:11 libidn2-2f4a5893.so.0.3.6
-rwxr-xr-x 1 jim users   13161 Dec 29 12:11 libinih-c1f723f1.so.0
-rwxr-xr-x 1 jim users   33057 Dec 29 12:11 libINIReader-f49a69f4.so.0
-rwxr-xr-x 1 jim users  110065 Dec 29 12:11 libk5crypto-4a8d9571.so.3.1
-rwxr-xr-x 1 jim users   17929 Dec 29 12:11 libkeyutils-2777d33d.so.1.6
-rwxr-xr-x 1 jim users 1027097 Dec 29 12:11 libkrb5-e44f72d9.so.3.3
-rwxr-xr-x 1 jim users   85161 Dec 29 12:11 libkrb5support-f915a5d6.so.0.1
-rwxr-xr-x 1 jim users   73361 Dec 29 12:11 liblber-2-a32c7900.4.so.2.10.9
-rwxr-xr-x 1 jim users  360809 Dec 29 12:11 libldap-2-89849551.4.so.2.10.9
-rwxr-xr-x 1 jim users  174913 Dec 29 12:11 libnghttp2-fa6766b2.so.14.17.0
-rwxr-xr-x 1 jim users  547745 Dec 29 12:11 libpcre2-8-516f4c9d.so.0.7.1
-rwxr-xr-x 1 jim users   80217 Dec 29 12:11 libpsl-99becdd3.so.5.3.1
-rwxr-xr-x 1 jim users  138761 Dec 29 12:11 libsasl2-7de4d792.so.3.0.0
-rwxr-xr-x 1 jim users  195097 Dec 29 12:11 libselinux-64a010fa.so.1
-rwxr-xr-x 1 jim users  500177 Dec 29 12:11 libssh-8f1ecd37.so.4.8.7
-rwxr-xr-x 1 jim users  662769 Dec 29 12:11 libssl-a3869b75.so.1.1.1k
-rwxr-xr-x 1 jim users 1826161 Dec 29 12:11 libunistring-05abdd40.so.2.1.0

I suspect a good few of these could be omitted if there was no support for ssh: urls. I'd like to keep https: as so many web sites refuse to serve plain old http:, but I see little need to open ssh: URLs from a Python application. Python has its own ways of doing ssh anyway.

I realise you want to minimise the number of build options, and I'm only going to save a few megabytes at best, so feel free to reject this request. (-:

Answer 1 · 2024-02-02T23:23:29.000Z

I'm almost certain there is no code directly related to SSH in the code-base of exiv2. These seem to be dependencies of libcurl.

Just on some random system:

$ ldd /usr/lib/libcurl.so.4
	linux-vdso.so.1 (0x00007ffeec5e2000)
	libnghttp2.so.14 => /usr/lib/libnghttp2.so.14 (0x000078124898a000)
	libidn2.so.0 => /usr/lib/libidn2.so.0 (0x0000781248968000)
	libssh2.so.1 => /usr/lib/libssh2.so.1 (0x000078124891f000)
	libpsl.so.5 => /usr/lib/libpsl.so.5 (0x000078124890b000)
	libssl.so.3 => /usr/lib/libssl.so.3 (0x000078124882b000)
	libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x0000781248200000)
	libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00007812487d5000)
	libzstd.so.1 => /usr/lib/libzstd.so.1 (0x000078124812d000)
	libbrotlidec.so.1 => /usr/lib/libbrotlidec.so.1 (0x00007812487c6000)
	libz.so.1 => /usr/lib/libz.so.1 (0x00007812487ac000)
	libc.so.6 => /usr/lib/libc.so.6 (0x0000781247f4f000)
	libunistring.so.5 => /usr/lib/libunistring.so.5 (0x0000781247d95000)
	libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x0000781247cbd000)
	libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x000078124877c000)
	libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x0000781248776000)
	libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x0000781248768000)
	libkeyutils.so.1 => /usr/lib/libkeyutils.so.1 (0x0000781248761000)
	libresolv.so.2 => /usr/lib/libresolv.so.2 (0x0000781248750000)
	libbrotlicommon.so.1 => /usr/lib/libbrotlicommon.so.1 (0x0000781247c9a000)
	/usr/lib64/ld-linux-x86-64.so.2 (0x0000781248ab1000)

So, I'm led to believe that You could bundle it with custom build libcurl, which was built WITHOUT --with-ssh or something like that.
Please, check the https://curl.se/docs/install.html "Reducing size".

Answer 2 · 2024-02-05T11:48:47.000Z

Note that you can disable curl (i.e. HTTPS and FTP) support w/ -DEXIV2_ENABLE_WEBREADY=ON -DEXIV2_ENABLE_CURL=OFF, in which case you'll only have the internal (unsafe?) HTTP implementation, or you can turn that off completely as well w/ -DEXIV2_ENABLE_WEBREADY=OFF.

Answer 3 · 2024-02-08T10:05:06.000Z

@jim-easterbrook Please consider closing if you're happy with the answers. I don't believe there is anything further to do here from exiv2 point of view...

Answer 4 · 2024-02-08T10:25:01.000Z

Yup, it looks as if I can't reduce the size much without losing https:// access, which is pretty much essential these days. Thanks for looking into it.