Skip to content

Update the Static SDK for Linux #488

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Update the Static SDK for Linux #488

wants to merge 3 commits into from

Conversation

@al45tair
Copy link
Contributor

@al45tair al45tair commented Jul 25, 2025

Updated the versions of:

  • libxml2 (2.14.5)
  • curl (8.15.0)
  • BoringSSL (newer SHA)

and added:

  • bzip2 (1.0.8)
  • xz-utils (5.8.1)
  • libarchive (3.8.1)
  • mimalloc (2.2.4)

Plus two security patches for musl to fix CVE-2025-26519.

Also link mimalloc by default, so programs using the Static SDK for Linux get a better memory allocator out of the box.

rdar://156423711

@al45tair al45tair requested a review from shahmishal as a code owner July 25, 2025 18:00
@al45tair
Copy link
Contributor Author

al45tair commented Jul 25, 2025

This will require updates to the Static SDK build job, because it changes the versions of dependencies and adds some dependencies. Also, we will need to check the licensing situation before merging this.

@al45tair al45tair marked this pull request as draft July 25, 2025 18:02
@al45tair
Update the Static SDK for Linux
50b6c1f 
Updated the versions of:

- libxml2 (2.14.5)
- curl (8.15.0)
- BoringSSL (newer SHA)

and added:

- bzip2 (1.0.8)
- xz-utils (5.8.1)
- libarchive (3.8.1)
- mimalloc (2.2.4)

Plus two security patches for musl to fix CVE-2025-26519.

Also link mimalloc by default, so programs using the Static SDK for Linux
get a better memory allocator out of the box.

rdar://156423711
@al45tair
[Static SDK] Tweak build script slightly.
00c0d27 
We need to run the build and install of bzip2 together, otherwise
bzip2 tries to run tests, which won't necessarily work when cross
compiling for a different architecture.

We also want to remove various directories from the final result.

Oh, and we don't want to build libxml2 with lzma support either,
otherwise we'll have to link with liblxma whenever we use libxml2.
@al45tair
[Static SDK] Replace malloc with mimalloc.
2218482 
To do this properly, we remove all of the allocator implementation from
`libc.a` and `libc++abi.a`, and add `mimalloc.o`, mimalloc's static
implementation, directly to `libc.a`.
@al45tair al45tair marked this pull request as ready for review October 6, 2025 09:51
@al45tair
Copy link
Contributor Author

al45tair commented Oct 6, 2025

Ideally we should land swiftlang/swift#84705 and swiftlang/swift#84706 first, as that will mean that all builds of the 0.1.0 version of the Static SDK for Linux will have library evolution disabled. That seems cleaner than landing this one first.

@marcprux
Copy link
Contributor

marcprux commented Nov 1, 2025

Tangential to this PR, but I'd like to align Android's dependencies with these. A few questions:

  • Any particular reason for the specific BORINGSSL_VERSION=817ab07ebb53da35afea409ab9328f578492832d?
  • Is the addition of the bzip2, libarchive, mimalloc, and xz dependencies somehow related to the version bumps for boringssl, libcurl, or libxml2?

@al45tair
Copy link
Contributor Author

al45tair commented Nov 10, 2025

Any particular reason for the specific BORINGSSL_VERSION=817ab07ebb53da35afea409ab9328f578492832d?

Yes. I chose the hash Swift NIO is currently using. The problem with BoringSSL is that it doesn't actually have proper releases; the BoringSSL maintainers actively talk to the NIO maintainers and that's how they get the hash to use. We should ideally pick up the same hash whenever they change it (it might be better to just check out the NIO repository to get the version we need, but that's not a change I've made here).

Is the addition of the bzip2, libarchive, mimalloc, and xz dependencies somehow related to the version bumps for boringssl, libcurl, or libxml2?

No. Those were requests that I had from various parties: mimalloc because the Musl memory allocator is poor; bzip2, libarchive and xz because some folks wanted to use those compression libraries and I thought it made sense to make them part of the SDK itself, given how prevalent their use is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shahmishal shahmishal shahmishal approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@al45tair @marcprux @shahmishal