pdns icon indicating copy to clipboard operation
pdns copied to clipboard
verified publisher icon PowerDNS

Ponder dropping `libsystemd` dependency

Open rgacogne opened this issue 1 year ago • 3 comments

  • Program: Authoritative, Recursor, dnsdist
  • Issue type: Feature request

Short description

On Linux systems where libsystemd is available all three products automatically link against it. Given the recent xz drama, I'm wondering if it would make sense to re-implement the communication primitives we need and drop this dependency, especially since the interface has been stable for a long time. For auth and dnsdist this means re-implementing sd_notify which is easy. For the recursor (and possibly auth and dnsdist in the near future) it means sd_notify, sd_journal_sendv and sd_journal_stream_fd, which seems significantly harder. It might not make sense in the end, but I feel it's worth looking into to understand the trade-off.

rgacogne avatar Apr 01 '24 12:04 rgacogne

This sounds like a lot of work for little to no gain; is the concern here that libsystemd links to many other libraries and one of those libraries could be used to compromise auth/rec/dnsdist?

kpfleming avatar Apr 01 '24 12:04 kpfleming

Yes, and I agree it might not be worth it, I just want to make sure we know why we do it. I know systemd is working on not loading the compression libraries unless they are actually used, which will make the situation better, but the libraries would still show up in the transitive dependencies of our products.

rgacogne avatar Apr 01 '24 12:04 rgacogne

Systemd apparently did some efforts on cleaning things up in that regard: https://chaos.social/@[email protected]/112208167240646037

Also https://chaos.social/@[email protected]/112202687973228580 might be of interest 😊

christian-heusel avatar Apr 05 '24 00:04 christian-heusel