git: openjdk/leyden: hermetic-java-runtime: 2 new changesets

duke duke at openjdk.org
Fri May 23 21:45:04 UTC 2025 

Changeset: 0b721ade
Branch: hermetic-java-runtime
Author:    Jiangli Zhou <jianglizhou at google.com>
Date:      2025-05-23 13:30:02 +0000
URL:       https://git.openjdk.org/leyden/commit/0b721adebe5fe898dec1bd6c02e951789d1e6c5a

Collect static libraries from used .jmod files and include the static libraries in the native linking command.

Implement `extra-link-flags` sub-command support. If `--link-hermetic-image extra-link-flags=<linking_flags>` is
specified, the static libraries from the .jmod files are collected and added to the linking flags provided by
`extra-link-flags`. The current implementation only supports ld or lld on Linux. Work is needed to add other supported
linkers. Additionally, the current code assumes the linker, other needed flags and used object files are
correctly includeded in the linking flags provided by 'extra-link-flags' sub-command. That includes an object file
(or a static librart) providing the main entry point.

The current implementation extracts the static libraries from the .jmod files and saves them in a temporary directory
before native linking.

If `-o <output>` is included in the linker options specified in `extra-link-flags`, the output file path is used
for the linked executable. If `-o <output>` is not specified in `extra-link-flags`, the linking flag is added to
the native linking command by the current implementation. The output file path is resolved against the temporary
directory.

Example of a jlink command using the '--link-hermetic-image extra-link-flags=<linking_flags>' sub-command:

```
$ /.../home/jianglizhou/github/hermetic-linking-natives/build/linux-x86_64-server-fastdebug/jdk/bin/jlink --hermetic --link-hermetic-image extra-link-flags="/usr/bin/g++ -Wl,-z,defs -Wl,-z,relro -Wl,-z,now -Wl,--no-as-needed -Wl,-z,noexecstack -m64 -pie -Wl,-z,defs -Wl,-z,relro -Wl,-z,now -Wl,--no-as-needed -Wl,-z,noexecstack -m64 -Wl,-rpath,\$ORIGIN -Wl,--disable-new-dtags -Wl,-rpath,\$ORIGIN/../lib -Wl,--disable-new-dtags  /.../home/jianglizhou/github/hermetic-linking-natives/build/linux-x86_64-server-fastdebug/support/static-native/launcher/main.o -Wl,--export-dynamic -lX11 -lXext -lXi -lXrender -lXtst -lasound -ldl -lfreetype -lm -lpthread -lrt -lz -static-libgcc -static-libstdc++ -static-libstdc++ -static-libgcc" --module-path "/.../home/jianglizhou/github/hermetic-linking-natives/build/linux-x86_64-server-fastdebug/images/static-jdk/jmods" --endian little --hermetic-resources /java.base/conf/security/java.security=/java.base/java/security/java.security,/java.logging/conf/loggin
 g.properties=/java.logging/java/util/logging/logging.properties,/java.base/conf/net.properties=/java.base/sun/net/net.properties,/java.desktop/lib/psfont.properties.ja=/java.desktop/sun/print/psfont.properties.ja,/java.desktop/lib/psfontj2d.properties=/java.desktop/sun/print/psfontj2d.properties,/java.base/lib/security/blocked.certs=/java.base/sun/security/util/blocked.certs,/java.base/lib/security/cacerts=/java.base/sun/security/util/cacerts,/java.base/lib/security/public_suffix_list.dat=/java.base/sun/security/util/public_suffix_list.dat,/java.base/lib/security/default.policy=/java.base/sun/security/provider/default.policy,/java.base/conf/security/java.policy=/java.base/sun/security/provider/java.policy,/java.base/conf/security/policy/limited/default_US_export.policy=/java.base/javax/crypto/limited_default_US_export.policy,/java.base/conf/security/policy/limited/default_local.policy=/java.base/javax/crypto/limited_default_local.policy,/java.base/conf/security/policy/limited/exempt
 _local.policy=/java.base/javax/crypto/limited_exempt_local.policy,/java.base/conf/security/policy/unlimited/default_US_export.policy=/java.base/javax/crypto/unlimited_default_US_export.policy,/java.base/conf/security/policy/unlimited/default_local.policy=/java.base/javax/crypto/unlimited_default_local.policy --generate-jli-classes=@/.../home/jianglizhou/github/hermetic-linking-natives/build/linux-x86_64-server-fastdebug/support/link_opt/default_jli_trace.txt --add-modules demo --keep-packaged-modules /.../home/jianglizhou/github/hermetic-linking-natives/build/linux-x86_64-server-fastdebug/images/jdk/jmods1 --output demo-image
```

On Linux-x64, for the `demo.Hello` app the size of the final executable image linked using a `release` static-jdk is
about 57MiB.

```
package demo;

public class Hello {
    public static void main(String args[]) {
        System.out.println("Hi!");
    }
}
```

! src/jdk.jlink/share/classes/jdk/tools/jlink/internal/ImageFileCreator.java
! src/jdk.jlink/share/classes/jdk/tools/jlink/internal/JmodArchive.java
! src/jdk.jlink/share/classes/jdk/tools/jlink/internal/LinkableRuntimeImage.java
! src/jdk.jlink/share/classes/jdk/tools/jlink/internal/plugins/LinkHermeticImagePlugin.java

Changeset: 34d3a098
Branch: hermetic-java-runtime
Author:    Jiangli Zhou <jianglizhou at google.com>
Date:      2025-05-23 14:22:33 +0000
URL:       https://git.openjdk.org/leyden/commit/34d3a0984ac801e9d57070c7150a04873c1728b9

Merge branch 'hermetic-java-runtime' of github.com:openjdk/leyden into hermetic-java-runtime

More information about the leyden-dev mailing list