The Twelve-Factor App manifesto says that it is for web applications that "... Have a clean contract with the underlying operating system, offering maximum portability between execution environments" [emphasis added by me]
But then it says:
Twelve-factor apps also do not rely on the implicit existence of any system tools. Examples include shelling out to
ImageMagick
orcurl
. While these tools may exist on many or even most systems, there is no guarantee that they will exist on all systems where the app may run in the future, or whether the version found on a future system will be compatible with the app. If the app needs to shell out to a system tool, that tool should be vendored into the app.
and they have earlier defined "vendored into the app" as:
scoped into the directory containing the app (known as “vendoring” or “bundling”).
How should this be done, when (on Linux at least) native 64-bit executables do not run in 32-bit environments, for example - let alone on other operating systems? Or is there a better way of handling this portability issue?
In my opinion, it shouldn't be done at all. This is because:
ImageMagick
s - or even curl
s - may have security bugs which could allow your application to be compromised. (This is a bit of a contentious point - its validity depends on who you trust more to watch for / apply security updates - the people who maintain and upgrade the servers, or the developers? Of course they might be the same people - for now. But my working assumption here is that the servers would have updates applied eventually, which would in turn protect your app from security holes in system executables that have been fixed in the updates.)My view: If your dependency management system of choice simply point-blank cannot handle native executables, stick a note in the README and be done with it. If you don't have a README, create one. And (for in-house web apps) add the native tools you need to your standard server image or script that you use when setting up a server, and make sure you keep an additional note of why they are there.