Re: Bits from the Testing Security team

To: debian-devel@lists.debian.org
Cc: David Härdeman <david@hardeman.nu>
Subject: Re: Bits from the Testing Security team
From: Jonas Meurer <jonas@freesources.org>
Date: Tue, 16 Oct 2007 15:58:05 +0200
Message-id: <[🔎] 20071016135805.GB11513@freesources.org>
Mail-followup-to: debian-devel@lists.debian.org, David Härdeman <david@hardeman.nu>
In-reply-to: <[🔎] 87abqja2e4.fsf@faui44a.informatik.uni-erlangen.de>
References: <200710142339.02272.sf@debian.org> <[🔎] 20071015090632.GF18217@mithrandir> <[🔎] 20071015092002.GC23422@ngolde.de> <[🔎] 20071015131806.GA22711@mithrandir> <[🔎] 20071016005145.GB7264@freesources.org> <[🔎] 87abqja2e4.fsf@faui44a.informatik.uni-erlangen.de>

On 16/10/2007 Reinhard Tartler wrote:
> >> Well, I would consider statically linking a non embedded (i.e. a packaged) 
> >> library a bug... Are there known cases where this is a required condition?
> >
> > cryptsetup is statically linked against libgcrypt and libgpg-error, as
> > both are in /usr/lib, and relying on a mounted /usr is not an option for
> > cryptsetup.
> 
> What are the reasons not to move openssl, libgcrypt and libgpg-error
> from /usr to /?

I don't know, but according to FHS they should be moved:

"The /lib directory contains those shared library images needed to boot
 the system and run the commands in the root filesystem, i.e. by binaries
 in /bin and /sbin." [1]

"/usr/lib includes object files, libraries, and internal binaries that
 are not intended to be executed directly by users or shell scripts." [2]

cryptsetup is at least one binary in /sbin which depends on libgcrypt
and libgpg-error. If i got it right, that should be enough to move the
libs to /lib, correct?

Maybe I should file withlist bugs, and stop building cryptsetup
statically as soon as the libs have been moved...

greetings,
 jonas

[1] http://www.pathname.com/fhs/pub/fhs-2.3.html#LIBESSENTIALSHAREDLIBRARIESANDKERN
[2] http://www.pathname.com/fhs/pub/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA

Reply to:

References:
- Re: Bits from the Testing Security team
  - From: "Francesco P. Lovergine" <frankie@debian.org>
- Re: Bits from the Testing Security team
  - From: Nico Golde <nico@ngolde.de>
- Re: Bits from the Testing Security team
  - From: "Francesco P. Lovergine" <frankie@debian.org>
- Re: Bits from the Testing Security team
  - From: Jonas Meurer <jonas@freesources.org>
- Re: Bits from the Testing Security team
  - From: Reinhard Tartler <siretart@debian.org>

Prev by Date: Re: why MIA database restricted only for DDs
Next by Date: Re: Bits from the Testing Security team
Previous by thread: Re: Bits from the Testing Security team
Next by thread: Re: Bits from the Testing Security team
Index(es):
- Date
- Thread