[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Testing Security team

On 16/10/2007 Reinhard Tartler wrote:
> >> Well, I would consider statically linking a non embedded (i.e. a packaged) 
> >> library a bug... Are there known cases where this is a required condition?
> >
> > cryptsetup is statically linked against libgcrypt and libgpg-error, as
> > both are in /usr/lib, and relying on a mounted /usr is not an option for
> > cryptsetup.
> What are the reasons not to move openssl, libgcrypt and libgpg-error
> from /usr to /?

I don't know, but according to FHS they should be moved:

"The /lib directory contains those shared library images needed to boot
 the system and run the commands in the root filesystem, i.e. by binaries
 in /bin and /sbin." [1]

"/usr/lib includes object files, libraries, and internal binaries that
 are not intended to be executed directly by users or shell scripts." [2]

cryptsetup is at least one binary in /sbin which depends on libgcrypt
and libgpg-error. If i got it right, that should be enough to move the
libs to /lib, correct?

Maybe I should file withlist bugs, and stop building cryptsetup
statically as soon as the libs have been moved...


[1] http://www.pathname.com/fhs/pub/fhs-2.3.html#LIBESSENTIALSHAREDLIBRARIESANDKERN
[2] http://www.pathname.com/fhs/pub/fhs-2.3.html#USRLIBLIBRARIESFORPROGRAMMINGANDPA

Reply to: