Bug#139320: dpkg: dpkg-deb does not dynamically link libz

To: submit@bugs.debian.org
Subject: Bug#139320: dpkg: dpkg-deb does not dynamically link libz
From: Daniel Quinlan <quinlan@pathname.com>
Date: Thu, 21 Mar 2002 02:15:39 -0800
Message-id: <[🔎] E16nzbf-0003Bk-00@proton.pathname.com>
Reply-to: Daniel Quinlan <quinlan@pathname.com>, 139320@bugs.debian.org

Package: dpkg
Version: 1.9.20
Severity: normal

/usr/bin/dpkg-deb links with libz statically which is a waste of space
with no performance benefit (sometimes faster, sometimes slower, but
never significantly slower or faster) and leads to extra maintenance and
unnecessary added security risk (see security bug #137931: dpkg: dpkg-deb
includes static zlib code). 

When you add the overhead of dpkg and apt, any performance difference
here is completely swamped.  (It actually seems like shared is faster on
average in my system, but it could be slower on someone elses.)

Also, given the dependencies on c++ and ncurses already, adding libz which
dozens of packages depend on seems like a trivial addition.

I compiled a version of dpkg-deb that links with libz dynamically to verify
that there was no performance degradation.

dpkg-deb

real    0m17.503s
user    0m13.920s
sys     0m3.580s

dpkg-deb.shared

real    0m17.435s
user    0m13.980s
sys     0m3.450s

Here is the test script I used:

------------------------------------------------------------------------
#!/bin/sh

f="awstats_3.2-10_all.deb netpbm_2%3a9.20-7_i386.deb thttpd_2.21b-9_i386.deb"

ls -Slr $f

for version in dpkg-deb dpkg-deb.shared; do

time sh <<EOF
	echo $version
	for repeat in 1 2 3 4 5; do
	    for deb in $f; do
		$version -c \$deb >/dev/null
	    done
	done
EOF

done
------------------------------------------------------------------------

$ ldd `which dpkg-deb.shared`
        libz.so.1 => /usr/lib/libz.so.1 (0x40019000)
        libc.so.6 => /lib/libc.so.6 (0x40028000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
$ ldd `which dpkg-deb`
        libc.so.6 => /lib/libc.so.6 (0x40019000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Okay, space savings?

$ ls -al /usr/bin/dpkg-deb*
-rwxr-xr-x    1 root     root       112040 Mar 17 01:54 /usr/bin/dpkg-deb
-rwxr-xr-x    1 root     root        67484 Mar 21 02:05 /usr/bin/dpkg-deb.shared

-- System Information
Debian Release: 3.0
Kernel Version: Linux proton 2.2.20 #1 Wed Jan 9 15:44:45 PST 2002 i486 unknown

Versions of the packages dpkg depends on:
ii  libc6          2.2.5-3        GNU C Library: Shared libraries and Timezone
ii  libncurses5    5.2.20020112a- Shared libraries for terminal handling
ii  libstdc++2.10- 2.95.4-1       The GNU stdc++ library

Reply to:

Follow-Ups:
- Bug#139320: dpkg: dpkg-deb does not dynamically link libz
  - From: Adam Heath <doogie@debian.org>
- Bug#139320: marked as done (dpkg: dpkg-deb does not dynamically link libz)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#139159: dpkg-source has no case insensitivity for some fields
Next by Date: Processed: not reproducible
Previous by thread: Bug#139159: dpkg-source has no case insensitivity for some fields
Next by thread: Bug#139320: dpkg: dpkg-deb does not dynamically link libz
Index(es):
- Date
- Thread