Re: libcacard: linking with too many libs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/09/2015 03:18 AM, Michael Tokarev wrote:

Hello.

I tried to package libcacard, and come across a small thing.

The library is uselessly linked with too many libs
from the nss family, namely, the following libs are
not needed:

libplds4.so libplc4.so libssl3.so libsmime3.so libnssutil3.so
libplds4.so libpkc4.so and libnssutil3.so are used by NSS itself, so that doesn't save anything,b but libsime3.so and libssl3.so can definitely be dropped off. They were built as separate libraries specifically to allow them to drop out. 

(only libnss3.so is actually needed, it seems, maybe also
libnspr4.so).

I don't know how easy it will be to fix this, since it appears
to be libnss bug, its pkg-config file does not let to choose a
subset of all libnss functionality to be queried.

Maybe --as-needed linker flag will help, but unfortunately it
badly iteracts with libtool, -- even when I make with
CC="gcc -Wl,--as-needed", libtool puts all the objects and libs
BETWEEN "gcc" and "-Wl,--as-needed", so --as-needed does not
work.

On a related note, vscclient is linked with all the same libs,
even when it does not actually use any of them.  For this binary,
separate list of libs should be used in the Makefile, namely,
it only needs glib and libcacard itself, not nss libs.
This will require re-making src/Makefile.am to be the real thing,
not the git.mak as it is now.

Again, it might be possible to use --as-needed here.

And on a general note, can we avoid nss libs altogether?
For example, qemu now links amost all crypto libs out there,
it uses (directly or indirectly) libssl, gnutls and nss.
 From those, nss is only used in libcacard, maybe it is
easy to switch to one of the other implementations?
NSS is doing the actual access to the smart card for you. It would require rewriting libcaccard to drop it. You actually aren't using the crypto, you are using the smart card library part of NSS. 

bob


Thanks,

/mjt
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]