[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: packaging a static library



On Tue, 29 Dec 2009 10:52:54 +0000, Daniel wrote:

> Hi,
> 
> OLPC's security system uses libtomcrypt / tomsfastmath, both at the
> Linux level and the firmware level.
> 
> OLPC has previously had a specific version of tomcrypt/tommath
> profesionally audited for security reasons. So we obviously want to
> stick with that version.
> 
> A few packages we have in Fedora currently use this frozen, audited
> version - we do so by shipping duplicate copies of that source code
> within the individual packages, rather than linking against the dynamic
> systemwide equivalents.
> 
> As we're now looking at making another package which uses yet another
> duplicate copy of this code base I'm wondering if we can do it better.
> 
> Could I add a package, named olpc-bios-crypto-devel (a subpackage of the
> to-be-packaged olpc-bios-crypto), which installs the .a files for the
> audited libraries somewhere on the system?
> 
> Then the individual components that rely on this library (e.g. bitfrost,
> olpc-contents, olpc-bios-crypto) would have a BuildRequires dependency
> on olpc-bios-crypto-devel and build against the 'systemwide' static .a
> library files.
> 
> Or am I going too far against common packaging practice at this point?
> Any alternative suggestions?

There is

  https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries

and

  https://fedoraproject.org/wiki/Packaging:Guidelines#Staticly_Linking_Executables

already. These guidelines explain how to name static library packages
and how to build-require them.

You didn't comment on those guidelines at all.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]