[sabayon-dev] Using static-libs or not.
Would it be smart to enable the use of static-libs on certain packages? Or should it be considered as bloat in Gentoo/Sabayon? How I see it: At compile time if you enable static-libs it will copy all the needed functions from external libs into its own binary blob. Benefits: - Lesser breakage (on the build chroot), smaller deptree (in the binary tree) Downside: - Bigger binaries - A potential security problem if a library dep. had some bug, it is now hardcoded in the binary. Is that manageable? Myself sees it as being bloat and a potential security risk. But maybe that is because I most likely don't 100% understand how it works.
Re: [sabayon-dev] Using static-libs or not.
Dnia 11.06.2012 o 16:56 Joost Ruis joost.r...@sabayonlinux.org napisał(a): Would it be smart to enable the use of static-libs on certain packages? Or should it be considered as bloat in Gentoo/Sabayon? How I see it: At compile time if you enable static-libs it will copy all the needed functions from external libs into its own binary blob. Benefits: - Lesser breakage (on the build chroot), smaller deptree (in the binary tree) Downside: - Bigger binaries - A potential security problem if a library dep. had some bug, it is now hardcoded in the binary. Is that manageable? Myself sees it as being bloat and a potential security risk. But maybe that is because I most likely don't 100% understand how it works. global:static-libs: Build static libraries It's used to build .a files and install them. You've confused the flag (which seems a bit common) with static: global:static: !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically. So: USE=static - as you've said, better not (bloat, security); USE=static-libs - those .a files aren't normally needed, so no need to enable it unless explicitly requested by someone or a package, in my oppinion. SN
Re: [sabayon-dev] Using static-libs or not.
I include some messages from #sabayon-dev that I think could be useful for this subject: scarabeus joost_op: by default static libs are useless, but they should be provided in similar fashion like debug symbols micia I agree with scarabeus micia I'd be inclined not to use them :P micia scarabeus, by the way, what does Gentoo mean with static_libs micia compile _also_ a static lib version scarabeus micia: exactly micia or compile _a_ static lib version scarabeus nto static lib version scarabeus compile also static library for selected package AStorm the former scarabeus so you get both mylib.so and mylib.a AStorm exactly. USE=static is more general and unpredictable though micia then yes, there should be a debug symbols analogy in entropy scarabeus it is not resulting package compiled statically AStorm usually it means link statically, but there are exceptions micia got what that means micia definitely either we don't want it, or we want a debug symbols analogy scarabeus you want it AStorm what's next, ripping out headers? AStorm ;p scarabeus some users might need it for developers micia scarabeus, yes, but we don't want it by default scarabeus AStorm: did you see how rpms are split? scarabeus AStorm: there is reason why we do it that way AStorm yes, it's quite insane AStorm entropy has better things than many similarly-named packages AStorm extend splitdebug a bit and there it is micia AStorm, exactly, that's how it should be, and personally I think that should be done for headers too AStorm perhaps - it's not that the headers are usually too heavy - might not be worth the extra complexity AStorm perhaps for various media files and static libs micia yes, if it is too complex maybe it's not worth it, but it would be nice, it would make the system a bit cleaner Il 11/06/2012 16:56, Joost Ruis ha scritto: Would it be smart to enable the use of static-libs on certain packages? Or should it be considered as bloat in Gentoo/Sabayon? How I see it: At compile time if you enable static-libs it will copy all the needed functions from external libs into its own binary blob. Benefits: - Lesser breakage (on the build chroot), smaller deptree (in the binary tree) Downside: - Bigger binaries - A potential security problem if a library dep. had some bug, it is now hardcoded in the binary. Is that manageable? Myself sees it as being bloat and a potential security risk. But maybe that is because I most likely don't 100% understand how it works. -- Lorenzo Cogotti
Re: [sabayon-dev] Using static-libs or not.
While split-debug symbols have predictable paths (/usr/lib/debug), static libs and headers don't. This is a very good reason in favour of avoiding to hardcode stuff like that in the Entropy codebase. USE=static-libs is fine as it is. If a pkg requires foo[static-libs] then it's fine to enable the use flag, otherwise in my opinion the flag itself is just a dontcare thing. -- Fabio Erculiani
Re: [sabayon-dev] Using static-libs or not.
s:in favour of avoiding to hardcode:to avoid hardcoding: better I think. -- Fabio Erculiani
