On Thu, Mar 17, 2005, SÅ?awek Å»ak wrote: > Hi, > > What was the motivation for adding library dependencies, when OpenPKG > is always using static linking. Upgrading i.e. OpenSSL when there is a > security bug found, won't make OpenSSH and others, non-vulnerable > automatically. A recompilation is needed. Build prerequisite is > enough. Can't these dependencies be removed? What is gained when they > are kept?
"openpkg build" reinstalls all dependent packages. There is a trap, though. When used without the "-u"-option, those packages that already have an actual binary package in $prefix/RPM/PKG are not recompiled. Instead, only the binary package is reinstalled with "rpm -Uvh", which is a pretty useless action. Well, when a package is used als "BuildReq" this may be a useful behaviour, but i use "openpkg build -K" anyway. Example: When one compiles e.g. the current curl, the binary package is "saved" in $prefix/RPM/PKG. Then, when openssl needs a rebuild and this is done with "openpkg build openssl", the resulting script does not recompile curl, but just reinstalls the binary package from $prefix/RPM/PKG. "openpkg build -u openssl" ignores the existing binary package and recompiles from the source instead, which is important because of the static linking. (mk) -- Matthias Kurz; Fuldastr. 3; D-28199 Bremen; VOICE +49 421 53 600 47 >> Im prämotorischen Cortex kann jeder ein Held sein. (bdw) << ______________________________________________________________________ The OpenPKG Project www.openpkg.org Developer Communication List openpkg-dev@openpkg.org
