>From IRC discussion: [13:20] <cpaelzer> xnox: hey I'd need your help/guidance on libnss that you touched recently [13:20] <cpaelzer> it has headers like /usr/include/nss/hasht.h which are backed by a .so in a subdir /usr/lib/x86_64-linux-gnu/nss/libfreebl3.so [13:20] <cpaelzer> those are usually not meant to be direct includes, but it has symbols for it and everything [13:21] <cpaelzer> it currently breaks the change of a lib usage that is not in main to use nss for this instead [13:21] <cpaelzer> so I wonder if that lib should maybe not be in the subpath, but actually directly in /usr/lib/x86_64-linux-gnu/ [13:22] <cpaelzer> xnox: slangasek pointed out that you touched it recently, so we had some hope you might have a hint on this [13:22] <cpaelzer> as it seems not really to be ment for dlopen only (symbols/headers available "normally") [13:23] <cpaelzer> I'm on sprint, so latency to reply is high, but it would be great to hear your insight on this [13:24] <xnox> cpaelzer, i will look into it. It does seem odd.... unless like libnss.so itself knows how to dlopen extra things. [13:24] <xnox> can't recall anything special around it, off the top of my head. [13:27] <cpaelzer> xnox: thanks for taking a look [13:28] <cpaelzer> xnox: if it is meant to be internal only ok, but if not making it properly public would be great [14:55] <xnox> cpaelzer, i am failing to understand what it is; but on e.g. Fedora, they have a separate source package nss-softokn which does have binary packages nss-softokn-freebl[-devel] which does ship those libs as normal public libraries; they also have some dracut snippets to include those into initramfs.... [14:55] <xnox> they have .chk files and can be used in FIPS mode [14:55] <xnox> not sure about /usr/lib/x86_64-linux-gnu/nss/libnssckbi.so what that one is yet, as it does not appear to be anywhere. [14:57] <xnox> oh maybe that one is in the base nss package, one sec.
I'll loose connection soon, so lets continue in this bug to not loose it -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1744328 Title: libfreebl3.so should be public, not in the nss subdir Status in nss package in Ubuntu: New Bug description: Hi, I tried to move the chrony dependency from tomcrypt to libnss to avoid universe dependencies. While doing so I found that libfreebl3 is not "normally" linkable being outside the normal ld paths. E.g. sample program #include <nss.h> #include <hasht.h> #include <nsslowhash.h> int main(int argc, char **argv) { NSSLOWHASH_Begin(NSSLOWHASH_NewContext(NSSLOW_Init(), HASH_AlgSHA512)); return 0; } Build: gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wmissing-prototypes -Wall -pthread -Wdate-time -D_FORTIFY_SOURCE=2 -I/usr/include/nss -I/usr/include/nspr -o docheck docheck.c -lfreebl3 -Wl,-Bsymbolic-functions -Wl,-z,relro -v -Wl,-v -L/usr/lib/x86_64-linux-gnu/nss Then: ldd docheck will give you libfreebl3.so => not found Obviously a link into /usr/lib/x86_64-linux-gnu/ fixes the issue but needs some more consideration if that is the thing we want (there might be a reason it is where it is). Note: Required to go on with the chrony MIR which is rather urgent to be sorted out as it has a lot of other dependencies that need to be adapted. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1744328/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
