Bug 609613

Summary: nss-softokn : does not adhere to Static Library Packaging Guidelines
Product: [Fedora] Fedora Reporter: Michael Schwendt <bugs.michael>
Component: nss-softoknAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 14CC: emaldona, kengert, pasteur, rrelyea
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: nss-util-3.12.8-1.fc12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-10-05 13:38:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Schwendt 2010-06-30 16:58:40 UTC
https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries_2

Build: nss-softokn-3.12.6-3.fc14.src.rpm

nss-softokn-freebl-devel
    contains only static libraries,
    but no virtual -static package is provided

Comment 1 Bug Zapper 2010-07-30 12:20:22 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Comment 2 Elio Maldonado Batiz 2010-09-14 18:12:17 UTC
* In general, packagers are strongly encouraged not to ship static libs unless a compelling reason exists.

Usage of static libraries is internal to nss. We do have loading code to load 
the crypto library dynamically. Yes, static linking with a library that dynammically (via ldopen) loads the crypto libarries. That way no one needs to
include -lsoftoknb3 -lfreebl3 in their conpile line.

There is exception to the rule. glibc ships a mini crypto library for doing hashes and it calls libfreebl3.so which has some special API for it.
[...]$ ldd /lib/libcrypt.so.1
	linux-gate.so.1 =>  (0x005b8000)
	libc.so.6 => /lib/libc.so.6 (0x00110000)
	libfreebl3.so => /lib/libfreebl3.so (0x06a69000)
	/lib/ld-linux.so.2 (0x0048f000)
	libdl.so.2 => /lib/libdl.so.2 (0x0066b000)

.....

The client code of nss generally invokes crypto services via the PK11_ wrapper calls in nss (libnss3.so) and not via calls to libraries in nss-softokn. In fact the higher layes of nss use dynamic linking and don't even expose the libaries nsss-softokn. 

For example, let's look at nss
[... ~]$ ldd /usr/lib/libnss3.so
	linux-gate.so.1 =>  (0x0037b000)
	libnssutil3.so => /usr/lib/libnssutil3.so (0x05435000)
	libplc4.so => /lib/libplc4.so (0x02baf000)
	libplds4.so => /lib/libplds4.so (0x02ba9000)
	libnspr4.so => /lib/libnspr4.so (0x03507000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x00672000)
	libdl.so.2 => /lib/libdl.so.2 (0x0066b000)
	libc.so.6 => /lib/libc.so.6 (0x004b1000)
	/lib/ld-linux.so.2 (0x0048f000)

Similarly with the other libraries from the nss package, you won't see references to softoken. 

"Packages which explicitly need to link against the static version must BuildRequire: foo-static, so that the usage can be tracked."

I still need to understand better the implications of the "-static" suffix before I change the spec file. Do I really need it?

Comment 3 Michael Schwendt 2010-09-14 18:44:02 UTC
> I still need to understand better the implications of the
> "-static" suffix before I change the spec file.

It is a package naming suffix similar to -devel, but for (sub-)packages which contain static libraries. These (sub-)packages can also be virtual ones, e.g. as explained in the linked guidelines for the case when a library -devel packages doesn't contain shared libs. In package  nss-softokn-freebl-devel  you would add

  Provides: nss-softokn-freebl-static = %{version}-%{release}

and that would suffice. Everything that had  "BuildRequires: nss-softokn-freebl-devel"  before, would need to change that to
"BuildRequires: nss-softokn-freebl-static"  in order to meet the packaging guidelines.


> Do I really need it?

Only with a proper naming scheme for packages, which contain static libraries, it becomes possible to run queries on a src.rpm repository and search for all packages that need -static packages for building.

Exceptions to the packaging guidelines require FESCo approval.

Comment 4 Fedora Update System 2010-09-30 00:25:44 UTC
nss-3.12.7-8.fc14,nss-softokn-3.12.7-7.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/nss-3.12.7-8.fc14,nss-softokn-3.12.7-7.fc14

Comment 5 Fedora Update System 2010-09-30 00:29:43 UTC
nss-3.12.7-8.fc13,nss-softokn-3.12.7-7.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/nss-3.12.7-8.fc13,nss-softokn-3.12.7-7.fc13

Comment 6 Fedora Update System 2010-09-30 05:31:30 UTC
nss-3.12.7-8.fc14, nss-softokn-3.12.7-7.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update nss nss-softokn'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/nss-3.12.7-8.fc14,nss-softokn-3.12.7-7.fc14

Comment 7 Michael Schwendt 2010-10-05 13:38:29 UTC
Closed by: fedora-report-static-batch.py

Comment 8 Fedora Update System 2010-10-07 18:19:36 UTC
nss-3.12.8-2.fc14,nss-softokn-3.12.8-1.fc14,nss-util-3.12.8-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/nss-3.12.8-2.fc14,nss-softokn-3.12.8-1.fc14,nss-util-3.12.8-1.fc14

Comment 9 Fedora Update System 2010-10-08 00:07:56 UTC
nss-util-3.12.8-1.fc12,nss-softokn-3.12.8-1.fc12,nss-3.12.8-2.fc12 has been submitted as an update for Fedora 12.
https://admin.fedoraproject.org/updates/nss-util-3.12.8-1.fc12,nss-softokn-3.12.8-1.fc12,nss-3.12.8-2.fc12

Comment 10 Fedora Update System 2010-10-27 22:30:14 UTC
nss-3.12.8-2.fc13, nss-softokn-3.12.8-1.fc13, nss-util-3.12.8-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2010-10-28 05:47:39 UTC
nss-3.12.8-2.fc14, nss-softokn-3.12.8-1.fc14, nss-util-3.12.8-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2010-11-05 04:45:25 UTC
nss-util-3.12.8-1.fc12, nss-softokn-3.12.8-1.fc12, nss-3.12.8-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.