Bug 689043

Summary: NetworkManager-openconnect : does not adhere to Static Library Packaging Guidelines
Product: [Fedora] Fedora Reporter: Michael Schwendt <bugs.michael>
Component: NetworkManager-openconnectAssignee: David Woodhouse <dwmw2>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: dcbw, dwmw2
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-19 00:16:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michael Schwendt 2011-03-18 22:09:35 UTC 
NetworkManager-openconnect-0.8.1-4.fc16.src
is missing
BuildRequires: openconnect-devel-static

[...]

https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries_2

If a library you depend on only provides a static version your package can link against it provided that you BuildRequire the *-static subpackage. Packagers in such a situation should be aware that if a shared library becomes available, that you should adjust your package to use the shared library.
Comment 1 David Woodhouse 2011-03-19 00:16:39 UTC 
That's a weird rule. NetworkManager-openconnect doesn't care if the library is shared or static. It just requires pkgconfig(openconnect).

"Fixed" in NetworkManager-openconnect-0.8.1-5.fc16. I'll remove it again as soon as there's an independent user of libopenconnect and I'm happy to declare the library API stable.
Comment 2 Michael Schwendt 2011-03-19 07:55:38 UTC 
The rule isn't that weird. It makes it possible to repoquery for packages which are built with a static library package. Without a clear dependency on the -static package(s), the analysis would be much more expensive (like checking dozens of -devel dependencies for whether the build is really shared only). In case of a required rebuild due to a securited related fix in a static lib, this can be very helpful.
Comment 3 David Woodhouse 2011-03-19 08:44:41 UTC 
I suppose so. And while the package theoretically doesn't care if it's built with a static or shared library, it sure as hell *does* care if it's built with a static library, and there's a security flaw in the library so it needs to be rebuilt.