Bug 1442133 - Do not link libkrad, liblber, libldap_r and libsss_nss_idmap to every binary in IPA
Summary: Do not link libkrad, liblber, libldap_r and libsss_nss_idmap to every binary ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Scott Poore
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-13 15:48 UTC by Petr Vobornik
Modified: 2017-08-01 09:48 UTC (History)
6 users (show)

Fixed In Version: ipa-4.5.0-7.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:48:56 UTC
Target Upstream Version:


Attachments (Terms of Use)
ipa 4.5 linktest output (3.35 KB, text/plain)
2017-05-25 13:46 UTC, Scott Poore
no flags Details
ipa 4.4 linktest output (3.94 KB, text/plain)
2017-05-25 13:51 UTC, Scott Poore
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Petr Vobornik 2017-04-13 15:48:33 UTC
Cloned from upstream: https://pagure.io/freeipa/issue/6846

The libkrad, liblber, libldap_r and libsss_nss_idmap libraries are uncoditionally linked in every binary and library built in IPA, even where they are not used. This creates a lot of unnecessary dependencies everywhere. Stop doing this to remote the unnecessary dependencies.

Comment 2 Petr Vobornik 2017-04-13 15:48:50 UTC
Upstream ticket:
https://pagure.io/freeipa/issue/6846

Comment 5 Scott Poore 2017-05-25 13:46:25 UTC
Verified.

Version ::

ipa-server-4.5.0-13.el7.x86_64

Result ::


[root@rhel7-3 ~]# cat linktest.sh 

for rpm in ipa-server ipa-client; do
    echo
    echo "++++++++++++++ $rpm +++++++++++++++"
    echo
    for file in $(rpm -ql $rpm|egrep "/sbin/|/bin/|lib.*.so$"); do
        file $file|grep -q ELF
        if [ $? -eq 0 ]; then
            echo "    ============= $file ==============="
            ldd $file |sort | egrep "libkrad|liblber|libldap_r|libsss_nss_idmap"|awk '{print "      " $1 " " $2 " " $3}'
        fi
    done
done

[root@rhel7-3 ~]# rpm -q ipa-server
ipa-server-4.5.0-13.el7.x86_64

[root@rhel7-3 ~]# sh linktest.sh > ipa450_linktest.out 

# Then on a RHEL7.3 server:

[root@ipa1 ~]# sh linktest > ipa440_linktest.out 

[root@ipa1 ~]# scp ipa440_linktest.out root@192.168.122.73:/root
Password: 
ipa440_linktest.out                                                  100% 4034     3.9KB/s   00:00    

# Now to compare and see what's changed:

[root@rhel7-3 ~]# diff ipa440_linktest.out ipa450_linktest.out 
5d4
<       libkrad.so.0 => /lib64/libkrad.so.0
9d7
<       libkrad.so.0 => /lib64/libkrad.so.0
13d10
<       libkrad.so.0 => /lib64/libkrad.so.0
17d13
<       libkrad.so.0 => /lib64/libkrad.so.0
22d17
<       libkrad.so.0 => /lib64/libkrad.so.0
26d20
<       libkrad.so.0 => /lib64/libkrad.so.0
30d23
<       libkrad.so.0 => /lib64/libkrad.so.0
34d26
<       libkrad.so.0 => /lib64/libkrad.so.0
38d29
<       libkrad.so.0 => /lib64/libkrad.so.0
42d32
<       libkrad.so.0 => /lib64/libkrad.so.0
46d35
<       libkrad.so.0 => /lib64/libkrad.so.0
50d38
<       libkrad.so.0 => /lib64/libkrad.so.0
54d41
<       libkrad.so.0 => /lib64/libkrad.so.0
58d44
<       libkrad.so.0 => /lib64/libkrad.so.0
62d47
<       libkrad.so.0 => /lib64/libkrad.so.0
64d48
<       libkrad.so.0 => /lib64/libkrad.so.0
66d49
<       libkrad.so.0 => /lib64/libkrad.so.0
73a57
>       libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2
75a60
>       libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2


You can see that most of the differences above are that the libkrad links are no longer included in the ipa4.5 binaries.

Comment 6 Scott Poore 2017-05-25 13:46:59 UTC
Created attachment 1282267 [details]
ipa 4.5 linktest output

Comment 7 Scott Poore 2017-05-25 13:51:23 UTC
Created attachment 1282269 [details]
ipa 4.4 linktest output

Comment 8 errata-xmlrpc 2017-08-01 09:48:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304


Note You need to log in before you can comment on or make changes to this bug.