Red Hat Bugzilla – Bug 187695
rpm2cpio linked against fewer libraries
Last modified: 2007-11-30 17:11:29 EST
The rpm2cpio binary included in Fedora's rpm package is linked against openssl and neon among other libraries. But it doesn't really need them. (eg if you replace these libraries with dummy symlinks to some unrelated library, rpm2cpio will work and extract the contents of a package.) Because rpm2cpio is an important rescue tool in the event the normal rpm program stops working, it should not be linked against extraneous libraries. Can you change the build process to not use -lopenssl, etc. when linking rpm2cpio?
Use /usr/lib/rpm/rpm2cpio.sh instead.
>Use /usr/lib/rpm/rpm2cpio.sh instead. Cool, didn't know about that. Shouldn't it be installed in bin instead of lib?
There are a lot of binaries/executables that are installed in /usr/lib/rpm. Its been this way forever. One could argue they are misplaced, but historicaly they have always been there, so its kind of moot point (or maybe it not). Also, I have a perl implementation of the same thing if you would like it. Pretty, much its pure perl except for the cpio part (no libcpio out there that was usuable that I could find; and there is now Archieve::CPIO module for perl either).