Bug 348601 - move NSPR and NSS .so files from /usr/lib to /lib
move NSPR and NSS .so files from /usr/lib to /lib
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Kai Engert (:kaie) (on vacation)
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks: 348411 434395
  Show dependency treegraph
 
Reported: 2007-10-23 06:51 EDT by Karel Zak
Modified: 2008-07-08 00:46 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-08 00:46:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Karel Zak 2007-10-23 06:51:02 EDT
Basic system utils from /sbin and /bin cannot be linked against NSS from /usr/lib. 
(For example /sbin/fsck.cramfs, /sbin/mkfs.cramfs where we use MD5 code.)

Please, move the library to /lib.
Comment 1 Kai Engert (:kaie) (on vacation) 2008-01-07 02:15:52 EST
I assume this means we must move all NSS dependencies, too, to /lib
This includes NSPR
Comment 2 Kai Engert (:kaie) (on vacation) 2008-01-07 02:52:52 EST
I have a patch to both packages that moves the files.
I built and installed locally, and I'm still able to run Firefox, even in FIPS
mode, which means moving the .chk files to /lib was ok, too.

The new listing of the packages is this:

[kaie@intel:~]$ rpm -ql nspr
/lib/libnspr4.so
/lib/libplc4.so
/lib/libplds4.so

[kaie@intel:~]$ rpm -ql nss
/etc/pki/nssdb
/etc/pki/nssdb/cert8.db
/etc/pki/nssdb/key3.db
/etc/pki/nssdb/secmod.db
/etc/prelink.conf.d/nss-prelink.conf
/lib/libfreebl3.chk
/lib/libfreebl3.so
/lib/libnss3.so
/lib/libnssckbi.so
/lib/libnssdbm3.so
/lib/libnsspem.so
/lib/libsmime3.so
/lib/libsoftokn3.chk
/lib/libsoftokn3.so
/lib/libssl3.so
/usr/lib/nss
/usr/lib/nss/unsupported-tools
/usr/lib/nss/unsupported-tools/shlibsign

I'm now testing to build mozilla, to verify the system libs are still found in
that new location.
Comment 3 Kai Engert (:kaie) (on vacation) 2008-01-08 00:29:48 EST
Fixed in:

nspr-4.6.99.2-2.fc9
nss-3.11.99.2b-3.fc9
Comment 4 Kai Engert (:kaie) (on vacation) 2008-02-21 15:47:18 EST
I'm reopening, because there are issues, thanks to Rob for making me aware.

NSS ships both .so files and .a files.
Before this change, all such files were located in the same directory, /usr/lib.

Now, after the change, we have the .so files in /lib and the .a files in /usr/lib.

Which of the following should be done?

(a) move all nss .a files to /lib

(b) change nss-config and pkg-config to list both /lib and /usr/lib

(c) ?

Opinions?
Comment 5 Tomas Mraz 2008-02-21 15:57:49 EST
(c) - move only .so to /lib(64) and make symlink in /usr/lib(64) pointing to
/lib(64), leave nss-config and pkg-config as is.

I think this is the most correct way.
Comment 6 Bob Relyea 2008-02-21 15:59:02 EST
which .a files?

I'm starting to think we need multiple results from pkg-config.

1) applications that just use crypto & certificates (-lnss3 -lnss3util -lsoftoken3)

2) applications that just use ssl (-lssl3 -lnss3 -lnss3util -lsoftoken3 )

3) applications that just use smime (-lsmime3 -lnss3 -lnss3util -lsoftoken3)

4) applications that all shared libraries (-lssl3 -lsmime3 -lnss3 -lnss3util
-lsofotken3 )

5) applications that use various nss .a files.


Default would be 4). 5 would include both /lib and /usr/lib. 5 may be split up
wrt which .a files are included.

I don't think we want to include the nss .a files in /lib.

bob
Comment 7 Kai Engert (:kaie) (on vacation) 2008-02-21 16:17:46 EST
Bob, Tomas, thanks a lot for your quick replies.

(In reply to comment #5)
> (c) - move only .so to /lib(64) and make symlink in /usr/lib(64) pointing to
> /lib(64), leave nss-config and pkg-config as is.

I like this proposal.
I think you want that nss-config and pkg-config point to /usr/lib(64).
(they currently point to /lib(64))


(In reply to comment #6)
> which .a files?

nss-devel has libcrmf.a and
nss-pkcs11-devel has libnssb.a and libbssckfw.a


> I'm starting to think we need multiple results from pkg-config.

This sounds complicated.
I think this proposal will not work as soon as you have an application that
wants to link with both .so files and a .a file (like PSM).


> I don't think we want to include the nss .a files in /lib.

I agree.


Bob, do you think Thomas's proposal is good?
Comment 8 Kai Engert (:kaie) (on vacation) 2008-02-21 16:46:02 EST
I found that "zlib" and "zlib-devel" already implement what Tomas proposes.

$ rpm -ql zlib| grep -w so | xargs ls -ld
lrwxrwxrwx 1 root root    13 13. Jan 04:50 /lib/libz.so.1 -> libz.so.1.2.3
-rwxr-xr-x 1 root root 74928 15. Aug 2007  /lib/libz.so.1.2.3

$ rpm -ql zlib-devel| grep -w so | xargs ls -ld
lrwxrwxrwx 1 root root 23 13. Jan 04:51 /usr/lib/libz.so -> ../../lib/libz.so.1.2.3
Comment 9 Bob Relyea 2008-02-21 16:49:25 EST
> Bob, do you think Thomas's proposal is good?

yes.

> nss-devel has libcrmf.a 

The users of libcrmf.a are pretty small. It would be safe 
> nss-pkcs11-devel has libnssb.a and libbssckfw.a

nss-pkcs11-devel should have it's own pkg-config. Applications that use these
will not like with any of the NSS shared libraries.

> This sounds complicated.
> I think this proposal will not work as soon as you have an application that
> wants to link with both .so files and a .a file (like PSM).

I'm particularly interest in those packages that just need nss3 or just need
ssl3/nss3.

There is a hierarchy, so it's not as complicated as it sounds. For instance, all
users of libcrmf.a would automatically need the rest of NSS (at least nss3 and
smime3) anyway. In that case I would say 5) would be include all the libraries.

If we included some of the libraries used for nss-tools, they should probably
include their own pkg-config...

bob
Comment 10 Tomas Mraz 2008-02-21 17:31:13 EST
(In reply to comment #7)
> I like this proposal.
> I think you want that nss-config and pkg-config point to /usr/lib(64).
> (they currently point to /lib(64))
Of course.
Comment 11 Kai Engert (:kaie) (on vacation) 2008-02-22 12:54:38 EST
Adding Chris and Martin to make sure you're aware of this change in rawhide. If
something goes wrong, please let me know. Ideally you won't notice the change.
Comment 12 Kai Engert (:kaie) (on vacation) 2008-02-22 14:53:11 EST
New packages:

nss-3.11.99.4-1.fc9
nspr-4.7.0.99.1-1.fc9

I hope they are in the buildroot already, maybe it'll take another hour or so.

Rob, could you please try if this works for you?

Comment 13 Bug Zapper 2008-05-13 23:42:26 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 14 Matt Domsch 2008-07-08 00:46:37 EDT
builds as of 2008-07-03, version 3.12.0.3-3.fc10.

Note You need to log in before you can comment on or make changes to this bug.