Package: libnss3 Version: 2:3.26.2-1 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi, I’m maintaining chrony (an implemantation of NTP) in Debian which supports two different cryptographic toolkits to handle authentication of NTP packets, either NSS or LibTomCrypt. At the moment, I’m building chrony with the latter not because I have doubts against NSS but simply because the shared library (libfreebl3.so) that chrony needs at runtime is located in /usr/lib/$(DEB_HOST_MULTIARCH)/nss which would force me to pass that directory to the runtime library search path, something like: export DEB_LDFLAGS_MAINT_APPEND = -L/usr/lib/$(DEB_HOST_MULTIARCH)/nss -Wl,-rpath /usr/lib/$(DEB_HOST_MULTIARCH)/nss However, as stated by the “binary-or-shlib-defines-rpath” Lintian tag, binary or shared library in a Debian package should set RPATH is if it is linked to private shared libraries in the same package; which is not the case concerning chrony. So the obvious question now, would you be willing to move libfreebl3.so from its private directory? By the way, you might wonder about why I intend to move away from LibTomCrypt, after all it works and provides the necessary features to chrony. Well sure! *But* it hasn’t been updated upstream since many years and the project seems quite dormant. Also, I can’t find any recent security coverage concerning that toolkit, which is what worries me the most. Thanks for reading, Vincent knowing the - -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libnss3 depends on: ii libc6 2.24-5 ii libnspr4 2:4.12-6 ii libsqlite3-0 3.15.1-1 ii zlib1g 1:1.2.8.dfsg-2+b3 libnss3 recommends no packages. libnss3 suggests no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- iQJLBAEBCgA1FiEE/VQBlxWoTJPh4vI5ipzudlpxp4AFAlg7GgUXHHZpbmNlbnQu ZGViaWFuQGZyZWUuZnIACgkQipzudlpxp4Dx1hAAofedvw/hHDU0vnDsOFxyEp7W fdLM0oc0hmyIVUhIDB34vy8Grsc6Th1VpK+z5lNwul8DW5YJX2dy8u3BmaQ/CyNn Eppo4ZrNw/8ufWkTOOY7/7wsrXbwrC5xflJDllFPk4AB7nwSSZwcCWIzR1pkrr18 lZOWc6ElfwqMc+0+cGxpon1t1I0XXoHW7GUnzTzv0VTKMgMNe9alpMhVCTbmyOYr PGiC1Lfsz93pp9VWz4JJlPUBI3S30sj+n3hEMDhsdEHGKgxIeR5lU8jay3NlVexF nVC7jWjGWOQnb2M+OvZhNbhLkpXwa9TeyL4BY+xy+5IXLpzuq8EhBLBhsK9MpXxe stuh9FqSwhGWp/uO3EZfunqEUkew6p0qN2kUXF/BUIbhWCpeQs6NtfDiYhRso4Y3 l1/FoFef0DsKXAQ7yEDQD1bGlg1nDrqVgK4HPKmJB+RG/8xnpMpqck/IVLxTa0us r3gaR9Q6j5HLsCe9hpHXlTskUfA0cqqJmnE86SxnbxSwW0dOKrzcYg1KjWVnJiKW 0pb9c8Kfeq/wyVUnkGjfA7HfXRA9TVPMVtLHE+Ls3109HC1W8MeFOMy5JPy89wFA ojnGBtghupKpPlroIn0DpnwsdrlBYJg87akZ1w9tK/8KBAopu1Tj7qHs73Q7W8C6 +sV4f2JKp8ZWoHQ4ZGQ= =YGzz -----END PGP SIGNATURE-----
