Bug#139320: marked as done (dpkg: dpkg-deb does not dynamically link libz)

[Debian Bug Tracking System]

Your message dated Thu, 21 Mar 2002 20:02:13 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#139320: dpkg: dpkg-deb does not dynamically link libz
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Mar 2002 10:15:55 +0000
>From [EMAIL PROTECTED] Thu Mar 21 04:15:55 2002
Return-path: <[EMAIL PROTECTED]>
Received: from adsl-216-103-211-240.dsl.snfc21.pacbell.net 
(proton.pathname.com) [216.103.211.240] 
        by master.debian.org with esmtp (Exim 3.12 1 (Debian))
        id 16nzbv-000454-00; Thu, 21 Mar 2002 04:15:55 -0600
Received: from quinlan by proton.pathname.com with local (Exim 3.34 #1 (Debian))
        id 16nzbf-0003Bk-00; Thu, 21 Mar 2002 02:15:39 -0800
From: Daniel Quinlan <[EMAIL PROTECTED]>
Subject: dpkg: dpkg-deb does not dynamically link libz
To: [EMAIL PROTECTED]
X-Mailer: bug 3.3.10.1
Message-Id: <[EMAIL PROTECTED]>
Date: Thu, 21 Mar 2002 02:15:39 -0800
Delivered-To: [EMAIL PROTECTED]

Package: dpkg
Version: 1.9.20
Severity: normal

/usr/bin/dpkg-deb links with libz statically which is a waste of space
with no performance benefit (sometimes faster, sometimes slower, but
never significantly slower or faster) and leads to extra maintenance and
unnecessary added security risk (see security bug #137931: dpkg: dpkg-deb
includes static zlib code). 

When you add the overhead of dpkg and apt, any performance difference
here is completely swamped.  (It actually seems like shared is faster on
average in my system, but it could be slower on someone elses.)

Also, given the dependencies on c++ and ncurses already, adding libz which
dozens of packages depend on seems like a trivial addition.

I compiled a version of dpkg-deb that links with libz dynamically to verify
that there was no performance degradation.

dpkg-deb

real    0m17.503s
user    0m13.920s
sys     0m3.580s

dpkg-deb.shared

real    0m17.435s
user    0m13.980s
sys     0m3.450s

Here is the test script I used:

------------------------------------------------------------------------
#!/bin/sh

f="awstats_3.2-10_all.deb netpbm_2%3a9.20-7_i386.deb thttpd_2.21b-9_i386.deb"

ls -Slr $f

for version in dpkg-deb dpkg-deb.shared; do

time sh <<EOF
        echo $version
        for repeat in 1 2 3 4 5; do
            for deb in $f; do
                $version -c \$deb >/dev/null
            done
        done
EOF

done
------------------------------------------------------------------------

$ ldd `which dpkg-deb.shared`
        libz.so.1 => /usr/lib/libz.so.1 (0x40019000)
        libc.so.6 => /lib/libc.so.6 (0x40028000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
$ ldd `which dpkg-deb`
        libc.so.6 => /lib/libc.so.6 (0x40019000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Okay, space savings?

$ ls -al /usr/bin/dpkg-deb*
-rwxr-xr-x    1 root     root       112040 Mar 17 01:54 /usr/bin/dpkg-deb
-rwxr-xr-x    1 root     root        67484 Mar 21 02:05 /usr/bin/dpkg-deb.shared

-- System Information
Debian Release: 3.0
Kernel Version: Linux proton 2.2.20 #1 Wed Jan 9 15:44:45 PST 2002 i486 unknown

Versions of the packages dpkg depends on:
ii  libc6          2.2.5-3        GNU C Library: Shared libraries and Timezone
ii  libncurses5    5.2.20020112a- Shared libraries for terminal handling
ii  libstdc++2.10- 2.95.4-1       The GNU stdc++ library

---------------------------------------
Received: (at 139320-done) by bugs.debian.org; 21 Mar 2002 19:02:17 +0000
>From [EMAIL PROTECTED] Thu Mar 21 13:02:17 2002
Return-path: <[EMAIL PROTECTED]>
Received: from cabal.xs4all.nl (mx1.wiggy.net) [213.84.101.140] 
([oxFVDhulUpyZJxB2zwZeorO4Sf1X78NK])
        by master.debian.org with esmtp (Exim 3.12 1 (Debian))
        id 16o7pJ-00078F-00; Thu, 21 Mar 2002 13:02:17 -0600
Received: from wichert by mx1.wiggy.net with local (Exim 3.35 #1 (Debian))
        id 16o7pF-0004jL-00; Thu, 21 Mar 2002 20:02:13 +0100
Date: Thu, 21 Mar 2002 20:02:13 +0100
From: Wichert Akkerman <[EMAIL PROTECTED]>
To: Daniel Quinlan <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#139320: dpkg: dpkg-deb does not dynamically link libz
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.3.27i
Delivered-To: [EMAIL PROTECTED]

Previously Daniel Quinlan wrote:
> Also, given the dependencies on c++ and ncurses already, adding libz which
> dozens of packages depend on seems like a trivial addition.

The dependencies of dpkg itself are minimal and do not include c++ and
ncurses. The dpkg package currently still depends on those for dselect,
but that will change post woody when dselect will be moved into its
own package.

This change was made on purpose to make sure that dpkg will be
useable on broken systems where libz might not be working correctly
and to make it easier to bootstrap a system.

Wichert.

-- 
  _________________________________________________________________
 /[EMAIL PROTECTED]         This space intentionally left occupied \
| [EMAIL PROTECTED]            http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |