The real pain is the that cfengine requires a non-system version of db
(and libcrypto?) which need to be linked statically because `cfexecd
-L' isn't useful, since cfexecd links them itself. You either risk
distributing binaries which won't load and break the client, or you're
statically linked against an openssl library that may get a security
alert.
I have no idea what this means. Cfengine certainly does not require a
"non-system" version of db or lib crypto. They do not need to be
statically linked. What kind of nonsense is this?
I wouldn't call this complete nonsense (maybe just incomplete
nonsense). I think that all Dave Love means is that the BerkeleyDB is not
part of the default distribution for most sysV-like Unixes. (It IS part of
the standard BSD distributions, I think.)
Does the cfexecd program need to use any code from the BerkeleyDB
libraries in order to act as a wrapper for launching cfagent or other
cfengine programs? If it does and these libraries are in a non-standard
place, then cfexecd would not be able to tell itself about that
non-standard location via its "-L" switch. I think that's what Dave means
by "cfexecd -L isn't useful", though I'm not prepared to agree at this
point, not having walked through the source.
Yours,
Kurt Reimer
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine
