James Carlson wrote:
The design issue is how to have a feature like this ("optional"
web-based package install) without making pkgadd depend directly on
the OpenSSL libraries. I think that there's room for useful work in
this area. It may be possible to decouple these two components in
such a way that the web features are present only when the optional
SFW components are installed, rather than just simply requiring them
to be installed at all times.
If I remember correctly pkgadd also uses OpenSSL for doing the
cryptographic verification of signed packages. Which isn't something
we currently use in the Solaris distribution but some OpenSolaris
distros or a later release of Solaris may choose to do so.
When this was first integrated into Solaris it *was* statically linked
but so many other things started needing OpenSSL that we started
shipping the dynamic libs and having people use that instead. This
also happened because parts of WAN Boot are in are in the ON
consolidation, and other parts are in the INSTALL consolidation. Since
we already needed to ship OpenSSL dynamic libs for other consumers (at
least two of which are in SFW) the correct thing to do was drop the
static private copy for libwanboot and use the dynamic one.
The problem with this is where do you stop ? Multiple versions of
libxml ? libc ? when is something *really* core OS versus something
people need multiple revisions off.
Ideally you should never need multiple binaries of core OS stuff because
they should be compatible going forwards. However stuff like OpenSSL
is known to be neither source or binary compatible in all versions and
has broken in "patch" releases in the past. It is relatively stable
though but it doesn't have the same commitment as say libc or libnsl.
Even then it there isn't actually a single stability we can give to
all of libc which is why we have per symbol versioning.
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
[email protected]
