Bug#375810: libssl and zlib1g
reopen 375810 thanks Hi Michael, On Tue, Jul 25, 2006 at 02:12:45PM +0200, Michael Ablassmeier wrote: libssl-dev, zlib1g-dev well, those libaries are interlib-dependencys by other libraries zabbix agent or zabbix server use (libldap_r for example depends on libgnutls and libz stuff). ldd follows interlib-dependencies using ld.so with a trace argument (it does load and link the binary), so it seems the zabbix binaries would make use of those libraries in their code, they do not. Both libssl-dev and zlib1g-dev are not used by any of the zabbix components in a direct way, so they do not need to be listed in the Build-Depends field.. Indirect dependencies are not followed by dpkg-shlibdeps (or at least it used to be this way). It seems that zabbix is explicitly checking for and linking with libz and libcrypto. Look at the logs: checking for compress in -lz... yes [...] checking for main in -lcrypto... yes [...] gcc -Wall -g -O2 -o zabbix_server [...] -lz [...] -lcrypto However (and this a more important fact that I overlooked), in the case of openssl it would be illegal to link a GPL program with it, since the OpenSSL developers added an advertising clausse that makes it incompatible. A Build-Conflicts should be present in order to avoid this from happening. Alternatively, you could link it with GnuTLS compat layer to see how it works out. -- Robert Millan ACK STORM, S.L. - http://www.ackstorm.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
hi robert, On Thu, Jul 27, 2006 at 10:07:38AM +0200, Robert Millan [ackstorm] wrote: It seems that zabbix is explicitly checking for and linking with libz and libcrypto. Look at the logs: checking for compress in -lz... yes [...] checking for main in -lcrypto... yes [...] gcc -Wall -g -O2 -o zabbix_server [...] -lz [...] -lcrypto well, i have just had a look at other packages build-depending on libsnmp-dev, and all ive had a look at add -lcrypto to the linking flags on build time, as this seems to bee needed when linking against snmp stuff: from ifstat's configure.in: # Setting to be able to force linking with -lcrypto.. from netmgr's configure.in: # Net/UCD-SNMP includes v3 support and insists on crypto unless # compiled --without-openssl However (and this a more important fact that I overlooked), in the case of openssl it would be illegal to link a GPL program with it, since the OpenSSL developers added an advertising clausse that makes it incompatible. A Build-Conflicts should be present in order to avoid this from happening. Alternatively, you could link it with GnuTLS compat layer to see how it works out. *sight*, i have feared this might be the case. However, i dont quite understand the case here. Zabbix does not use any of the openssl headers or functions in its code and is nevertheless linking against libcrypto which is needed because libsnmp9-dev is linked against openssl. Fabio, what do you think about this? Should i start ask Alexei for permission about linking against openssl so we are on the safe side? bye, - michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
On Thu, Jul 27, 2006 at 10:50:05AM +0200, Michael Ablassmeier wrote: hi robert, On Thu, Jul 27, 2006 at 10:07:38AM +0200, Robert Millan [ackstorm] wrote: It seems that zabbix is explicitly checking for and linking with libz and libcrypto. Look at the logs: checking for compress in -lz... yes [...] checking for main in -lcrypto... yes [...] gcc -Wall -g -O2 -o zabbix_server [...] -lz [...] -lcrypto well, i have just had a look at other packages build-depending on libsnmp-dev, and all ive had a look at add -lcrypto to the linking flags on build time, as this seems to bee needed when linking against snmp stuff: from ifstat's configure.in: # Setting to be able to force linking with -lcrypto.. from netmgr's configure.in: # Net/UCD-SNMP includes v3 support and insists on crypto unless # compiled --without-openssl Since libsnmp is *already* linking with libz and libcrypto, if zabbix itself doesn't use them directly, there's no need for a direct link. However (and this a more important fact that I overlooked), in the case of openssl it would be illegal to link a GPL program with it, since the OpenSSL developers added an advertising clausse that makes it incompatible. A Build-Conflicts should be present in order to avoid this from happening. Alternatively, you could link it with GnuTLS compat layer to see how it works out. *sight*, i have feared this might be the case. However, i dont quite understand the case here. Zabbix does not use any of the openssl headers or functions in its code and is nevertheless linking against libcrypto which is needed because libsnmp9-dev is linked against openssl. Then it's not really needed. Just disable the -lcrypto flag (or add a Build-Conflicts). If you want an explanation for this non-sense, I think the most plausible one is that they enabled direct linking with libz/libcrypto as a workaround for static binary brokenness. I.e. you can't build a static zabbix without -lz -lcrypto Fabio, what do you think about this? Should i start ask Alexei for permission about linking against openssl so we are on the safe side? Unless Alexei recieved copyright assignment papers from all significant (~15 lines) contributions, he can't really (legaly) do that. -- Robert Millan ACK STORM, S.L. - http://www.ackstorm.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
hi again, On Thu, Jul 27, 2006 at 10:50:05AM +0200, Michael Ablassmeier wrote: However (and this a more important fact that I overlooked), in the case of openssl it would be illegal to link a GPL program with it, since the OpenSSL developers added an advertising clausse that makes it incompatible. A Build-Conflicts should be present in order to avoid this from happening. Alternatively, you could link it with GnuTLS compat layer to see how it works out. *sight*, i have feared this might be the case. However, i dont quite understand the case here. Zabbix does not use any of the openssl headers or functions in its code and is nevertheless linking against libcrypto which is needed because libsnmp9-dev is linked against openssl. Fabio, what do you think about this? Should i start ask Alexei for permission about linking against openssl so we are on the safe side? after some reading i have the strong impression this is needed (its basically the same problem as in #147430). I have mailed Upstream about this, lets hope he accepts to add an exception to his license. bye, - michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
On Thu, Jul 27, 2006 at 11:24:18AM +0200, Michael Ablassmeier wrote: On Thu, Jul 27, 2006 at 10:50:05AM +0200, Michael Ablassmeier wrote: However (and this a more important fact that I overlooked), in the case of openssl it would be illegal to link a GPL program with it, since the OpenSSL developers added an advertising clausse that makes it incompatible. A Build-Conflicts should be present in order to avoid this from happening. Alternatively, you could link it with GnuTLS compat layer to see how it works out. *sight*, i have feared this might be the case. However, i dont quite understand the case here. Zabbix does not use any of the openssl headers or functions in its code and is nevertheless linking against libcrypto which is needed because libsnmp9-dev is linked against openssl. Fabio, what do you think about this? Should i start ask Alexei for permission about linking against openssl so we are on the safe side? after some reading i have the strong impression this is needed (its basically the same problem as in #147430). I have mailed Upstream about this, lets hope he accepts to add an exception to his license. As said in the other mail, it's not clear that this relicensing would be legaly possible. Since there's no technical reason for linking with a library that is not being used, I wouldn't really bother about it. -- Robert Millan ACK STORM, S.L. - http://www.ackstorm.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
hi again, On Thu, Jul 27, 2006 at 11:32:04AM +0200, Robert Millan [ackstorm] wrote: Since libsnmp is *already* linking with libz and libcrypto, if zabbix itself doesn't use them directly, there's no need for a direct link. yep, removing the -lcrypto from LDFLAGS works as expected, libcrypto then becomes an indirect library dependency: dpkg-shlibdeps -O /usr/sbin/zabbix_server shlibs:Depends=libc6 (= 2.3.5-1), libldap2 (= 2.1.17-1), libmysqlclient15off (= 5.0.19-1), libsnmp9 (= 5.2.2), zlib1g (= 1:1.2.1) im going to speak with upstream about cleaning up configure (zabbix does run on quite alot systems like solaris and aix, maybe the linking is needed due to portability on other systems). bye, - michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
hi, On Thu, Jul 27, 2006 at 12:52:57PM +0200, Robert Millan [ackstorm] wrote: On Thu, Jul 27, 2006 at 12:40:11PM +0200, Michael Ablassmeier wrote: dpkg-shlibdeps -O /usr/sbin/zabbix_server shlibs:Depends=libc6 (= 2.3.5-1), libldap2 (= 2.1.17-1), libmysqlclient15off (= 5.0.19-1), libsnmp9 (= 5.2.2), zlib1g (= 1:1.2.1) Is libz needed, or it can be removed as well? seems to work well too: $ dpkg-shlibdeps -O /usr/sbin/zabbix_server shlibs:Depends=libc6 (= 2.3.5-1), libldap2 (= 2.1.17-1), libmysqlclient15off (= 5.0.19-1), libsnmp9 (= 5.2.2) ldd /usr/sbin/zabbix_server | grep libz libz.so.1 = /usr/lib/libz.so.1 (0x2ae68dfeb000) turns into an indirect library-dep too. bye, - michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
On Thu, Jul 27, 2006 at 12:40:11PM +0200, Michael Ablassmeier wrote: hi again, On Thu, Jul 27, 2006 at 11:32:04AM +0200, Robert Millan [ackstorm] wrote: Since libsnmp is *already* linking with libz and libcrypto, if zabbix itself doesn't use them directly, there's no need for a direct link. yep, removing the -lcrypto from LDFLAGS works as expected, libcrypto then becomes an indirect library dependency: dpkg-shlibdeps -O /usr/sbin/zabbix_server shlibs:Depends=libc6 (= 2.3.5-1), libldap2 (= 2.1.17-1), libmysqlclient15off (= 5.0.19-1), libsnmp9 (= 5.2.2), zlib1g (= 1:1.2.1) Is libz needed, or it can be removed as well? -- Robert Millan ACK STORM, S.L. - http://www.ackstorm.es -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
hi robert, On Wed, Jun 28, 2006 at 10:21:50AM +0200, Robert Millan [ackstorm] wrote: It seems zabbix links the server with libssl and zlib when these are available. I don't know what functionality depends on that, but I think it'd be a good idea to add them to Build-Depends: libssl-dev, zlib1g-dev well, those libaries are interlib-dependencys by other libraries zabbix agent or zabbix server use (libldap_r for example depends on libgnutls and libz stuff). ldd follows interlib-dependencies using ld.so with a trace argument (it does load and link the binary), so it seems the zabbix binaries would make use of those libraries in their code, they do not. Both libssl-dev and zlib1g-dev are not used by any of the zabbix components in a direct way, so they do not need to be listed in the Build-Depends field.. bye, - michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375810: libssl and zlib1g
Package: zabbix Severity: wishlist Tags: patch It seems zabbix links the server with libssl and zlib when these are available. I don't know what functionality depends on that, but I think it'd be a good idea to add them to Build-Depends: libssl-dev, zlib1g-dev -- Robert Millan [EMAIL PROTECTED] Departamento de Asistencia Técnica Oficina central: (+34) 902 888 345 Asistencia técnica: (+34) 902 888 408 ACK STORM, S.L. http://www.ackstorm.es Este mensaje electrónico contiene información de ACK STORM, S.L. que es privada y confidencial, siendo para el uso exclusivo de las personas o entidades arriba mencionadas. Si usted no es el destinatario señalado, le informamos que cualquier divulgación, copia, distribución o uso de los contenidos está prohibida. Si usted ha recibido este mensaje por error, por favor borre su contenido y comuníquenoslo en la dirección [EMAIL PROTECTED] -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]