At Wed, 4 Sep 2024 22:51:14 +0000, David Holland <dholland-pkgtech%netbsd.org@localhost> wrote: Subject: Re: kerberos is the new sqlite: disable, force mit, or ? > > We really ought to figure out a proper general solution. I say this somewhat tongue in cheek, but one "solution" that works reasonably well, and ostensibly in more cases, is to simply static-link everything. :-) (binaries do get significantly bigger, but counter-intuitively they also get a _lot_ faster, especially at startup!) (I do still build as many packages as possible all fully static-linked, but all-told I don't build.) Static linking is unfortunately not a general solution though (some programs, especially dynamic programming systems like interpreters, insist very strongly on being able to dynamically load code and provide no ready-made option for static linking that code), but it is a "proper" solution! The one elephant in the room though with any solution is when there are multiple implementations of some library with subtle differences between them, I don't see any good solution to that problem, proper or not. I'm guessing the kerberos situation may be one of those. In my own experience I ran into this problem trying to get both the old ISC dhcpd, ntpd, and ISC named (BIND) static-linked into a single crunchgen binary for all of userland. Each used their own internal versions of libisc that happened to be fundamentally incompatible from the linker's perspective (multiple definitions of the same symbol in separate objects that all needed to be loaded). That problem could have been fixed but would have required a lot of patching of each and separation of a new common version of that library code. -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpEnVZHADime.pgp
Description: OpenPGP Digital Signature