[Spice-devel] libcacard: linking with too many libs

Fri Oct 9 04:11:32 PDT 2015

Hi

----- Original Message -----
> Hello.
> 
> I tried to package libcacard, and come across a small thing.

btw, there is a bug for
> The library is uselessly linked with too many libs
> from the nss family, namely, the following libs are
> not needed:
> 
> libplds4.so libplc4.so libssl3.so libsmime3.so libnssutil3.so
> 
> (only libnss3.so is actually needed, it seems, maybe also
> libnspr4.so).
> 
> I don't know how easy it will be to fix this, since it appears
> to be libnss bug, its pkg-config file does not let to choose a
> subset of all libnss functionality to be queried.
> 
> Maybe --as-needed linker flag will help, but unfortunately it
> badly iteracts with libtool, -- even when I make with
> CC="gcc -Wl,--as-needed", libtool puts all the objects and libs
> BETWEEN "gcc" and "-Wl,--as-needed", so --as-needed does not
> work.
> 

On f22, LDFLAGS="-Wl,--as-needed" works with vscclient, but not with the library. If I pass it manually myself, I can save 3 libraries (on 17).

> On a related note, vscclient is linked with all the same libs,
> even when it does not actually use any of them.  For this binary,
> separate list of libs should be used in the Makefile, namely,
> it only needs glib and libcacard itself, not nss libs.

That's easy to fix, but ldd will report the same number of library as the cacard library.

vscclient_LDADD = libcacard.la $(CACARD_LIBS) $(GTHREAD_LIBS)
+vscclient_LDADD = libcacard.la $(GTHREAD_LIBS)

> This will require re-making src/Makefile.am to be the real thing,
> not the git.mak as it is now.

re-making src/Makefile.am? how is this going to help?

> Again, it might be possible to use --as-needed here.

Debian has some patches to fix that, but really, to save 3 libraries that are not used I don't think it changes much here.

> And on a general note, can we avoid nss libs altogether?
> For example, qemu now links amost all crypto libs out there,
> it uses (directly or indirectly) libssl, gnutls and nss.
> From those, nss is only used in libcacard, maybe it is
> easy to switch to one of the other implementations?

I don't know other pkcs#11 library. But if such patch was proposed, I think it would be acceptable. 