Static linking

RB aoz.syn at gmail.com
Thu Apr 24 21:26:06 CEST 2008 

Two-for-one - hope you guys don't mind.

On 4/24/08, Gilles Espinasse <g.esp at free.fr> wrote:
> Did you need the fancy v2 features on a preboot environment?
> Is not 1.4 enought for that?
I really only need one feature - decryption, but am trying to make a
generalized, long-term addition to Gentoo's genkernel.  My purpose in
trying to use the latest version was threefold: to minimize end-user
complexity, avoid maintenance beyond normal upgrades, and head off
questions like, "why do I have to be behind the times to use this?"
Too many people (particularly on my favorite distro) have a [wrong]
impression that if we're not running today's SVN release, something is
wrong.

On 4/24/08, Werner Koch <wk at gnupg.org> wrote:
> Do we?  Frankly, I even don't know how to disable that.
>From what I see, the '--enable-static' configuration argument and its
ilk were removed with gnupg-2.  My experiment with LDFLAGS has shown
that doesn't prevent static linking, but it's not explicitly supported
by the build process; you have to know what you're doing (which is
good, IMHO).

>  Anyway it does not make much sense to do so because you will have
>  several copies of the same libraies in activly in use.
Agreed and understood; I would rather have a unified init environment
myself, but don't have the private time right now to spend doing a
proper re-structure of the entire initrd build.  For the time being
I'm willing to stick with the existing standard of 'add a static
binary to extend genkernel' and sacrifice some init efficiency for
expediency.  Unless, of course, there exists some edge case particular
to gnupg that I don't know about, which is why I came to you guys.

>  For a preboot thing I would not suggest to use GnuPG-2, though.
If I may ask, then, what would you suggest?  My only real requirement
is to get away from storing unencrypted key material on-disk, unless
someone can make a good case that it provides no reasonable additional
security.  Overall, my goal is solely to improve key storage for
genkernel without excessively increasing user complexity, and am
willing to listen to suggestions on how to achieve that.

RB

More information about the Gnupg-devel mailing list