Building Tools From Source
Ralf Corsepius
ralf.corsepius at rtems.org
Fri Sep 21 02:56:04 UTC 2012
On 09/21/2012 12:15 AM, Chris Johns wrote:
> Ralf Corsepius wrote:
>>
>> * The symlinks are a way to build these libraries from source while
>> building GCC. This means static linking and therefore is not
>> necessarily a good idea.
>>
>
> I think for RTEMS having these libraries built with GCC (statically
> linked or not) has advantages. The reasons statically linking can be
> considered harmful are well known [1] how-ever having these libraries
> that are an important part of the compiler controlled as part of the
> compiler's configuration set goes a long way to simplifying the
> verification and validation audit. If I was currently responsible for
> building a critical application I would like to be able to audit and
> provide to the V&V team the exact configuration used for testing,
> development and release. For me this means aways building the tools from
> source.
Well, that's the common argument proponents of static linkage come up
with. With my Fedora Packaging Committee hat on, I cannot avoid to call
this view "short-sighted" and "dangerous".
Apart from the technical problems static linkage can imply (It's often
not possible - Does not apply to gmp, mpfr and mpc), experience from
history tells, in longer terms, static linkage is guaranteed to be hit
by the downsides of static linkage by different extends.
Prominent example from history: The zlib incident ca. 15 years ago.
Then, zlib was suffering from security senitive bugs, which had gone
through unnoticed for a long time. Tnanks to the fact everybody used
statically linked zlibs, then, when these issues were finially noticed,
fixing this issue was very tedious for OS vendors and product vendors.
In other words, when vendor supplied libraries suffer from bugs, you're
better off using shared libs. I don't know if Apple or a trustworthy 3rd
party supplies binaries for gmp, mpfr, mpc on MacOS (I would be
surprised if this does not apply), you're likely better off using these
libraries and to apply shared linkage and not to use your "homegrown"
static versions.
Ralf
More information about the users
mailing list