Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#61864 - openssl: add static libraries

Attached to Project: Arch Linux
Opened by silvio (silvio) - Tuesday, 26 February 2019, 07:44 GMT
Last edited by Eli Schwartz (eschwartz) - Tuesday, 26 February 2019, 14:41 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


It would be a nice to have the latest openssl static libraries useable on the system. Tools like oclint needs static libraries for compilation.
A aur package makes no sense because openssl is a security related librariy and should be the same as the shared file.

See attached patch.
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Tuesday, 26 February 2019, 14:41 GMT
Reason for closing:  Won't implement
Additional comments about closing:  staticlibs are more or less automatically "no", well-behaved applications should not care how they are linked.
Comment by Allan McRae (Allan) - Tuesday, 26 February 2019, 08:29 GMT
Being a security related library is the exact reason not to statically link to it.
Comment by Eli Schwartz (eschwartz) - Tuesday, 26 February 2019, 14:41 GMT
Arch policy is that applications in the official repositories must use dynamic libraries wherever possible or reasonable.

Please patch the oclint CMakeLists.txt to link against the system openssl rather than using FIND_LIBRARY(SSL_STATIC_LIB NAMES libssl.a)

We will not violate our security policy for this extremely weak rationale -- rather we will pat ourselves on the back because our security policy caught the bad actor and shone a spotlight on its behavior.

Feel free to ask them to back out of this extremely ill-advised change: