packaging a static library

Michael Schwendt mschwendt at
Tue Dec 29 13:44:25 UTC 2009

On Tue, 29 Dec 2009 10:52:54 +0000, Daniel wrote:

> Hi,
> OLPC's security system uses libtomcrypt / tomsfastmath, both at the
> Linux level and the firmware level.
> OLPC has previously had a specific version of tomcrypt/tommath
> profesionally audited for security reasons. So we obviously want to
> stick with that version.
> A few packages we have in Fedora currently use this frozen, audited
> version - we do so by shipping duplicate copies of that source code
> within the individual packages, rather than linking against the dynamic
> systemwide equivalents.
> As we're now looking at making another package which uses yet another
> duplicate copy of this code base I'm wondering if we can do it better.
> Could I add a package, named olpc-bios-crypto-devel (a subpackage of the
> to-be-packaged olpc-bios-crypto), which installs the .a files for the
> audited libraries somewhere on the system?
> Then the individual components that rely on this library (e.g. bitfrost,
> olpc-contents, olpc-bios-crypto) would have a BuildRequires dependency
> on olpc-bios-crypto-devel and build against the 'systemwide' static .a
> library files.
> Or am I going too far against common packaging practice at this point?
> Any alternative suggestions?

There is


already. These guidelines explain how to name static library packages
and how to build-require them.

You didn't comment on those guidelines at all.

More information about the fedora-devel-list mailing list