> > That reminds me. We really should be installing Apache modules with
> > 'libtool --mode=install', because on some platforms that is _not_ just
> > a simple copy like you'd expect; sometimes it has to do other things.
[Philip Martin]
> We currently use Apache's apxs to install mod_dav_svn and
> mod_authz_svn and we leave it up to that script to invoke libtool as
> required.
Yes, well, how would apxs know anything about libtool? apxs just knows
there's a module at such-and-such path and it needs to be installed.
> Are you saying we should explictly invoke libtool? Does apxs do the
> wrong thing?
It certainly does the wrong thing in my Debian build, so I've had to
patch it to use 'libtool --mode=install' instead / in addition.
Say you build svn in /tmp/xyz. Then in order to make sure you can
_run_ your stuff without installing, at least on some platforms,
libtool arranges for executables and libraries to include all sorts of
paths like /tmp/xyz/subversion/libsvn_client in the default library
search path baked into the executable. (This is called the RPATH and
you can view it with 'objdump -p'.) When you 'make install', libtool
then _relinks_ everything to remove those RPATH references to /tmp/xyz.
This actually has security implications. If you build svn in /tmp/xyz,
install it system-wide, and a malicious user later creates their own
/tmp/xyz/subversion/libsvn_client with a trojaned library ... you don't
want the system svn to actually _use_ it.
Peter
Received on 2013-03-07 00:08:38 CET