Libraries linked to libunbound.so

[Paul Wouters]

On Fri, 19 Oct 2018, Robert Edmonds via Unbound-users wrote:

> Petr Mensik via Unbound-users wrote:
>> I am comaintainer of Fedora unbound package. I was considering enabling
>> --enable-systemd and --enable-dnstap in our unbound. It is somehow
>> invasive however. Our unbound package has library part (unbound-libs)
>> and daemon package (unbound) separated. Daemon requires library package.
>> Both systemd and dnstap are linked into library itself. But I think
>> clients using unbound library cannot take any advantage from them.
>>
>> I cannot find a reason why they should anyway. libunbound is popular for
>> DNSSEC verification. That is great. But is there a simple way to unbound
>> have only required dependencies like SSL, LZMA linked into? If I enable
>> those features, every package linking libunbound will depend also on
>> dnstap and systemd libraries. Is there any plan to move some libraries
>> only to unbound daemon? Is there reason why it is the current way? How
>> is it handled on other distributions?
>
> The unbound daemon binary itself actually does not dynamically link
> against libunbound. The libunbound library is needed for the
> unbound-anchor and unbound-host utilities.
>
> What I do in the Debian package is perform multiple builds. One build is
> for the unbound daemon and enables dnstap and other features. The
> libunbound artifacts from this build are discarded (if there were a
> --without-libunbound option I would use it for this build). Another
> build is for the library itself (configure --with-libunbound-only)
> without the extra add-ons.
>
> This allows libunbound, unbound-anchor, and unbound-host to avoid the
> extra dependencies required by dnstap. Only the "unbound" package that
> contains the daemon has the extra dnstap dependencies.

That looks like the right way of doing this. Thanks for the hints. We
will look at doing this for fedora/rhel too.

Paul