Bug#139320: dpkg: dpkg-deb does not dynamically link libz

Thu, 21 Mar 2002 04:19:56 -0600 

Package: dpkg
Version: 1.9.20
Severity: normal

/usr/bin/dpkg-deb links with libz statically which is a waste of space
with no performance benefit (sometimes faster, sometimes slower, but
never significantly slower or faster) and leads to extra maintenance and
unnecessary added security risk (see security bug #137931: dpkg: dpkg-deb
includes static zlib code). 

When you add the overhead of dpkg and apt, any performance difference
here is completely swamped.  (It actually seems like shared is faster on
average in my system, but it could be slower on someone elses.)

Also, given the dependencies on c++ and ncurses already, adding libz which
dozens of packages depend on seems like a trivial addition.

I compiled a version of dpkg-deb that links with libz dynamically to verify
that there was no performance degradation.

dpkg-deb

real    0m17.503s
user    0m13.920s
sys     0m3.580s

dpkg-deb.shared

real    0m17.435s
user    0m13.980s
sys     0m3.450s

Here is the test script I used:

------------------------------------------------------------------------
#!/bin/sh

f="awstats_3.2-10_all.deb netpbm_2%3a9.20-7_i386.deb thttpd_2.21b-9_i386.deb"

ls -Slr $f

for version in dpkg-deb dpkg-deb.shared; do

time sh <<EOF
        echo $version
        for repeat in 1 2 3 4 5; do
            for deb in $f; do
                $version -c \$deb >/dev/null
            done
        done
EOF

done
------------------------------------------------------------------------

$ ldd `which dpkg-deb.shared`
        libz.so.1 => /usr/lib/libz.so.1 (0x40019000)
        libc.so.6 => /lib/libc.so.6 (0x40028000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
$ ldd `which dpkg-deb`
        libc.so.6 => /lib/libc.so.6 (0x40019000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Okay, space savings?

$ ls -al /usr/bin/dpkg-deb*
-rwxr-xr-x    1 root     root       112040 Mar 17 01:54 /usr/bin/dpkg-deb
-rwxr-xr-x    1 root     root        67484 Mar 21 02:05 /usr/bin/dpkg-deb.shared

-- System Information
Debian Release: 3.0
Kernel Version: Linux proton 2.2.20 #1 Wed Jan 9 15:44:45 PST 2002 i486 unknown

Versions of the packages dpkg depends on:
ii  libc6          2.2.5-3        GNU C Library: Shared libraries and Timezone
ii  libncurses5    5.2.20020112a- Shared libraries for terminal handling
ii  libstdc++2.10- 2.95.4-1       The GNU stdc++ library

Reply via email to