configure: Add unsupported --with-system-libsecp256k1 configure flag by luke-jr · Pull Request #5416 · bitcoin/bitcoin

luke-jr · 2014-12-03T11:28:07Z

No description provided.

sipa · 2014-12-04T00:18:27Z

I don't think makes sense without guarantee that even the API remains stable.

luke-jr · 2014-12-04T05:35:31Z

@sipa Lots of libraries don't have stable APIs... The only reason this is risky/questionable in our case is the consensus-critical nature of it, but since we maintain libsecp256k1 anyway (unlike LevelDB), that risk is IMO much smaller (the unstable API actually helps for this).

jonasschnelli · 2014-12-04T06:50:04Z

IMO: this critical library should not be linked against a system install lib. Security: control your stack.
Even if sipa/core-devs maintains it, it throws over the whole deterministic build system in case of critical crypto functions.

luke-jr · 2014-12-04T06:51:49Z

@jonasschnelli Obviously we won't be using this in the deterministic binaries. It's also disabled by default and has a big fat warning label on it.

jonasschnelli · 2014-12-04T07:02:02Z

@luke-jr right. My fault. This won't affect the gitian part, right. Oversaw the warning as well. Looks good.

laanwj · 2014-12-04T13:21:07Z

NACK. Same reasoning as for leveldb but even stronger. The consensus code
must stay self-contained.

sipa · 2014-12-04T13:27:20Z

@laanwj while I agree about not doing this, currently libsecp256k1 isn't used in consensus code.

laanwj · 2014-12-04T14:25:02Z

I know. But that was the plan right?

I don't see how that's an argument for this. You want to merge this and than remove it again once it is used for verification/consensus?

sipa · 2014-12-04T14:30:09Z

No, I don't want to merge this. I'm just saying that currently the consensus argument is not (yet) valid :)

jgarzik · 2014-12-04T14:32:57Z

-1 I don't see why this additional option should be supported.

paveljanik · 2014-12-04T14:36:34Z

I'd also prefer only one: --with-system-libs. This would allow distro packagers to make clean packages. But one such option is enough ;-)

jgarzik · 2014-12-04T14:42:42Z

@paveljanik Based on practical experience, that would be dangerous. Packagers would ignorantly enable that by default, without understanding the consequences.

paveljanik · 2014-12-04T14:54:38Z

I think it is better to teach packagers to do it properly than package glibc/openssl/boost inside Bitcoin Core. And of course, they will surely modify our code to use system libs anyway... Thus it is much cleaner to do that even in upstream where they all can share their code/changes.

paveljanik · 2014-12-04T15:06:31Z

... and we can sanity check the libs at the startup as we already do.

laanwj · 2014-12-04T15:09:43Z

Forget teaching packagers anything. There are so many distros that we'd have to start a packager training school. Just making it hard to do is a good signal IMO.

rebroad · 2016-03-01T16:12:34Z

@luke-jr, when would/should this option be used please?

configure: Add unsupported --with-system-libsecp256k1 configure flag

400969e

laanwj closed this Dec 4, 2014

bitcoin locked as resolved and limited conversation to collaborators Sep 8, 2021

Conversation

luke-jr commented Dec 3, 2014

Uh oh!

sipa commented Dec 4, 2014

Uh oh!

luke-jr commented Dec 4, 2014

Uh oh!

jonasschnelli commented Dec 4, 2014

Uh oh!

luke-jr commented Dec 4, 2014

Uh oh!

jonasschnelli commented Dec 4, 2014

Uh oh!

laanwj commented Dec 4, 2014

Uh oh!

sipa commented Dec 4, 2014

Uh oh!

laanwj commented Dec 4, 2014

Uh oh!

sipa commented Dec 4, 2014

Uh oh!

jgarzik commented Dec 4, 2014

Uh oh!

paveljanik commented Dec 4, 2014

Uh oh!

jgarzik commented Dec 4, 2014

Uh oh!

paveljanik commented Dec 4, 2014

Uh oh!

paveljanik commented Dec 4, 2014

Uh oh!

laanwj commented Dec 4, 2014

Uh oh!

rebroad commented Mar 1, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants