libxcb-xinerama0 Library required by bitcoin-qt about bitcoin HOT 7 CLOSED

Okay, thank you for your response on this. I see your points and also agree that btc core can't and shouldn't deal with os related graphics peculiarities. Just from a UX/security perspective, I was a bit surprised about it when first encountered. Maybe it could be made optional at some point or a more verbose error message can be printed. In any case, no big issue. I'll close this!

If you're concerned about trusting binaries installed by your OS' package manager, consider Gentoo. But fundamentally, unless you bootstrap your own C compiler from assembly, you're going to have to trust at least a compiler binary and the env to execute it as your root.

from bitcoin.

It's easily fixed by installing it from the repositories (apt install libxcb-xinerama0), however, for a security conscious person this is a bit unsatisfying.

It is expected:

from bitcoin.

@laanwj Does #29923 address this?

from bitcoin.

@laanwj Does #29923 address this?

No. That just removes our need to compile all the libs. Everything in Qt is still loaded at runtime.

from bitcoin.

@nimrare The short answer here is that there is no way around trusting your operating system's libraries. Even if all userspace things would be statically linked, you're still relying on your kernel for example. And it turns out that for interacting with graphics subsystems of your operating system, dynamic libraries are practically the only solution, as statically-linked ones would pretty much only work on the exact system they were compiled for.

from bitcoin.

@laanwj Does #29923 address this?

Potentially it could make the dependency on xcb-xinerama optional. There's only a few functions used from that library, for a specific purpose (multiple monitor support), if the library can't be loaded, it can be assumed that this functionality isn't needed. This does mean patching Qt though. Basically to set hasXinerama() to be false in that case.

)i've handled the xcb/wayland switch in that way--if X libraries can't be found, don't exit, but fail loading the XCB platform and go on to the next one

Edit: But given that you've already had to install X libraries on your system to be able to use X in the first place, the additional security risk of installing another component is negligible, i don't think this is really a pressing issue.

from bitcoin.

@sipa @laanwj Okay, thank you for your response on this. I see your points and also agree that btc core can't and shouldn't deal with os related graphics peculiarities. Just from a UX/security perspective, I was a bit surprised about it when first encountered. Maybe it could be made optional at some point or a more verbose error message can be printed. In any case, no big issue. I'll close this!

from bitcoin.