In order to make even smaller Fedora base images, it was proposed to
switch
libcurl back to OpenSSL. The Fedora Crypto Consolidation project, which
motivated the switch of libcurl from OpenSSL to NSS ten years ago, is now
deprecated and libcurl is the only package that pulls NSS as its dependency
into the Fedora base image. Hence, by switching libcurl back to OpenSSL, we
could create Fedora base image that contains fewer crypto libraries inside.
Additional proposal that would help to reduce the size of base image is the
libcurl-minimal subpackage, which can be installed installed as a lightweight
replacement of the libcurl package, with smaller size and fewer dependencies.
The libcurl-minimal subpackage was already proposed on this mailing list one
year ago but at that time not many people knew that it would be useful today:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
I am CCing the actual requestors so they can fight for these proposals.
A proof of concept is available in the private-kdudka-libcurl-minimal branch:
http://pkgs.fedoraproject.org/cgit/rpms/curl.git/log/?h=private-kdudka-li...
I have also prepared Copr repositories for f24+:
https://copr.fedorainfracloud.org/coprs/kdudka/curl-minimal/
Any feedback is welcome!
This has the potential to wreak havoc with freeIPA and certmonger. How
much so won't be known until someone tries the updated builds.
rob