[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Caution! Bad SONAME Provides

Michael Schwendt píše v Pá 22. 06. 2007 v 17:02 +0200:
> Broken dependencies are one thing, broken "Provides" another.
> The distribution includes an increasing number of packages, which don't
> filter their SONAME Provides when they include shared libraries in private
> paths.

Or they could use "libtool -module" to link the plugins, they are called
only libfoo.so then and this name is also in "Provides".

> This can have devastating effects in conjunction with yum's "shortest
> package name wins" during depsolving. For example:
>   libfoo  provides  libfoo.so.1   for %{_libdir}/libfoo.so.1
>   bar     provides  libfoo.so.1   for %{_libdir}/bar/plugins/libfoo.so.1.0.0
> Only for libfoo the automatic "Provides: libfoo.so.1" is sane. And even if
> "bar" extended the ld.so configuration, it would conflict with libfoo in
> what it provides.
> I've reported a few such cases. All the others look like packages provide
> sonames for plugin libraries without actually conflicting with any library
> package in the Fedora Collection. Still it's dangerous if multiple packages
> provide "libfoo.so" (versioned or not), but neither one puts the library
> into run-time linker's search path. Sooner or later such dependencies
> might explode at run-time.
> Reviewers ought to examine "Provides" carefully and require packagers to
> filter the Provides if necessary.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]