FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 04-02-2010, 03:30 PM
Andreas Radke
 
Default broken due to openssl and heimdal rebuilds

Am Thu, 01 Apr 2010 03:05:28 +0200
schrieb Pierre Schmitz <pierre@archlinux.de>:

> Hi all,
>
> this is a warning for [testing] users not to update until the upcoming
> openssl/heimdal rebuilds are done. This will break a lot of important
> packages. I am bootstrapping openssl and rebuild the most imporant
> packages like pacman atm. I'll send another mail to the openssl-1.0.0
> thread when you can start rebuilding.
>
> Greetings,
>
> Pierre
>

Most stuff seems usable again.

One question: Because I have to rebuild all OpenOffice packages anyways
I'd like to ask what you think about adding another rebuild cycle - ICU
4.4. http://www.archlinux.org/packages/extra/i686/icu/

Not too many packages seem to depend on it. Most time will be eaten by
OOo.

Objections?

-Andy
 
Old 04-02-2010, 04:59 PM
Pierre Schmitz
 
Default broken due to openssl and heimdal rebuilds

On Fri, 2 Apr 2010 17:30:33 +0200, Andreas Radke <a.radke@arcor.de> wrote:
> Am Thu, 01 Apr 2010 03:05:28 +0200
> schrieb Pierre Schmitz <pierre@archlinux.de>:
>
>> Hi all,
>>
>> this is a warning for [testing] users not to update until the upcoming
>> openssl/heimdal rebuilds are done. This will break a lot of important
>> packages. I am bootstrapping openssl and rebuild the most imporant
>> packages like pacman atm. I'll send another mail to the openssl-1.0.0
>> thread when you can start rebuilding.
>>
>> Greetings,
>>
>> Pierre
>>
>
> Most stuff seems usable again.
>
> One question: Because I have to rebuild all OpenOffice packages anyways
> I'd like to ask what you think about adding another rebuild cycle - ICU
> 4.4. http://www.archlinux.org/packages/extra/i686/icu/
>
> Not too many packages seem to depend on it. Most time will be eaten by
> OOo.
>
> Objections?
>
> -Andy

Could you send me the changed so names or just the output of pacman -Qlp
<pkg_ of the new pacakge so I can see which packages would be affected?
(and to create a todo list to make the "big move" easier)

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 04-06-2010, 08:15 PM
Thomas Bächler
 
Default broken due to openssl and heimdal rebuilds

Am 01.04.2010 03:05, schrieb Pierre Schmitz:
> Hi all,
>
> this is a warning for [testing] users not to update until the upcoming
> openssl/heimdal rebuilds are done. This will break a lot of important
> packages. I am bootstrapping openssl and rebuild the most imporant packages
> like pacman atm. I'll send another mail to the openssl-1.0.0 thread when
> you can start rebuilding.

Upgrading still fails: pacman itself works after the small upgrade. But
all post-install scripts in the -Syu that use vercmp are broken. For
example, kernel26 post-install failed on a -Syu for me.
 
Old 04-06-2010, 08:34 PM
Thomas Bächler
 
Default broken due to openssl and heimdal rebuilds

Am 06.04.2010 22:22, schrieb Dan McGee:
> I'm trying to figure out how this happens. pacman and vercmp should
> have idential link libraries, so if one works, the other should (and
> if one doesn't, the other shouldn't).

I am also confused. This might help:

[2010-04-06 21:20] upgraded kernel26 (2.6.33.1-1 -> 2.6.33.2-1)
[2010-04-06 21:20] upgraded kernel26-headers (2.6.33.1-1 -> 2.6.33.2-1)
[2010-04-06 21:20] upgraded lib32-e2fsprogs (1.41.10-1 -> 1.41.11-1)
[2010-04-06 21:20] upgraded libart-lgpl (2.3.20-1 -> 2.3.21-1)
[2010-04-06 21:20] upgraded libfetch (2.30-1 -> 2.30-3)

The vercmp trouble was at kernel26 post-install.

> Did you have pacman in SyncFirst, and did you do that?

I have and I did.
 
Old 04-07-2010, 03:36 AM
Pierre Schmitz
 
Default broken due to openssl and heimdal rebuilds

On Tue, 6 Apr 2010 15:22:02 -0500, Dan McGee <dpmcgee@gmail.com> wrote:
> On Tue, Apr 6, 2010 at 3:15 PM, Thomas Bächler <thomas@archlinux.org>
>> Upgrading still fails: pacman itself works after the small upgrade. But
>> all post-install scripts in the -Syu that use vercmp are broken. For
>> example, kernel26 post-install failed on a -Syu for me.
>
> I'm trying to figure out how this happens. pacman and vercmp should
> have idential link libraries, so if one works, the other should (and
> if one doesn't, the other shouldn't).

I was able to reproduce this problem. Here it is:

The first run of pacman -Syu will just update pacman which does not
directly link to openssl. So the system will still be fine. The second run
will update everything else. During this update openssl is updated. The
prbolem is that libarchive and libfetch are not updated right after the new
version of openssl is installed. This means that all install scripts
calling vercmp will fail until the new libs are installed.

This is some kind of general problem: the system may be inconsistent
during the process of updating and install scripts will fail. In this case
we need to make sure that libarchive and libfetch are updated right after
openssl. This might be solved by increasing the versioned deps of pacman to
libarchive/libfetch to their latest versions which should pull in the new
openssl. The problem is that doing so the system is inconsistent/broken
after the first -Syu run.

@Dan: you told me it might be possible to just include the needed object
files of libalpm into vercmp, so that it does not link against it anymore;
maybe that would be a more elegant solution. (or include the needed code on
source level? no idea how this was implemented)

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 04-07-2010, 04:42 AM
Pierre Schmitz
 
Default broken due to openssl and heimdal rebuilds

On Tue, 6 Apr 2010 23:04:32 -0500, Dan McGee <dpmcgee@gmail.com> wrote:
> On Tue, Apr 6, 2010 at 10:36 PM, Pierre Schmitz <pierre@archlinux.de>
>> This is some kind of general problem: the system may be inconsistent
>> during the process of updating and install scripts will fail. In this
>> case
>> we need to make sure that libarchive and libfetch are updated right
after
>> openssl. This might be solved by increasing the versioned deps of
pacman
>> to
>> libarchive/libfetch to their latest versions which should pull in the
new
>> openssl. The problem is that doing so the system is inconsistent/broken
>> after the first -Syu run.
>
> All makes sense now. I'm just afraid of the inconsistent step you
> noted above, as I know I have caught myself in it before and it is
> quite painful to be in.

I just tested what happens if I change pacman depends to
"'libarchive>=2.8.3-3' 'libfetch>=2.30-3'". You need to run -Syu twice but
everything works fine. The remaining problem is that if you use anything
else than libfetch to get your packages (e.g. wget or curl) you wont be
able to update because after the first run those apps are broken.

But I still don't see any chance to solve this in a smooth way. So I would
change the pacman package that way and post a news item and ask people to
run -Syu twice and tell them that external download programs cannot be
used.

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 04-07-2010, 04:55 AM
Pierre Schmitz
 
Default broken due to openssl and heimdal rebuilds

On Wed, 07 Apr 2010 14:49:19 +1000, "Allan McRae" <allan@archlinux.org>
wrote:
> External downloaders can be used. It just has to be done as:
> pacman -Syuw
> pacman -Su

So SyncFirst is ignored when using -w? That's even better. So, one need to
update in three simple steps then: :P
pacman -Syuw
pacman -Su
pacman -Su

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 04-07-2010, 01:47 PM
Florian Pritz
 
Default broken due to openssl and heimdal rebuilds

On 07.04.2010 06:42, Pierre Schmitz wrote:
> I just tested what happens if I change pacman depends to
> "'libarchive>=2.8.3-3' 'libfetch>=2.30-3'".

Maybe start using sodeps to generate those dependencies? libfetch
(doesn't have a soname with version btw) would depend on the new openssl
libs and pacman should take care of the order.

Have you already checked the patch Allan?

--
Florian Pritz -- {flo,bluewind}@server-speed.net
 
Old 04-07-2010, 01:50 PM
Pierre Schmitz
 
Default broken due to openssl and heimdal rebuilds

On Wed, 7 Apr 2010 06:42:29 -0500, Dan McGee <dpmcgee@gmail.com> wrote:
> Thus the reason I didn't want those deps in there, it gets way too
complex.
>
> When we roll this whole thing out, can we just post in the news that
> you should pay close attention to the output and likely will have to
> `pacman -S kernel26` (and anything else that errored) if you want to
> be sure things are working OK? Obviously not ideal. Especially now
> that we've tied a major kernel bump to this, hmm.

I tried it in my vm which was a little older; in that case nearly all
install scripts fail and you have to manually reinstall a lot of stuff. In
a worst case your system wont boot anymore. That's why I would prefer the
method I mentioned.

--
Pierre Schmitz, https://users.archlinux.de/~pierre
 
Old 04-07-2010, 02:10 PM
Allan McRae
 
Default broken due to openssl and heimdal rebuilds

On 07/04/10 23:47, Florian Pritz wrote:

On 07.04.2010 06:42, Pierre Schmitz wrote:

I just tested what happens if I change pacman depends to
"'libarchive>=2.8.3-3' 'libfetch>=2.30-3'".


Maybe start using sodeps to generate those dependencies? libfetch
(doesn't have a soname with version btw) would depend on the new openssl
libs and pacman should take care of the order.


This would really not help here. Pacman does not directly link openssl,
but does through libarchive and libfetch. Adding versioned libarchive
and libfetch to pacman's deps and using sodeps on openssl in those
packages would prevent pacman's SyncFirst from working.


This is a case of:
versioned deps in pacman for lib{archive,fetch} = bad as that pulls in
openssl and breaks your system until you do the next update


no versioned deps in pacman for lib{archive,fetch} = bad as between the
openssl and lib{archive,fetch} updates vercmp is broken and so is
install files.



Have you already checked the patch Allan?


Yes... but my comments were never addressed:
http://mailman.archlinux.org/pipermail/pacman-dev/2010-February/010406.html
(points #1 and #2)

http://mailman.archlinux.org/pipermail/pacman-dev/2010-February/010421.html
http://mailman.archlinux.org/pipermail/pacman-dev/2010-February/010426.html

Allan
 

Thread Tools




All times are GMT. The time now is 04:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org