FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 05-28-2008, 11:13 PM
Marius Mauch
 
Default RFC: Should preserve-libs be enabled by default?

As portage-2.2 is about to be unmasked into ~arch soon (there is one
weird bug to solve before) it's time to ask for some input on one of
the important new features, FEATURES=preserve-libs.

(if you're already familiar with it you can skip this paragraph)
Simply said, when this feature is enabled portage keeps track of all
installed libraries and binaries linked against them, and if a package
upgrade would remove a library that's still in use portage will keep
the library around, owned by the new version and also registered in a
separate file. There is also an internal package set that can be used
to rebuild all packages linked against libraries preserved in this way,
and the user is notified after each emerge operation that he should do
that (the example is from an expat downgrade in case you wonder about
the versions):
!!! existing preserved libs:
>>> package: dev-libs/expat-1.95.8
* - /usr/lib64/libexpat.so.1
* - /usr/lib64/libexpat.so.1.5.2
Use emerge @preserved-rebuild to rebuild packages using these libraries

The purpose of this is to keep the system operational after library
upgrades until all affected packages could be rebuilt and to simplify
the process, not to avoid the rebuilds.

Now the question is if this behavior should be enabled by default?

In the existing prereleases it has been enabled to get some real-world
testing, and it's been quite effective, though there are still a few
issues to be worked out (e.g. if libraries are moved between packages).
And no doubt a few more bugs will turn up over time.
Also it is not going to be a perfect solution against all runtime link
errors, but if enabled it should eliminate the need for revdep-rebuild
in most cases.
One concern raised by some people is that it might cause old libraries
with security issues to stay on the system for eternity even though
the package was upgraded, and eventually be preferred by new builds.
I can't rule this out completely but thinks it's very unlikely, as
preserved libraries are specially tracked and the user is notified
about their existance after every emerge operation (similar to glep42
news). And new builds shouldn't find them as the unversioned .so
symlinks ar going to point to the current versions.
So personally I'm not too worried about this concern becoming reality,
but I can understand if others are.

So, do you think it should be enabled by default?

Marius

PS: Obviously, if you haven't tested portage-2.2 yet, now would be a
good time.

--
Public Key at http://www.genone.de/info/gpg-key.pub

In the beginning, there was nothing. And God said, 'Let there be
Light.' And there was still nothing, but you could see a bit better.
 
Old 05-29-2008, 04:48 AM
Ryan Hill
 
Default RFC: Should preserve-libs be enabled by default?

On Thu, 29 May 2008 01:13:16 +0200
Marius Mauch <genone@gentoo.org> wrote:

> So, do you think it should be enabled by default?

Yes please. I haven't had any problems in the couple of months
i've been using it.


--
fonts, gcc-porting, by design, by neglect
mips, treecleaner, for a fact or just for effect
wxwidgets @ gentoo EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662
 
Old 05-29-2008, 05:14 AM
Donnie Berkholz
 
Default RFC: Should preserve-libs be enabled by default?

On 01:13 Thu 29 May , Marius Mauch wrote:
> One concern raised by some people is that it might cause old libraries
> with security issues to stay on the system for eternity even though
> the package was upgraded, and eventually be preferred by new builds.
> I can't rule this out completely but thinks it's very unlikely, as
> preserved libraries are specially tracked and the user is notified
> about their existance after every emerge operation (similar to glep42
> news).

Part of this should be addressable by keeping track of the version that
installed them and checking it against the distributed GLSAs...

Thanks,
Donnie
--
gentoo-dev@lists.gentoo.org mailing list
 
Old 05-29-2008, 06:54 AM
Rémi Cardona
 
Default RFC: Should preserve-libs be enabled by default?

Marius Mauch a écrit :

So, do you think it should be enabled by default?


Does portage have a way to report which libraries it is keeping around
because of preserve-libs ? If there's an easy way to figure that out,
then enabling it by default is a very sane and sound idea.


Cheers,

Rémi
--
gentoo-dev@lists.gentoo.org mailing list
 
Old 05-29-2008, 07:55 AM
Fabian Groffen
 
Default RFC: Should preserve-libs be enabled by default?

On 29-05-2008 08:54:48 +0200, Rémi Cardona wrote:
> Marius Mauch a écrit :
>> So, do you think it should be enabled by default?
>
> Does portage have a way to report which libraries it is keeping around
> because of preserve-libs ? If there's an easy way to figure that out,
> then enabling it by default is a very sane and sound idea.

It does so after every merge IIRC, and you can also find them in a file
somewhere.


--
Fabian Groffen
Gentoo on a different level
--
gentoo-dev@lists.gentoo.org mailing list
 
Old 05-29-2008, 08:28 AM
Mike Auty
 
Default RFC: Should preserve-libs be enabled by default?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marius Mauch wrote:
| The purpose of this is to keep the system operational after library
| upgrades until all affected packages could be rebuilt and to simplify
| the process, not to avoid the rebuilds.

I couldn't find it mentioned in your email, but if portage is
effectively doing reference counts, what happens when its reference
count gets to 0? Once no ebuilds rely on the old library is it removed
automatically, or do the "you need to rebuild these" message just go away?

Is there a way to have portage delete the libraries once it's sure
they're no longer necessary? If so, is that done by rebuilding the
owning package itself, or by editing the owning pacakge's contents and
removing the old library?

Does @preserved-rebuild contain just the affected packages, or the
package containing the old library as well? (i.e. Does an "emerge
@preserved-rebuild" ensure that the old library will no longer exist on
your system, or not?)

Basically, if I can safely replace "revdep-rebuild" with "emerge
@preserved-rebuild" then I'd be happy to keep it enabled. If it's going
to leave cruft on the system (or then require manual rebuilds of
packages containing preserved libraries to clear out the cruft) then I'd
personally be inclined to turn it off and stick with revdep-rebuild...

Mike 5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkg+aSAACgkQu7rWomwgFXoR2ACeJnf+J/pd/GEEh5Ds/Q80sjOR
vIkAoKEyLD2lTGfehoSoYLP6pH/R++2J
=0sv1
-----END PGP SIGNATURE-----
--
gentoo-dev@lists.gentoo.org mailing list
 
Old 05-29-2008, 09:02 AM
 
Default RFC: Should preserve-libs be enabled by default?

Marius Mauch <genone@gentoo.org> writes:

> Also it is not going to be a perfect solution against all runtime link
> errors, but if enabled it should eliminate the need for revdep-rebuild
> in most cases.

I'm afraid that it will turn, for complex libraries like libexpat and
users not using --as-needed, the message telling you the program cannot
be started with subtle crashes for symbol collision.

preserve-libs would be quite perfect if all libraries out there used
versioned symbol, but this is far from true (and some systems Gentoo
runs on don't even consider versioned symbol to begin with).

Example at hand? When the libexpat transition started, the choice of
keeling .so.0 around with .so.1 was discarded right away because:

- library libfoo links to libexpat;
- program bar links to libfoo;
- user is not using --as-needed, so bar has a NEEDED against both libfoo
and libexpat;
- user rebuilds libfoo, but not bar; or bar and not libfoo, the result
is the same;
- KABOOM! symbol collision and bar crashes.

As much as we want preserve-libs to be an all-curing magic, it's
not. When you need to replace a library you need to do so _for all its
users at once_, if you allow it to be gradually you're opening the
hellgate of symbol collision.

My solution would be to disallow _building_ anything that is or depends
directly or indirectly on a package on the set until it is removed, or
at the request of merging "mickeymouse", depending on "bar", re-emerging
libfoo first, and bar if the user is not using --as-needed (checking the
NEEDED lines).

With all due respect to everybody, the right course of action here has
to be selected by people who knows how the runtime linker works, symbol
collision and all the rest, as that's what's at stake here.

--
Diego "Flameeyes" Pettenò
http://blog.flameeyes.eu/
 
Old 05-29-2008, 02:39 PM
Arfrever Frehtes Taifersar Arahesis
 
Default RFC: Should preserve-libs be enabled by default?

2008-05-29 01:13:16 Marius Mauch napisał(a):
> One concern raised by some people is that it might cause old libraries
> with security issues to stay on the system for eternity even though
> the package was upgraded, and eventually be preferred by new builds.

This shouldn't be a problem, because unneeded preserved libraries are
automatically deleted.

> So, do you think it should be enabled by default?

Yes.

--
Arfrever Frehtes Taifersar Arahesis
 
Old 05-29-2008, 02:40 PM
Arfrever Frehtes Taifersar Arahesis
 
Default RFC: Should preserve-libs be enabled by default?

2008-05-29 08:54:48 Rémi Cardona napisał(a):
> Does portage have a way to report which libraries it is keeping around
> because of preserve-libs ?

portageq list_preserved_libs /

--
Arfrever Frehtes Taifersar Arahesis
 
Old 05-29-2008, 05:30 PM
Marius Mauch
 
Default RFC: Should preserve-libs be enabled by default?

On Thu, 29 May 2008 09:28:16 +0100
Mike Auty <ikelos@gentoo.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Marius Mauch wrote:
> | The purpose of this is to keep the system operational after library
> | upgrades until all affected packages could be rebuilt and to
> | simplify the process, not to avoid the rebuilds.
>
> I couldn't find it mentioned in your email, but if portage is
> effectively doing reference counts, what happens when its reference
> count gets to 0? Once no ebuilds rely on the old library is it
> removed automatically, or do the "you need to rebuild these" message
> just go away?

They are removed automatically.

Marius
--
gentoo-dev@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 01:25 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org