| 1 |
Hello, |
| 2 |
|
| 3 |
Since I've been working on the early gx86-multilib, we've been using |
| 4 |
'binary-only SLOTs' to support providing old versions of libraries for |
| 5 |
prebuilt software. I think this was a bad idea, and I'd like to suggest |
| 6 |
replacing it with something cleaner, for the reasons outlined below. |
| 7 |
|
| 8 |
|
| 9 |
Current state |
| 10 |
============= |
| 11 |
|
| 12 |
Let's take dev-libs/openssl as an example. This package has three SLOTs |
| 13 |
right now: |
| 14 |
|
| 15 |
0.9.8: 0.9.8z_p8-r1 |
| 16 |
1.0.0: 1.0.2q-r200 |
| 17 |
0 : 1.0.2q 1.1.0j 1.1.1a 1.1.1a-r1 |
| 18 |
|
| 19 |
The real package is provided as slot :0, that includes all libraries, |
| 20 |
headers and executables. Slots 0.9.8 and 1.0.0 only install .so.N* |
| 21 |
libraries that can be used to satisfy dependencies of prebuilt packages. |
| 22 |
|
| 23 |
|
| 24 |
Problems with the current state |
| 25 |
=============================== |
| 26 |
|
| 27 |
Firstly, it is confusing to developers. Let's analyze the dependencies |
| 28 |
on dev-libs/openssl. A quick grep reveals seven patterns. They are |
| 29 |
listed below, along with occurrence counts and percentages: |
| 30 |
|
| 31 |
dev-libs/openssl 278 7.8% } |
| 32 |
dev-libs/openssl:* 49 1.4% } 14.2% |
| 33 |
dev-libs/openssl:= 178 5.0% } |
| 34 |
dev-libs/openssl:0 660 18.6% |
| 35 |
dev-libs/openssl:0= 2381 67.0% |
| 36 |
dev-libs/openssl:0/0 4 0.1% |
| 37 |
dev-libs/openssl:0/1.1 2 0.1% |
| 38 |
|
| 39 |
(note that those are rough measures, not guaranteed to be precise) |
| 40 |
|
| 41 |
So apparently 14.2% of dependencies allow any slot of OpenSSL which is |
| 42 |
most likely wrong, and 1.4% explicitly claim that's what the package |
| 43 |
wants. This could be valid only if e.g. the package supported multiple |
| 44 |
ABIs of OpenSSL libraries and used dlopen() with a few possible SONAMEs |
| 45 |
which I honestly doubt any of those packages is doing. |
| 46 |
|
| 47 |
In other words, 14.2% of dependencies on OpenSSL are plain wrong, |
| 48 |
and 6.4% are wrong in a way that isn't going to be reported by repoman. |
| 49 |
1.4% of cases are using ':*' which probably indicates the developer |
| 50 |
decided to silence repoman without understanding how slot operators work |
| 51 |
which is a horrible thing from QA perspective. |
| 52 |
|
| 53 |
We also have a few cases that require specific OpenSSL subslot (e.g. |
| 54 |
forcing old version into :0 slot) but *none* actually using the binary |
| 55 |
compatibility slots. |
| 56 |
|
| 57 |
|
| 58 |
Secondly, it is confusing to users. If we remove old versions and only |
| 59 |
keep binary compatibility slots, users can be easily tricked into |
| 60 |
installing them and being surprised it's not a complete package. If we |
| 61 |
keep old versions, we end up having different revisions of the same |
| 62 |
version in different slots which is also easily confused. |
| 63 |
|
| 64 |
|
| 65 |
Thirdly, it is cumbersome to introduce. If we are to introduce a binary |
| 66 |
compatibility slot for a package that didn't have it, we need to update |
| 67 |
all reverse dependencies. This usually means researching whether we |
| 68 |
should use ':0' or ':0=', and if we get this wrong, we just silence |
| 69 |
repoman warning about missing slot-op. |
| 70 |
|
| 71 |
|
| 72 |
All of this considered, I can't think of a single real benefit of using |
| 73 |
slots for this purpose. They work but there's nothing really special |
| 74 |
about them. |
| 75 |
|
| 76 |
|
| 77 |
Suggested replacement |
| 78 |
===================== |
| 79 |
|
| 80 |
My suggestion is to move binary compatibility slots into separate |
| 81 |
packages. For example, dev-libs/openssl would be split into: |
| 82 |
|
| 83 |
dev-libs/openssl -- containing the actual package |
| 84 |
|
| 85 |
dev-libs/openssl-bin-compat -- containing binary compatibility slots |
| 86 |
|
| 87 |
In this case, all dependencies on dev-libs/openssl would become correct |
| 88 |
(or semi-correct, wrt missing := dep) again. Since packages are co- |
| 89 |
installable the same way slots are, there is no loss there. Since |
| 90 |
nothing depends on binary compatibility slots, we do not even need to |
| 91 |
update anything (but if we had, the update cost would be minimal both to |
| 92 |
developers and to users). |
| 93 |
|
| 94 |
|
| 95 |
What do you think? |
| 96 |
|
| 97 |
-- |
| 98 |
Best regards, |
| 99 |
Michał Górny |
Archives