1 |
On Wed, Sep 30, 2015 at 3:29 PM, Anthony G. Basile <blueness@g.o> wrote: |
2 |
> |
3 |
> Yes you could use symbol versioning, and you can do the side by side by |
4 |
> renaming the library but that's a real pita for us since we'd have to hack |
5 |
> build systems to link against the correct library name. Ths should have |
6 |
> been done upstream. |
7 |
> |
8 |
|
9 |
Agree, though to be fair it was a failing in openssl before it was a |
10 |
failing in libressl: |
11 |
readelf -sW /usr/lib64/libssl.so | grep "@" |
12 |
(output: nothing that didn't come from glibc) |
13 |
|
14 |
> You'd have to name the libraries differently and you'd have to hack the |
15 |
> LDLFAGS to aim the build to the correct library. That, in my opinion, is |
16 |
> the killer to this idea. There is also the issue that some libc's like |
17 |
> uclibc don't do symbol versioning, but I would deal with that in other ways. |
18 |
|
19 |
++ There might be some solutions to automate this, but it would be a |
20 |
PITA. I think the better solution is to fix C itself. |
21 |
|
22 |
> |
23 |
> @rich0. Just a side comment. You said somewhere that maybe apache will |
24 |
> choose openssl and postfix libressl and then we'll be in trouble. No. The |
25 |
> incompatibility is at the abi not api level. So, for example, some struct |
26 |
> size might be different between the two because of internal implementation |
27 |
> details, but both should provide a definition of the same struct in their |
28 |
> header with the same members. ie. apache should compile against either |
29 |
> openssl or libressl and work, you just can't swap out your libssl without |
30 |
> recompiling apache which you could do if you had full api compat. |
31 |
|
32 |
I agree with this as long as both projects maintain API compatibility. |
33 |
Whether that happens remains to be seen. If openssl adds a new |
34 |
feature and libressl decides that is a "bad feature" or libressl adds |
35 |
a new feature and openssl doesn't have the manpower to keep up, or |
36 |
whatever, then we'll start seeing things break, and then everybody |
37 |
gets to pick sides. |
38 |
|
39 |
As may be happening with ffmpeg/libav I suspect that eventually one |
40 |
side or the other will become dominant, and at that point users will |
41 |
have a clean solution again. In the meantime they get to see WW3 |
42 |
unfurl on their desktops as they are forced to pick a side and decide |
43 |
which packages they want to install. I guess that would be a good |
44 |
time to plug containers again. (You know that symbol versioning is |
45 |
broken when the solution is basically to install a completely |
46 |
independent userspace for every process you run.) |
47 |
|
48 |
-- |
49 |
Rich |