Re: [gentoo-dev] RFC about another *DEPEND variable - gentoo-dev

From:	Brian Harring <ferringb@×××××.com>
To:	gentoo-dev@l.g.o
Subject:	*Re: [gentoo-dev] RFC about another DEPEND variable**
Date:	Mon, 25 Sep 2006 18:19:21
Message-Id:	`20060925181625.GA26618@seldon`
In Reply to:	Re: [gentoo-dev] RFC about another *DEPEND variable by Mike Frysinger

1

On Sat, Sep 23, 2006 at 11:31:12PM -0400, Mike Frysinger wrote:

2

> On Saturday 23 September 2006 10:30, Brian Harring wrote:

3

> > dlopen?

4

>

5

> we already said that this will need a new depend variable

6

>

7

> > How does this fix openssl horkage? (bad soname handling)

8

>

9

> it wont, but such things are broken regardless outside of Gentoo ... and

10

> trying to accommodate something that happens every three blue moons at the

11

> cost of developer time is not worth it

12

13

Bad soname handling is just *part* of what BINCOMPAT could do; it's 

14

not the sole reason for it's existance, as such it's not quite right 

15

dismissing it just because it addresses a rarity the NEEDED approach 

16

doesn't. :)

17

18

> > Also... what do we do for python/perl (*-updater scripts in general)

19

> > where a change in a pkg state means we have to rebuild the revdeps?

20

>

21

> my solution does not address this, but what you're proposing would over

22

> address this ... how do you know when a package needs to be rebuilt (a perl

23

> module) or rebuilding is a waste of time (a package installs perl scripts

24

> that execute `perl` and nothing else)

25

26

Original email stated that 'binding deps' would be required for that, 

27

marking deps in some way such that it indicates they're sensitive to 

28

changes in BINCOMPAT of the match.

29

30

*IF* we actually had that in place it would enable detecting and 

31

rebuilding c++ code whenever gcc pulls its next c++ abi change with 

32

appropriate deps in place (iow, kill off the implicit system deps).

33

34

Back to your example, if it's just a caller of it, it's not binding; 

35

now if it were a perl module that sticks its modules into the perl 

36

installation, yes, binding (it needs to rebuild to merge to the new 

37

location).

38

39

40

> > What you're suggesting works for strictly linkage; still think this

41

> > shouuld work for the general problem rather then just one subset.

42

>

43

> yes, i am addressing what i see to be the most critical issue and the easiest

44

> to break a user's system

45

>

46

> > Clarifying my statement; we don't break our DEPEND down into "this is

47

> > what is executed in building the package" (toolchain),

48

>

49

> DEPEND

50

>

51

> > vs "this is the

52

> > crap the binaries we build against need avail to be linked against",

53

> > literally what winds up as -l args.

54

>

55

> RDEPEND

56

57

If that were the case, why do we have libraries listed in DEPEND then?

58

59

DEPEND is (and always has been) "this is the crap I need merged to be 

60

able to build an install image of myself", RDEPEND is (and always has 

61

been) "this is the crap I need on the fs to actually run my 

62

binaries/libs" and PDEPEND is around to cover up portages resolver, 

63

but moreso the trees mostly whacked deps.

64

65

This is why eradicator, solar, and you were discussing splitting link 

66

depends out of DEPEND for saner CHOST/CTARGET support around a year 

67

back also.

68

69

Semantics at this point, but RDEPEND does *not* need to be merged to 

70

build a pkg, only DEPEND; it's never been any other way.

71

72

73

> > If punting the old lib (as I assumed), means we would potentially be

74

> > making certain DEPEND atoms unusable if they're required in an

75

> > execution context (rather then just winding up as a -l arg).

76

>

77

> no ... lemme give a perfect example.

78

>

79

> user has openssl-0.9.7j installed and they upgrade to openssl-0.9.8c ... the

80

> old version provided SONAME files libcrypto.so.0.9.7 and libssl.so.0.9.7

81

> while the new one provides SONAME files libcrypto.so.0.9.8 and

82

> libssl.so.0.9.8

83

>

84

> everything from openssl-0.9.7j is unmerged except for the two files

85

> libcrypto.so.0.9.7 and libssl.so.0.9.7.  openssl-0.9.8c, being a different

86

> ABI, does not provide these files thus there is no clash.

87

>

88

> portage keeps track of libcrypto.so.0.9.7 and libssl.so.0.9.7 and once no more

89

> packages have NEEDED entries for these, will silently clean them out

90

>

91

> openssl is odd in that it encodes .x.y.z version into the ABI ... if we use

92

> the more common example with say expat, older versions install

93

> libexpat.so.0.1, libexpat.so.0.2, libexpat.so.0.3, etc... but the ABI SONAME

94

> is still just libexpat.so.0.  when the next major version of expat comes out,

95

> the SONAME is bumped to libexpat.so.1 and portage needs to keep around the

96

> last libexpat.so.0

97

>

98

> > In that case, wouldn't mind a response to the "what about ctrl+c

99

> > during the run?"  The potential for orphaning there sucks; recording

100

> > the old library in the new version sucks also since it complicates the

101

> > merge process, that lib *must* be removed else it's a potential

102

> > collision-protect minefield.

103

>

104

> - portage merges new version 2 to $ROOT

105

> - system now has version 1 and version 2 in $ROOT

106

> - portage starts to clean out version 1 from $ROOT

107

> - do not fully trim version 1's vdb until version 2 has been updated with the

108

> new information

109

>

110

> so ctrl+c at any point and so what ?  you dont remove old files until new

111

> files are fully placed and you can resume at any point

112

113

Bleh, this is getting back to exactly my point that it's unbounded 

114

resolution.  To support this, every step of execution would require 

115

scanning for dangling nodes to punt; aside from invalidating -p's 

116

output it *still* is a collision-protect hit.

117

118

It also involves changing vdb nodes from "installed and usable" to 

119

"installed/usable" or "lingering", which makes things messier for

120

1) resolver

121

2) for --info

122

3) for has_version

123

4) for built_with_use

124

5) glsa scanning

125

126

There are more, but the point is that there isn't any concept of "half 

127

merged" packages for portage; introducing it gums things up pretty 

128

heavily, beyond the support NEEDED requires to actually mangle the 

129

half merged nodes.

130

131

132

> > Finally, even if the lib is temporarily left behind, this solution

133

> > doesn't gurantee the library actually would *work* still- it only can

134

> > work if the lib is standalone from the rest of the pkg and doesn't

135

> > rely on any external data from the pkg.

136

>

137

> we're talking about preserving the system long enough to rebuild things; we're

138

> not talking about keeping the system forever in a sane state.

139

>

140

> i would guess that this corner case is not the norm and thus we can ignore it

141

> as the situation is still a lot better than what we have now:

142

>  $ foo

143

>  foo: error while loading shared libraries: libbar.so.1: cannot open shared

144

> object file: No such file or directory

145

>

146

> awesome

147

148

So... NEEDED doesn't support bad soname handling, doesn't have a graph 

149

based gurantee that the remaining bits actually would work (bits 

150

above), and requires making merging *massively* slower (a NEEDED scan 

151

per vdb change effectively), finally emerge -p results no longer being 

152

accurate to what will be undertaken.

153

154

Ways to speed it up, but frankly NEEDED just plain sucks.  Its the 

155

route towards openembeddeds resolution, rather then up front 

156

calculation portage/rpm resolvers/apt all do.

157

158

159

> > Basically trying to point out that what you're proposing only works in

160

> > a subset of the cases revdep must deal with, and that revdep itself

161

> > doesn't deal with *all* situations as is; hence BINCOMPAT as a way to

162

> > try and shift it under maintainers control.

163

>

164

> revdep-rebuild doesnt take into consideration any of the issues you raised

165

>

166

> and forcing maintainers to always track BINCOMPAT is unwieldy ... a single

167

> package provides multiple SONAMEs ?  bitrot ?  SONAME is dynamic based upon

168

> architecture or USE flags ?

169

170

Tracking BINCOMPAT should *not* be that hard.  You hit a major 

171

version?  Bump the bincompat.  Not that fricking hard really; if 

172

dealing in a package that is pissy about it's so handling, well, you 

173

ought to know your inducing wide spread breakage for a rename already- 

174

so again, not that hard.

175

176

The only case that is slightly funky is if the so doesn't change name, 

177

but changes abi- BINCOMPAT at least enables notifying the manager that 

178

a rebuild is needed, NEEDED based approach is incapable of it.

179

180

Hell, automate a tool to determine if it's a BINCOMPAT bump via NEEDED 

181

data (folks should be compiling the pkg anyways), point is it's mainly 

182

common sense for maintainenance of it.

183

184

185

The NEEDED approach doesn't really fix much frankly; from a complexity 

186

standpoint, leaving it in revdep-rebuild is *far* better then trying 

187

to integrate the crap you're requesting, both from an implementation 

188

and from a long standing maintainence view (unbounded resolution is 

189

*really* not the direction you want to go).

190

191

The solution (imo) should be one that enables fixing the *class* of 

192

problem without making matters worse.

193

194

Yes, if the solution can be automated without flinging poo into the 

195

code, I'm for it; that said I know what the implementation is going to 

196

have to look like, and it's *nasty*.

197

198

~harring

Gentoo Archives: gentoo-dev

Replies

1	On Sat, Sep 23, 2006 at 11:31:12PM -0400, Mike Frysinger wrote:
2	> On Saturday 23 September 2006 10:30, Brian Harring wrote:
3	> > dlopen?
4	>
5	> we already said that this will need a new depend variable
6	>
7	> > How does this fix openssl horkage? (bad soname handling)
8	>
9	> it wont, but such things are broken regardless outside of Gentoo ... and
10	> trying to accommodate something that happens every three blue moons at the
11	> cost of developer time is not worth it
12
13	Bad soname handling is just part of what BINCOMPAT could do; it's
14	not the sole reason for it's existance, as such it's not quite right
15	dismissing it just because it addresses a rarity the NEEDED approach
16	doesn't. :)
17
18	> > Also... what do we do for python/perl (*-updater scripts in general)
19	> > where a change in a pkg state means we have to rebuild the revdeps?
20	>
21	> my solution does not address this, but what you're proposing would over
22	> address this ... how do you know when a package needs to be rebuilt (a perl
23	> module) or rebuilding is a waste of time (a package installs perl scripts
24	> that execute `perl` and nothing else)
25
26	Original email stated that 'binding deps' would be required for that,
27	marking deps in some way such that it indicates they're sensitive to
28	changes in BINCOMPAT of the match.
29
30	IF we actually had that in place it would enable detecting and
31	rebuilding c++ code whenever gcc pulls its next c++ abi change with
32	appropriate deps in place (iow, kill off the implicit system deps).
33
34	Back to your example, if it's just a caller of it, it's not binding;
35	now if it were a perl module that sticks its modules into the perl
36	installation, yes, binding (it needs to rebuild to merge to the new
37	location).
38
39
40	> > What you're suggesting works for strictly linkage; still think this
41	> > shouuld work for the general problem rather then just one subset.
42	>
43	> yes, i am addressing what i see to be the most critical issue and the easiest
44	> to break a user's system
45	>
46	> > Clarifying my statement; we don't break our DEPEND down into "this is
47	> > what is executed in building the package" (toolchain),
48	>
49	> DEPEND
50	>
51	> > vs "this is the
52	> > crap the binaries we build against need avail to be linked against",
53	> > literally what winds up as -l args.
54	>
55	> RDEPEND
56
57	If that were the case, why do we have libraries listed in DEPEND then?
58
59	DEPEND is (and always has been) "this is the crap I need merged to be
60	able to build an install image of myself", RDEPEND is (and always has
61	been) "this is the crap I need on the fs to actually run my
62	binaries/libs" and PDEPEND is around to cover up portages resolver,
63	but moreso the trees mostly whacked deps.
64
65	This is why eradicator, solar, and you were discussing splitting link
66	depends out of DEPEND for saner CHOST/CTARGET support around a year
67	back also.
68
69	Semantics at this point, but RDEPEND does not need to be merged to
70	build a pkg, only DEPEND; it's never been any other way.
71
72
73	> > If punting the old lib (as I assumed), means we would potentially be
74	> > making certain DEPEND atoms unusable if they're required in an
75	> > execution context (rather then just winding up as a -l arg).
76	>
77	> no ... lemme give a perfect example.
78	>
79	> user has openssl-0.9.7j installed and they upgrade to openssl-0.9.8c ... the
80	> old version provided SONAME files libcrypto.so.0.9.7 and libssl.so.0.9.7
81	> while the new one provides SONAME files libcrypto.so.0.9.8 and
82	> libssl.so.0.9.8
83	>
84	> everything from openssl-0.9.7j is unmerged except for the two files
85	> libcrypto.so.0.9.7 and libssl.so.0.9.7. openssl-0.9.8c, being a different
86	> ABI, does not provide these files thus there is no clash.
87	>
88	> portage keeps track of libcrypto.so.0.9.7 and libssl.so.0.9.7 and once no more
89	> packages have NEEDED entries for these, will silently clean them out
90	>
91	> openssl is odd in that it encodes .x.y.z version into the ABI ... if we use
92	> the more common example with say expat, older versions install
93	> libexpat.so.0.1, libexpat.so.0.2, libexpat.so.0.3, etc... but the ABI SONAME
94	> is still just libexpat.so.0. when the next major version of expat comes out,
95	> the SONAME is bumped to libexpat.so.1 and portage needs to keep around the
96	> last libexpat.so.0
97	>
98	> > In that case, wouldn't mind a response to the "what about ctrl+c
99	> > during the run?" The potential for orphaning there sucks; recording
100	> > the old library in the new version sucks also since it complicates the
101	> > merge process, that lib must be removed else it's a potential
102	> > collision-protect minefield.
103	>
104	> - portage merges new version 2 to $ROOT
105	> - system now has version 1 and version 2 in $ROOT
106	> - portage starts to clean out version 1 from $ROOT
107	> - do not fully trim version 1's vdb until version 2 has been updated with the
108	> new information
109	>
110	> so ctrl+c at any point and so what ? you dont remove old files until new
111	> files are fully placed and you can resume at any point
112
113	Bleh, this is getting back to exactly my point that it's unbounded
114	resolution. To support this, every step of execution would require
115	scanning for dangling nodes to punt; aside from invalidating -p's
116	output it still is a collision-protect hit.
117
118	It also involves changing vdb nodes from "installed and usable" to
119	"installed/usable" or "lingering", which makes things messier for
120	1) resolver
121	2) for --info
122	3) for has_version
123	4) for built_with_use
124	5) glsa scanning
125
126	There are more, but the point is that there isn't any concept of "half
127	merged" packages for portage; introducing it gums things up pretty
128	heavily, beyond the support NEEDED requires to actually mangle the
129	half merged nodes.
130
131
132	> > Finally, even if the lib is temporarily left behind, this solution
133	> > doesn't gurantee the library actually would work still- it only can
134	> > work if the lib is standalone from the rest of the pkg and doesn't
135	> > rely on any external data from the pkg.
136	>
137	> we're talking about preserving the system long enough to rebuild things; we're
138	> not talking about keeping the system forever in a sane state.
139	>
140	> i would guess that this corner case is not the norm and thus we can ignore it
141	> as the situation is still a lot better than what we have now:
142	> $ foo
143	> foo: error while loading shared libraries: libbar.so.1: cannot open shared
144	> object file: No such file or directory
145	>
146	> awesome
147
148	So... NEEDED doesn't support bad soname handling, doesn't have a graph
149	based gurantee that the remaining bits actually would work (bits
150	above), and requires making merging massively slower (a NEEDED scan
151	per vdb change effectively), finally emerge -p results no longer being
152	accurate to what will be undertaken.
153
154	Ways to speed it up, but frankly NEEDED just plain sucks. Its the
155	route towards openembeddeds resolution, rather then up front
156	calculation portage/rpm resolvers/apt all do.
157
158
159	> > Basically trying to point out that what you're proposing only works in
160	> > a subset of the cases revdep must deal with, and that revdep itself
161	> > doesn't deal with all situations as is; hence BINCOMPAT as a way to
162	> > try and shift it under maintainers control.
163	>
164	> revdep-rebuild doesnt take into consideration any of the issues you raised
165	>
166	> and forcing maintainers to always track BINCOMPAT is unwieldy ... a single
167	> package provides multiple SONAMEs ? bitrot ? SONAME is dynamic based upon
168	> architecture or USE flags ?
169
170	Tracking BINCOMPAT should not be that hard. You hit a major
171	version? Bump the bincompat. Not that fricking hard really; if
172	dealing in a package that is pissy about it's so handling, well, you
173	ought to know your inducing wide spread breakage for a rename already-
174	so again, not that hard.
175
176	The only case that is slightly funky is if the so doesn't change name,
177	but changes abi- BINCOMPAT at least enables notifying the manager that
178	a rebuild is needed, NEEDED based approach is incapable of it.
179
180	Hell, automate a tool to determine if it's a BINCOMPAT bump via NEEDED
181	data (folks should be compiling the pkg anyways), point is it's mainly
182	common sense for maintainenance of it.
183
184
185	The NEEDED approach doesn't really fix much frankly; from a complexity
186	standpoint, leaving it in revdep-rebuild is far better then trying
187	to integrate the crap you're requesting, both from an implementation
188	and from a long standing maintainence view (unbounded resolution is
189	really not the direction you want to go).
190
191	The solution (imo) should be one that enables fixing the class of
192	problem without making matters worse.
193
194	Yes, if the solution can be automated without flinging poo into the
195	code, I'm for it; that said I know what the implementation is going to
196	have to look like, and it's nasty.
197
198	~harring