[gnutls-dev] gnutls versioning again

Andreas Metzler ametzler at downhill.at.eu.org
Sun Feb 18 17:56:30 CET 2007

On 2007-02-15 "Dmitry V. Levin" <ldv at altlinux.org> wrote:
> On Sun, Feb 04, 2007 at 12:59:05PM +0100, Simon Josefsson wrote:
> > I've re-read the relevant parts of Drepper's DSO howto to refresh my
> > memory on this, but still, I don't see what problem the above change
> > would fix.  Could you explain?
> Yes.  Imagine large binary package repository (e.g. Debian or Sisyphus).
> Maintainer builds new software which uses new symbols from gnutls.
> When user installs package with this new software, there are no indication
> that it requires new version of gnutls, so old version of gnutls may
> remain unupgraded.  As result, user will see runtime relocation error
> which is not what maintainer usually want.

> To resolve this issue, our gnutls package maintainer had to create new
> interface, e.g. GNUTLS_1_6_1 and place new symbols there.  As result,
> every package with software which uses these symbols will automatically
> have all necessary dependencies, e.g. libgnutls.so.13(GNUTLS_1_6_1),
> so any user installing this package will also update gnutls package.

Your proposed change would not improve things for Debian at all.
The current way for searching dependencies in Debian is
symbol-versioning agnostic, it basically[1] works like this:

1. Use "objdump -p binaryfile | grep NEEDED" to search for direct
dependencies. (Yields "libgcrypt.so.11".)
2. Search for the package containing the libraryfile ("libgcrypt.so.11")
using dpkg --search and check *its* shlibs file[2] for the dependency
information to put into the new Depends.

Therefore the only thing that is actually looked at is the soname of
the library and your change would not help.

However *if* gnutls introduces new symbols, Debian handles the just
fine. The gnutls package maintainer is supposed to know that (either
from reading the diff or some other source of information) and will
"bump gnutls' shlibs file", i.e. he will change the dependency
information in gnutls, causing every package built against the new
gnutls version to have stricter version requirements.


Afaict[3] things are different for rpm.  /usr/lib/rpm/find-provides and
/usr/lib/rpm/find-requires seem to handle versioned symbols, but will
never generate a normal versioned dependency. rpm looks into "Version
References" and "Version definitions" in opbdump's output and handles
libgnutls.so.13(GNUTLS_1_3) instead of just libgnutls.so.13. Therefore
you end up with stuff with --requires


and the gnutls library package --provides


So afaict Dmitry's change might indeed improve things for rpm. However
it seems to be a rather big hammer. And the problem is old, I think I
am missing something _big_, the majority of libraries does
not use symbol versioning, rpm based distributions must already have
some different way to handle adding of symbols to libraries and
generating the necessary dependencies.
               cu andreas

[1] There are also override files and searching for the dependency in the
current buildtree.
[2] /var/lib/dpkg/info/libgnutls13.shlibs
libgnutls 13 libgnutls13 (>=1.4.0-0)
libgnutls-extra 13 libgnutls13 (>=1.4.0-0)
libgnutls-openssl 13 libgnutls13 (>=1.4.0-0)
[3] I have not got access to a installation using an rpm based distro
and have not used one for years.
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list