Allan McRae schrieb:
This shouldn't generate new dependencies, as makepkg already needs to know which packages are needed for building the package. So its a specialization of the already provided dependencies. If it's not, it's a bug in the PKGBUILD.
Well, then... what is the point? Versioned dependencies already cover soname values if the package is listed as a dep in addition to is library.
Versioned dependencies don't cover shit. And they only work in one direction. You have bash depending on readline>=6. Now, what happens if readline changes their ABI again (not that they're going to do it soon, but hypothetically). How do you know when readline upgrades that it will be incompatible with bash? You don't know which version number will change the SONAME, the upstream project maintainers are pretty inconsistent about that. So you cannot simply add depends=(readline<7) because it's not known that the SONAME will change there (maybe readline is consistent here, others aren't), it might change earlier or later. The only way of ensuring compatibility is to have each package know which SONAME it provides and which one it needs. Without such a mechanism, it is easy to completely break the system, as witnessed by the many reports after the libjpeg and readline updates. This patch illustrates how this can be done easily and safely. Of course, additional checks have to be added: - Check whether the sodep is among the explicit depends of the package, make the build process fail otherwise (or include such a check in namcap). - Check whether an sodep is among optdepends, discard it in this case. - Maybe more Including those features in the initial patch is not a good idea, as nobody would actually read it then. I suggested to first submit this patch, discuss the approach and then go on to add additional patches to make this feature safe to use with our build system. My suggestion was also to add soprovides to every package, but only add sodepends explicitly in the PKGBUILD on critical packages so pacman won't be too slow in its dependency checks. My 2 cents here to make our packages more robust against failure.