[pacman-dev] [PATCH 1/3] libalpm md5: use larger and dynamic buffer
This gave at least a 10% improvement on a few tested platforms due to the
reduced number of read calls from files when computing the md5sum. It really
is just a precursor to another patch to come which is to use MD5 functions
that do the job a lot better than anything we can do.
Signed-off-by: Dan McGee
I've noticed my Atom-powered laptop is dog-slow when doing integrity checks
on packages, and it turns out our MD5 implementation isn't near as good as
that provided by OpenSSL. Using their routines instead provided anywhere
from a 1.4x up to a 1.8x performance benefit over our built-in MD5 function.
This does not remove the MD5 code from our codebase, but it does enable
linking against OpenSSL to get their much faster implementation if it is
available on whatever platform you are using. At configure-time, we will
default to using it if it is available, but this can be easily changed by
using the `--with-openssl` or `--without-openssl` arguments to configure.
Signed-off-by: Dan McGee
Hi Dan,
2010/9/2 Dan McGee
This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation? This would prevent conditional compilation and a direct OpenSSL dependency in libalpm. Jürgen
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code. Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there. Allan
On 05/09/10 22:10, Allan McRae wrote:
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Just did a build from git and that is definitely the case. libalpm links to libssl so this will make for very interesting openssl soname bumps in the future. Allan
----- Original message -----
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Allan
The licenses that openssl is released under aren't compatible with the gpl (according to the fsf) because of the advertising clause... So openssl code can't really be used like that... (Unfortunately)
----- Original message -----
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Allan
The licenses that openssl is released under aren't compatible with the gpl (according to the fsf) because of the advertising clause... So openssl code can't really be used like that... (Unfortunately)
On 07/09/10 00:25, Bryce Gibson wrote:
----- Original message -----
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Allan
The licenses that openssl is released under aren't compatible with the gpl (according to the fsf) because of the advertising clause... So openssl code can't really be used like that... (Unfortunately)
How does the coreutils md5sum speed compare? That is GPL code so could be included directly. Though I guess it is now GPL3 being a GNU project... Allan
On Mon, Sep 6, 2010 at 10:04 AM, Allan McRae
On 07/09/10 00:25, Bryce Gibson wrote:
----- Original message -----
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Allan
The licenses that openssl is released under aren't compatible with the gpl (according to the fsf) because of the advertising clause... So openssl code can't really be used like that... (Unfortunately)
How does the coreutils md5sum speed compare? That is GPL code so could be included directly. Though I guess it is now GPL3 being a GNU project...
Quite a bit slower. Test results (for one platform, please test on whatever you are running on, it is very machine-dependent) and the test harness included below, run using ./md5-speed.sh <bigfile> Keep in mind that "including directly" more than likely is a drawback. I wouldn't be surprised if there are assembly routines involved in both of these codebases which just makes the build process that much more involved and we have to work it into our code. Not that I think these routines change much upstream, but it is one more thing to keep up to date. -Dan dmcgee@dublin /tmp $ ./md5-speed.sh ~/downloads/Fireworks.amb path: /home/dmcgee/downloads/Fireworks.amb md5(/home/dmcgee/downloads/Fireworks.amb) = 987fef0281e0924977fc8d14f78f4cd4 Version: i686 real 0m9.019s user 0m7.623s sys 0m1.143s path: /home/dmcgee/downloads/Fireworks.amb md5(/home/dmcgee/downloads/Fireworks.amb) = 987fef0281e0924977fc8d14f78f4cd4 Version: atom real 0m9.082s user 0m7.736s sys 0m1.120s path: /home/dmcgee/downloads/Fireworks.amb md5(/home/dmcgee/downloads/Fireworks.amb) = 987fef0281e0924977fc8d14f78f4cd4 Version: native real 0m9.078s user 0m7.739s sys 0m1.103s 987fef0281e0924977fc8d14f78f4cd4 /home/dmcgee/downloads/Fireworks.amb Program: md5sum real 0m8.034s user 0m6.963s sys 0m0.870s MD5(/home/dmcgee/downloads/Fireworks.amb)= 987fef0281e0924977fc8d14f78f4cd4 Program: openssl dgst -md5 real 0m6.511s user 0m5.356s sys 0m0.980s
On 07/09/10 01:15, Dan McGee wrote:
On Mon, Sep 6, 2010 at 10:04 AM, Allan McRae
wrote: On 07/09/10 00:25, Bryce Gibson wrote:
----- Original message -----
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Allan
The licenses that openssl is released under aren't compatible with the gpl (according to the fsf) because of the advertising clause... So openssl code can't really be used like that... (Unfortunately)
How does the coreutils md5sum speed compare? That is GPL code so could be included directly. Though I guess it is now GPL3 being a GNU project...
Quite a bit slower. Test results (for one platform, please test on whatever you are running on, it is very machine-dependent) and the test harness included below, run using ./md5-speed.sh<bigfile>
. md5-speed.sh /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz path: /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz md5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz) = 40a30098649adf29ba79fcd6699d5f67 Version: i686 real 0m28.441s user 0m25.692s sys 0m2.643s
path: /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz md5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz) = 40a30098649adf29ba79fcd6699d5f67 Version: native real 0m28.527s user 0m25.455s sys 0m2.970s 40a30098649adf29ba79fcd6699d5f67 /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz Program: md5sum real 0m22.553s user 0m20.552s sys 0m1.923s MD5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz)= 40a30098649adf29ba79fcd6699d5f67 Program: openssl dgst -md5 real 0m22.436s user 0m19.745s sys 0m2.650s So not much difference here.
Keep in mind that "including directly" more than likely is a drawback. I wouldn't be surprised if there are assembly routines involved in both of these codebases which just makes the build process that much more involved and we have to work it into our code. Not that I think these routines change much upstream, but it is one more thing to keep up to date.
Well, how often do we keep the current md5 code up to date? Has anyone checked the upstream source lately? It may have gotten faster (and it is still GPL2) making the whole thing moot, which it really is anyway... :P Allan
On Mon, Sep 6, 2010 at 10:45 AM, Allan McRae
On 07/09/10 01:15, Dan McGee wrote:
On Mon, Sep 6, 2010 at 10:04 AM, Allan McRae
wrote: On 07/09/10 00:25, Bryce Gibson wrote:
----- Original message -----
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: > > This does not remove the MD5 code from our codebase, but it does > enable linking against OpenSSL to get their much faster > implementation if it is available on whatever platform you are > using. At configure-time, we will default to using it if it is > available, but this can be easily changed by using the > `--with-openssl` or `--without-openssl` arguments to configure. What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Allan
The licenses that openssl is released under aren't compatible with the gpl (according to the fsf) because of the advertising clause... So openssl code can't really be used like that... (Unfortunately)
How does the coreutils md5sum speed compare? That is GPL code so could be included directly. Though I guess it is now GPL3 being a GNU project...
Quite a bit slower. Test results (for one platform, please test on whatever you are running on, it is very machine-dependent) and the test harness included below, run using ./md5-speed.sh<bigfile>
. md5-speed.sh /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz path: /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz md5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz) = 40a30098649adf29ba79fcd6699d5f67 Version: i686 real 0m28.441s user 0m25.692s sys 0m2.643s
path: /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz md5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz) = 40a30098649adf29ba79fcd6699d5f67 Version: native real 0m28.527s user 0m25.455s sys 0m2.970s
40a30098649adf29ba79fcd6699d5f67 /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz Program: md5sum real 0m22.553s user 0m20.552s sys 0m1.923s
MD5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz)= 40a30098649adf29ba79fcd6699d5f67 Program: openssl dgst -md5 real 0m22.436s user 0m19.745s sys 0m2.650s
So not much difference here.
Interesting, good to have someone else try it at least. I tried it on three machines and two of the three machines (P4 and Atom, both i686) were definitely slower with the coreutils stuff than the OpenSSL version.
Keep in mind that "including directly" more than likely is a drawback. I wouldn't be surprised if there are assembly routines involved in both of these codebases which just makes the build process that much more involved and we have to work it into our code. Not that I think these routines change much upstream, but it is one more thing to keep up to date.
Well, how often do we keep the current md5 code up to date? Has anyone checked the upstream source lately? It may have gotten faster (and it is still GPL2) making the whole thing moot, which it really is anyway... :P
I checked it before I this work, so every once in a while. :) The PolarSSL source is also meant to be standalone whereas I'm not sure with the other MD5 routines, which was convenient. Our current code really lags when it comes to older processors it seems, or things that use certain architectures- P4 or Atom processors notably. -Dan
On 07/09/10 02:01, Dan McGee wrote:
On Mon, Sep 6, 2010 at 10:45 AM, Allan McRae
wrote: On 07/09/10 01:15, Dan McGee wrote:
Keep in mind that "including directly" more than likely is a drawback. I wouldn't be surprised if there are assembly routines involved in both of these codebases which just makes the build process that much more involved and we have to work it into our code. Not that I think these routines change much upstream, but it is one more thing to keep up to date.
Well, how often do we keep the current md5 code up to date? Has anyone checked the upstream source lately? It may have gotten faster (and it is still GPL2) making the whole thing moot, which it really is anyway... :P
I checked it before I this work, so every once in a while. :) The PolarSSL source is also meant to be standalone whereas I'm not sure with the other MD5 routines, which was convenient.
Our current code really lags when it comes to older processors it seems, or things that use certain architectures- P4 or Atom processors notably.
Well, all this looks to me that it is not worth the effort of doing anything else. BTW, the md5 code in coreutils is in a separate libs/md5.{c,h} that the md5sum program includes and looks to have no assembly so could possibly used if boredom sets in (for the version prior to GPL3 licensing). Allan
On Tue, Sep 7, 2010 at 12:01 AM, Dan McGee
On Mon, Sep 6, 2010 at 10:45 AM, Allan McRae
wrote: On 07/09/10 01:15, Dan McGee wrote:
On Mon, Sep 6, 2010 at 10:04 AM, Allan McRae
wrote: On 07/09/10 00:25, Bryce Gibson wrote:
----- Original message -----
On 04/09/10 19:16, Jürgen Hötzel wrote: > > Hi Dan, > > 2010/9/2 Dan McGee
: >> >> This does not remove the MD5 code from our codebase, but it does >> enable linking against OpenSSL to get their much faster >> implementation if it is available on whatever platform you are >> using. At configure-time, we will default to using it if it is >> available, but this can be easily changed by using the >> `--with-openssl` or `--without-openssl` arguments to configure. > > What about just replacing the current MD5 implementation with the > OpenSSL implementation? > > This would prevent conditional compilation and a direct OpenSSL > dependency in libalpm. Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
Allan
The licenses that openssl is released under aren't compatible with the gpl (according to the fsf) because of the advertising clause... So openssl code can't really be used like that... (Unfortunately)
How does the coreutils md5sum speed compare? That is GPL code so could be included directly. Though I guess it is now GPL3 being a GNU project...
Quite a bit slower. Test results (for one platform, please test on whatever you are running on, it is very machine-dependent) and the test harness included below, run using ./md5-speed.sh<bigfile>
. md5-speed.sh /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz path: /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz md5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz) = 40a30098649adf29ba79fcd6699d5f67 Version: i686 real 0m28.441s user 0m25.692s sys 0m2.643s
path: /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz md5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz) = 40a30098649adf29ba79fcd6699d5f67 Version: native real 0m28.527s user 0m25.455s sys 0m2.970s
40a30098649adf29ba79fcd6699d5f67 /home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz Program: md5sum real 0m22.553s user 0m20.552s sys 0m1.923s
MD5(/home/arch/pkgcache/i686/nexuiz-data-2.5.2-1-any.pkg.tar.gz)= 40a30098649adf29ba79fcd6699d5f67 Program: openssl dgst -md5 real 0m22.436s user 0m19.745s sys 0m2.650s
So not much difference here.
Interesting, good to have someone else try it at least. I tried it on three machines and two of the three machines (P4 and Atom, both i686) were definitely slower with the coreutils stuff than the OpenSSL version.
Thought it might be interesting to compare a 64bit atom (Atom 330, dual-core 1.6 GHz). Quite a big improvement with both md5sum and openssl. path: ../foo.tar md5(../foo.tar) = 49c19f21d5719a2508066780a41eee4a Version: x86-64 real 0m12.196s user 0m11.449s sys 0m0.733s path: ../foo.tar md5(../foo.tar) = 49c19f21d5719a2508066780a41eee4a Version: atom real 0m9.938s user 0m9.216s sys 0m0.703s path: ../foo.tar md5(../foo.tar) = 49c19f21d5719a2508066780a41eee4a Version: native real 0m10.128s user 0m9.279s sys 0m0.827s 49c19f21d5719a2508066780a41eee4a ../foo.tar Program: md5sum real 0m5.934s user 0m4.883s sys 0m0.640s MD5(../foo.tar)= 49c19f21d5719a2508066780a41eee4a Program: openssl dgst -md5 real 0m5.134s user 0m4.360s sys 0m0.753s
On Sun, Sep 12, 2010 at 10:41 AM, Sebastian Nowicki
Thought it might be interesting to compare a 64bit atom (Atom 330, dual-core 1.6 GHz). Quite a big improvement with both md5sum and openssl.
Atom is the architecture where I noticed the huge disparity as well. I've seen stuff elsewhere about in-order vs out-of-order being quite a difference in optimizing for these CPUs. -Dan
On 05/09/10 22:10, Allan McRae wrote:
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
My concern is lessened... I just did an update on a year old install and pacman pulled in openssl for the lib* updates. I did another update and nothing too bad happened. So this may be fine. Allan
On Mon, Sep 6, 2010 at 9:34 AM, Allan McRae
On 05/09/10 22:10, Allan McRae wrote:
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
My concern is lessened... I just did an update on a year old install and pacman pulled in openssl for the lib* updates. I did another update and nothing too bad happened. So this may be fine.
We already had this non-explicit dep chain anyway: pacman -> libarchive -> openssl, or pacman -> libfetch -> openssl. Moving it up one level shouldn't affect a whole lot. The only thing that should break here is "everything else" on your system. E.g. if you are prompted to upgrade pacman first because it is in SyncFirst, and it pulls in an so-bump OpenSSL, then anything else on your system that links that library won't work until you complete a full -Syu. However, as I pointed out above, this was already happening as far as I can see before. -Dan
On 07/09/10 00:42, Dan McGee wrote:
On Mon, Sep 6, 2010 at 9:34 AM, Allan McRae
wrote: On 05/09/10 22:10, Allan McRae wrote:
On 04/09/10 19:16, Jürgen Hötzel wrote:
Hi Dan,
2010/9/2 Dan McGee
: This does not remove the MD5 code from our codebase, but it does enable linking against OpenSSL to get their much faster implementation if it is available on whatever platform you are using. At configure-time, we will default to using it if it is available, but this can be easily changed by using the `--with-openssl` or `--without-openssl` arguments to configure.
What about just replacing the current MD5 implementation with the OpenSSL implementation?
This would prevent conditional compilation and a direct OpenSSL dependency in libalpm.
Can we do that? Openssl is BSD code.
Anyway, I have concerns... Think of an openssl upgrade. pacman is in SyncFirst and it pulls in all its deps. If that pulls in openssl with a soname bump, things may get interesting. I have not check, but I do not think --as-needed saves us there.
My concern is lessened... I just did an update on a year old install and pacman pulled in openssl for the lib* updates. I did another update and nothing too bad happened. So this may be fine.
We already had this non-explicit dep chain anyway: pacman -> libarchive -> openssl, or pacman -> libfetch -> openssl. Moving it up one level shouldn't affect a whole lot.
The only thing that should break here is "everything else" on your system. E.g. if you are prompted to upgrade pacman first because it is in SyncFirst, and it pulls in an so-bump OpenSSL, then anything else on your system that links that library won't work until you complete a full -Syu. However, as I pointed out above, this was already happening as far as I can see before.
Pulling openssl only happened on an old system when updating pacman. The versioned dependencies used for Arch's pacman package are quite relaxed so updating pacman would only pull new libfetch and libarchive (and thus openssl) on a really old system. Remember the multiple rebuilds of pacman when we were deciding if the libarchive and libfetch dependency versioning should force it to pull in the openssl update and it was finally decided it was best not to. Anyway the choices are (with a openssl update) 1) update pacman + openssl followed by full update 2) full update with openssl (initial pacman update only when pacman is out of date) Stopping for whatever reason in the middle of 1) could be very painful. Think of a network outage... and there is quite a scope for something bad to happen as it is the entire second transaction, including package download which may take some time. With 2), the pain only occurs with stopping during the actual package install stage so is a much smaller scope to cause issues. Anyway, I like the whole not reinventing the wheel being done here so overall I like the idea. It just gives me this nagging concern... Allan
Am 06.09.2010 16:42, schrieb Dan McGee:
The only thing that should break here is "everything else" on your system. E.g. if you are prompted to upgrade pacman first because it is in SyncFirst, and it pulls in an so-bump OpenSSL, then anything else on your system that links that library won't work until you complete a full -Syu. However, as I pointed out above, this was already happening as far as I can see before.
Not exactly: Last time, pacman upgraded itself without upgrading libarchive and libfetch, and the next update pulled the openssl upgrade with the rest of the libraries. And we still had lots of problems with users who broke their system. I am thinking we might consider using dlopen() on libssl with a fallback to the builtin code.
Model it after the new OpenSSL check, and have it be a bit more useful. If
you do not explicitly pass a command line option, it will be linked if
available but will not error out if it is missing. Also bump the version to
that where connection caching was introduced as we use these new features in
the codebase.
Signed-off-by: Dan McGee
participants (7)
-
Allan McRae
-
Bryce Gibson
-
Dan McGee
-
Dan McGee
-
Jürgen Hötzel
-
Sebastian Nowicki
-
Thomas Bächler