[pacman-dev] [PATCH] add support for .so dependencies

Thomas Bächler thomas at archlinux.org
Sat Aug 15 12:56:22 EDT 2009

Allan McRae schrieb:
>> This shouldn't generate new dependencies, as makepkg already needs to
>> know which packages are needed for building the package. So its a
>> specialization of the already provided dependencies. If it's not, it's a
>> bug in the PKGBUILD.
> Well, then... what is the point?  Versioned dependencies already cover 
> soname values if the package is listed as a dep in addition to is library.

Versioned dependencies don't cover shit. And they only work in one 

You have bash depending on readline>=6. Now, what happens if readline 
changes their ABI again (not that they're going to do it soon, but 
hypothetically). How do you know when readline upgrades that it will be 
incompatible with bash? You don't know which version number will change 
the SONAME, the upstream project maintainers are pretty inconsistent 
about that. So you cannot simply add depends=(readline<7) because it's 
not known that the SONAME will change there (maybe readline is 
consistent here, others aren't), it might change earlier or later. The 
only way of ensuring compatibility is to have each package know which 
SONAME it provides and which one it needs.
Without such a mechanism, it is easy to completely break the system, as 
witnessed by the many reports after the libjpeg and readline updates.

This patch illustrates how this can be done easily and safely. Of 
course, additional checks have to be added:

- Check whether the sodep is among the explicit depends of the package, 
make the build process fail otherwise (or include such a check in namcap).
- Check whether an sodep is among optdepends, discard it in this case.
- Maybe more

Including those features in the initial patch is not a good idea, as 
nobody would actually read it then. I suggested to first submit this 
patch, discuss the approach and then go on to add additional patches to 
make this feature safe to use with our build system.

My suggestion was also to add soprovides to every package, but only add 
sodepends explicitly in the PKGBUILD on critical packages so pacman 
won't be too slow in its dependency checks.

My 2 cents here to make our packages more robust against failure.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://www.archlinux.org/pipermail/pacman-dev/attachments/20090815/191f1f99/attachment.pgp>

More information about the pacman-dev mailing list