[pacman-dev] [PATCH] add support for .so dependencies
Thomas Bächler
thomas at archlinux.org
Sat Aug 15 12:56:22 EDT 2009
Allan McRae schrieb:
>> This shouldn't generate new dependencies, as makepkg already needs to
>> know which packages are needed for building the package. So its a
>> specialization of the already provided dependencies. If it's not, it's a
>> bug in the PKGBUILD.
>
> Well, then... what is the point? Versioned dependencies already cover
> soname values if the package is listed as a dep in addition to is library.
Versioned dependencies don't cover shit. And they only work in one
direction.
You have bash depending on readline>=6. Now, what happens if readline
changes their ABI again (not that they're going to do it soon, but
hypothetically). How do you know when readline upgrades that it will be
incompatible with bash? You don't know which version number will change
the SONAME, the upstream project maintainers are pretty inconsistent
about that. So you cannot simply add depends=(readline<7) because it's
not known that the SONAME will change there (maybe readline is
consistent here, others aren't), it might change earlier or later. The
only way of ensuring compatibility is to have each package know which
SONAME it provides and which one it needs.
Without such a mechanism, it is easy to completely break the system, as
witnessed by the many reports after the libjpeg and readline updates.
This patch illustrates how this can be done easily and safely. Of
course, additional checks have to be added:
- Check whether the sodep is among the explicit depends of the package,
make the build process fail otherwise (or include such a check in namcap).
- Check whether an sodep is among optdepends, discard it in this case.
- Maybe more
Including those features in the initial patch is not a good idea, as
nobody would actually read it then. I suggested to first submit this
patch, discuss the approach and then go on to add additional patches to
make this feature safe to use with our build system.
My suggestion was also to add soprovides to every package, but only add
sodepends explicitly in the PKGBUILD on critical packages so pacman
won't be too slow in its dependency checks.
My 2 cents here to make our packages more robust against failure.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://www.archlinux.org/pipermail/pacman-dev/attachments/20090815/191f1f99/attachment.pgp>
More information about the pacman-dev
mailing list