On Sat, 25 Feb 2023, Gordon Messmer wrote:
Following a recent thread on the Fedora devel@ mailing list discussing a reproducible failure caused by mismatched library interfaces, I proposed a change to the RPM ELF dependency generator. After discussion in the PR, I've provided an implementation suggested by keszybz@ which would use the "full name" versions collected from library filenames to provide versioned library requirements. Before merging that feature, RPM's maintainers are interested in feedback from a wider audience.
If the feature linked below is merged into rpm, would SUSE be interested in using it? Do you have any suggestions to improve the feature, before it's merged?
While I agree with the comments about symbol versioning being the correct
way to fix the issue (and I also think this feature will make projects
adopting that even less likely) it does look like a sensible way to
match reality for projects using libtool like versioning of libraries.
I'd say in practice it should be an opt-in feature for openSUSE, maybe
it can be triggered by CI detecting the actual problem (symbols
newly appearing with the same SONAME and no symbol version but a
changed full name of the library).
One could even hope that upstream libtool could raise awareness
by dumping a file with the actual symbols exported (another big issue
is C++ libraries which tend to export things that are not really
part of their API), projects can put that into their source control
systems and detect changes. libtool could even generate a version
script based on the old version of the file and add new symbols
always to the latest version.
Richard.
--
Richard Biener