-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 05 February 2004 04:57, Thomas de Grenier de Latour wrote:
>
> Sure, if you assume that all libs must be checked because they all may
> be broken despite all deps (at pkg level) are satisfied, this is a
> difficult problem. But it is really a pessimistic assumption, no?
> Cases such as openssl are not that numerous. Openssl is the only one I
> can think of, and even if there are other, they are easy to detect a
> systematic way.
They are, you just don't know which packages it are. This is especially a
problem with installing new packages on an old base (ever tried to
downgrade glibc/gcc?)
>
> If you agree on this, then all you need is something is to check that
> this libs are installed in the right version. The two solutions i can
> think of:
>
> - you can do this with a strict dependency as suggested James (I
> personnaly think it makes much sense and is a clean solution, now I
> don't know how grp packages are built and if it is a problem for you
> to have different ebuilds for them.)
It is an incredible cludge, you want to record which versions a package
was build with, but you don't want to depend on exactly that version.
> - you can check the installed libs are okay it in pkg_preinst. Since
> you specify explicitly what is the problematic libraries, you also
> know from what pkg hey come and can report it to the user in case of
> failure. Attached is a proof of concept eclass that implement a
> "checklib" function you can use this way:
Basicaly every and all libs are problematic. Since dependencies for run
and compile time are almost allways libraries, the problem exists for
allmost all dependencies. This is not a small problem, so doing things
manually is not an option except for exceptions to the general rule.
>
> pkg_preinst() {
> checklib libssl.so dev-libs/openssl || die
> checklib libcrypto.so dev-libs/openssl || die
> }
>
> The behavior of checklib is to run ldd on all binaries of the package,
> find linked libs that match the lib name pattern (for instance
> "libssl.so"), and check they exist on system or will be installed. If
> they are not, the user is asked to (re-)emerge the package named as
> 2nd argument.
> When the package is built from source, the check should never fail
> (or there is a big problem in the build process). When installed from
> a binary package, it will fail if the package is not compatible with
> your system, and that's it.
>
> What do you think of this second approach (not talking about the code
> itself sure)?
It is a laborous kludge, and will not work (trust me, getting 200 devs to
do things is hard, especially if things work without it).
Paul
- --
Paul de Vrieze
Gentoo Developer
Mail: [EMAIL PROTECTED]
Homepage: http://www.devrieze.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAIhUAbKx5DBjWFdsRAlknAJ9yUN4WeAzo4Cz9Nt25x9BD/DTiQgCfQi+U
g2ri1yx/CFfaK/AhYMb22gs=
=9gI4
-----END PGP SIGNATURE-----
--
[EMAIL PROTECTED] mailing list
