In another response, MAL points out that revdep-rebuild rebuilds binaries and libraries broken by other updates. In the openssl/mod_ssl case, neither mod_ssl nor mod_php were not broken by updating openssl; rather mod_ssl needed to be recompiled to make use of the newer openssl. I gather that this has to do with static linking versus dynamic linking. Most programs that use openssl aren't statically linked to it, so they probably only need to be restarted to make use of a new version of openssl. And revdep-rebuild apparently only checks if *dynamic* libraries are broken.
So, when I run revdep-rebuild, it says that 'Dynamic linking on your system is consistent... All done.' and does nothing. If I run it with the '-X --soname-regexp' option, it reports 'There are no dynamic links to *ssl*... All done.' I don't think this helps this issue. > -----Original Message----- > From: Jeffrey Smelser > > Um, This IS what your looking for... > > your upgrading openSSL which is a dependencies for mod_php > lets say.. You run revdep-rebuild, and it will should mod_php > needs to be recompiled... > > After some thinking, I used it for the upgrade to mysql. I > upgraded it and it told me a few packages that compile in > mysql support needed to be recompiled.. > > Am I missing something here?? > > > -----Original Message----- > > From: Joel Osburn [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 08, 2003 11:41 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [gentoo-user] Upgrading OpenSSL > > > > > > Jeffrey Smelser: > > > there is a rev-rebuild as part of the gentoolkit package. > > Anytime you > > > replace a library such as that.. Theory says, its suppose > to provide > > you > > > with this information... I think it will even recompile > things that > > need > > > to be recompiled. > > > > > > I have only used it once, and it worked for that.. I just > > don't recall > > what > > > it was for... > > > > Hmmmm......It takes a 'qpkg --list gentoolkit' to reveal that > > revdep-rebuild is provided in /usr/bin: > > > > files jtosburn # man revdep-rebuild > > No manual entry for revdep-rebuild > > > > files jtosburn # revdep-rebuild --help > > Usage: /usr/bin/revdep-rebuild [OPTIONS] [--] [EMERGE_OPTIONS] > > > > Broken reverse dependency rebuilder. > > > > -X, --package-names recompile based on package names, not exact > > versions > > --soname SONAME recompile packages using library with SONAME > > instead > > of broken library > > --soname-regexp SONAME > > the same as --soname, but accepts grep-style > > regexp > > -q, --quiet be less verbose > > > > Calls emerge, all other options are used for it (e. g. -p, > --pretend). > > > > > > If the developers think it's broken, then I wouldn't trust > it, and I'm > > not sure that it does what I'm looking for, anyway. > > > > So the question remains: how the heck do you know what needs to be > > recompiled after any given (particularly security-realted) > > update? How > > many people are still running a mod_ssl that was compiled with a > > vulnerable openssl; sure they read the GLSA's and knew to update > > openssl, but nothing was said about anything that is > statically linked > > to it. I don't expect that the devels would ever list every program > > possibly affected by a GLSA, but there ought o be a way for > admins and > > users to figure out what's what on their systems. > > > > -Joel Osburn > > > > > > -- > > [EMAIL PROTECTED] mailing list > > > > > > -- > [EMAIL PROTECTED] mailing list > > -- [EMAIL PROTECTED] mailing list
