New checks for optdepends and sodepends

approved this merge request

Hmmm, I'm not so sure about this one, I think we have a few things that legitimately don't provide versions. Maybe those cases are worth throwing a warning on, but I don't think this should be an error.

Could you give me an example? Libraries without architecture definitions are ambiguous. All libraries can have a 'lib32-' variant, which means both package would provide the same *.so, which shouldn't happen. And makepkg currently fills the version information automatically, so if it's missing, then the specified *.so is probably missing from the package: https://gitlab.archlinux.org/pacman/pacman/-/blob/release/6.0.x/scripts/makepkg.sh.in#L531

I guess alerque meant things like this:

$ find /usr/lib -maxdepth 1 -name 'lib*.so' -and -not -type l | LANG=C.UTF-8 xargs ls -alSr
-rw-r--r-- 1 root root        15 Jan  2 20:34 /usr/lib/libmenu.so
-rw-r--r-- 1 root root        15 Jan  2 20:34 /usr/lib/libform.so
-rw-r--r-- 1 root root        16 Jan  2 20:34 /usr/lib/libpanel.so
-rw-r--r-- 1 root root        18 Jan  2 20:34 /usr/lib/libncurses.so
-rw-r--r-- 1 root root        18 Jan  2 20:34 /usr/lib/libcursesw.so
-rw-r--r-- 1 root root        20 Jan  2 20:34 /usr/lib/libncurses++.so
-rw-r--r-- 1 root root        24 Jan  2 20:34 /usr/lib/libtinfo.so
-rw-r--r-- 1 root root        24 Jan  2 20:34 /usr/lib/libtic.so
-rw-r--r-- 1 root root        58 Feb  3 20:50 /usr/lib/libopcodes.so
-rw-r--r-- 1 root root        82 Feb  3 20:50 /usr/lib/libbfd.so
-rw-r--r-- 1 root root       114 Feb  4 02:27 /usr/lib/libm.so
-rw-r--r-- 1 root root       132 Feb  2 03:05 /usr/lib/libgcc_s.so
-rw-r--r-- 1 root root       255 Feb  4 02:27 /usr/lib/libc.so
-rwxr-xr-x 1 root root     13968 Dec 20 01:35 /usr/lib/libpython3.so
-rwxr-xr-x 1 root root     14104 Feb 17  2022 /usr/lib/libcolordcompat.so
-rwxr-xr-x 1 root root     14200 Feb 13 05:34 /usr/lib/libfreebl3.so
-rwxr-xr-x 1 root root     14216 Feb 13 05:34 /usr/lib/libnsssysinit.so
-rwxr-xr-x 1 root root     14264 Sep 14 00:46 /usr/lib/libplds4.so
-rwxr-xr-x 1 root root     14344 Feb  4 02:27 /usr/lib/libpcprofile.so
-rwxr-xr-x 1 root root     18512 Feb  4 02:27 /usr/lib/libmemusage.so
-rwxr-xr-x 1 root root     22416 Sep 14 00:46 /usr/lib/libplc4.so
-rwxr-xr-x 1 root root     30600 Feb  2 07:11 /usr/lib/libdebuginfod-0.188.so
-rwxr-xr-x 1 root root     34832 Feb  2 07:11 /usr/lib/libasm-0.188.so
-rwxr-xr-x 1 root root    104464 Feb  2 07:11 /usr/lib/libelf-0.188.so
-rwxr-xr-x 1 root root    132872 Mar  7  2022 /usr/lib/libhdr10plus.so
-rwxr-xr-x 1 root root    161848 Feb 13 05:34 /usr/lib/libsmime3.so
-rwxr-xr-x 1 root root    198768 Feb 13 05:34 /usr/lib/libnssutil3.so
-rwxr-xr-x 1 root root    250280 Sep 14 00:46 /usr/lib/libnspr4.so
-rwxr-xr-x 1 root root    272448 Nov  7 09:22 /usr/lib/libgettextlib-0.21.1.so
-rwxr-xr-x 1 root root    333024 Feb 13 05:34 /usr/lib/libsoftokn3.so
-rwxr-xr-x 1 root root    333192 Nov  7 09:22 /usr/lib/libgettextsrc-0.21.1.so
-rwxr-xr-x 1 root root    420216 Feb 13 05:34 /usr/lib/libssl3.so
-rwxr-xr-x 1 root root    609296 Feb  2 07:11 /usr/lib/libdw-0.188.so
-rwxr-xr-x 1 root root    726992 Feb 13 05:34 /usr/lib/libfreeblpriv3.so
-rwxr-xr-x 1 root root   1071856 Feb  3 20:50 /usr/lib/libopcodes-2.40.so
-rwxr-xr-x 1 root root   1258048 Feb 13 05:34 /usr/lib/libnss3.so
-rwxr-xr-x 1 root root   1563200 Feb  3 20:50 /usr/lib/libbfd-2.40.so
-rwxr-xr-x 1 root root   1869912 Dec 15 01:59 /usr/lib/libdb-5.3.so
-rwxr-xr-x 1 root root   2025640 Dec 15 01:59 /usr/lib/libdb_cxx-5.3.so
-rwxr-xr-x 1 root root   2099368 Dec 15 01:59 /usr/lib/libdb_stl-5.3.so
-rwxr-xr-x 1 root root 126126200 Jan 13 05:19 /usr/lib/libLLVM-15.so

Some of them (those < 1KB) are ld scripts and will not appear in DT_NEEDED entries. Others look real examples.

Unversioned libraries should still have a version definition something like this:

nss: libnss3.so=libnss3.so-64
lib32-nss: libnss3.so=libnss3.so-32.

Adding any *.so to depends=()/provides=() without specifying the architecture shouldn't be allowed.

Thanks, that makes sense. Not sure if alerque was talking about something else.

That does make sense. I mistook your used of the "versioned" terminology to refer to SO versions not architecture flags. The question now is, aren't those added automatically in the package meta data? How would a packager get this wrong in the first place?

E.g. dotnet-runtime currently specifies libgssapi_krb5.so as dependency, but in fact it's not linked to that library, therefore makepkg cannot specify the version.

Thanks for the example, and I do see it, but we also already throw two warnings for that package:

dotnet-runtime W: Soname dependency included, but may not needed ('libgssapi_krb5.so')
dotnet-runtime W: Dependency included, but may not needed ('libgssapi_krb5.so')

It's possible that because this MR upgrades that same situation to an error the previously ignored warning will get attention, but what is the correct resolution? If the package isn't actually linked to the shared library at all then what is the correct way to mark the dependency? Isn't it bogus and should be removed? Adding it manually to the provides declaration would likewise be wrong, no?

Yes, the *.so dependency should be removed if no binary uses it. If a binary opens the library with dlopen(), then it should either specify the version (libgssapi_krb5.so=2-64), or specify the actual package name (krb5) in depends=(). It seems dotnet-runtime contains some reference to libgssapi_krb5.so, but it's likely disabled or ignored during build.

changed this line in version 4 of the diff

unapproved this merge request

If a dependency is listed in optdepends=(), but implicitly satisfied by depends=(), show a warning. The package maintainer should preferably move this dependency from optdepends=() to depends=().

I think depedency declarations should be independent of transitive dependencies?

Yes, but if an optional dependency is already pulled in by one of the dependencies, then it's installed anyway on the system, therefore useless to show it in optdepends for the user, so it can be moved from optdepends to depends. This is not an error, just a warning for the package maintainers to know about it.

I would say it's not totally useless. When the optional dependency is no longer pulled by a required dependency, users can remove it and get some disk space without bothering the maintainer to move it back to optdepends.

Okay, I modified the severity of this message from warning to info.

added 1 commit

20b50172 - New checks for optdepends and sodepends

Compare with previous version

changed the description

added 3 commits

20b50172...e9ee31db - 2 commits from branch pacman:master
7b436cd9 - New checks for optdepends and sodepends

Compare with previous version

added 1 commit

6fce5456 - New checks for optdepends and sodepends

Compare with previous version

changed the description

I saw bogus output from getcovered() (e.g. multilib dependency of non-multilib glib2), so I had to made some changes in the logic to not strip version specification for *.so entries, so we will found the correct package on multilib systems. These changes also simplify the transition to the new autodeps system implemented in next pacman release.

added 1 commit

0023454b - New checks for optdepends and sodepends

Compare with previous version

approved this merge request

merged

mentioned in commit 443f32e3

 			if i.endswith('.so') and i not in libprovides:
 				self.warnings.append(("libprovides-missing %s", i))
 		for orig_provide in pkginfo["orig_provides"]:
 			if orig_provide.endswith('.so'):
 				self.errors.append(("libprovides-without-version %s", orig_provide))

Admin message

New checks for optdepends and sodepends

Merge request reports

Activity