Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 672526 - dev-libs/openssl add versioned symbols from Debian
Summary: dev-libs/openssl add versioned symbols from Debian
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2018-12-04 20:56 UTC by Karel Kočí
Modified: 2019-01-06 20:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karel Kočí 2018-12-04 20:56:35 UTC
Debian introduced some time ago additional symbols to some shared
libraries to support multiple versions linked to same executable trough
multiple other dependencies. This adds version symbols such as:
OPENSSL_1.0.2
This is of course outside of Gentoo scope with exception of some binary
applications (such as steam games) linking against Ubuntu that also
contains these pathes. Not having those symbols causes some games fail
to start.

This is basically reponenning issue: https://bugs.gentoo.org/show_bug.cgi?id=547444

The progress is that upstream accepted in this case Debian patches and from version 1.1.0 openssl contains version symbols. Problem is that they won't accept it for 1.0 release and there is still a lot of proprietary software build on Ubuntu. I would say that there is even bigger need with Steam and games (at least that is my issue). I think that it makes sense to allow this patch to be optionally applied by users if they need to. Because of that I propose to add versioned use flag. It can be in default disabled so default wont change but it allows others such as steam overlay repository to have it as a dependency.
Comment 1 Karel Kočí 2018-12-04 21:02:33 UTC
Github pull request:
https://github.com/gentoo/gentoo/pull/10568
Comment 2 Arfrever Frehtes Taifersar Arahesis 2018-12-11 09:09:07 UTC
The patch was created by somebody for openssl-1.0.2d.

The patch adds version scripts with 'local: *'. This results in hiding all symbols not hardcoded in global section in version scripts.
It would be good to check which (if any) symbols exactly are hidden by this patch.
You can see list of symbols in `readelf -sW ${library}`.


Beside above, if versioning is made conditional on a USE flag, then after enabling this USE flag and rebuilding of reverse dependencies, disabling of this USE flag breaks ABI for reverse dependencies, so there would have to be a noticeable warning for users. (Something using 'if has_version "dev-libs/openssl[versioned]" check.)
Comment 3 Arfrever Frehtes Taifersar Arahesis 2018-12-11 09:24:02 UTC
Instead of hiding all symbols not hardcoded in other nodes (e.g. OPENSSL_1.0.2), it would be better to create a new node without explicit version (called e.g. OPENSSL) and use 'global: *' there.
Comment 4 Arfrever Frehtes Taifersar Arahesis 2018-12-11 09:45:24 UTC
Example for people not familiar with version scripts:
(libA.so represents library not using version script. libB.so represents library using version script with 'local: *'. libC.so represents library using version script with 'global: *' in new node.)


$ cat libB.symbols
XXX_1.0 {
  global:
    myfunction1;
  local:
    *;
};
$ cat libC.symbols
XXX_1.0 {
  global:
    myfunction1;
};
XXX {
  global:
    *;
};
$ gcc -shared -fPIC -o libA.so -x c - <<< "int myfunction1() {return 1;} int myfunction2() {return 2;}"
$ gcc -shared -fPIC -o libB.so -x c - <<< "int myfunction1() {return 1;} int myfunction2() {return 2;}" -Wl,--version-script=libB.symbols
$ gcc -shared -fPIC -o libC.so -x c - <<< "int myfunction1() {return 1;} int myfunction2() {return 2;}" -Wl,--version-script=libC.symbols
$ strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version libA.so libB.so libC.so
$ readelf -sW libA.so | grep myfunction
     6: 000000000000115a    50 FUNC    GLOBAL DEFAULT   11 myfunction2
     9: 0000000000001128    50 FUNC    GLOBAL DEFAULT   11 myfunction1
$ readelf -sW libB.so | grep myfunction
     6: 0000000000001128    50 FUNC    GLOBAL DEFAULT   12 myfunction1@@XXX_1.0
$ readelf -sW libC.so | grep myfunction
     6: 000000000000115a    50 FUNC    GLOBAL DEFAULT   12 myfunction2@@XXX
    11: 0000000000001128    50 FUNC    GLOBAL DEFAULT   12 myfunction1@@XXX_1.0
$ gcc -c -o test.o -x c - <<< "int myfunction1(); int myfunction2(); int main() {return myfunction1() + myfunction2();}"
$ gcc -o testA test.o -Wl,-rpath,. -L. -lA
$ gcc -o testB test.o -Wl,-rpath,. -L. -lB
/usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: test.o: in function `main':
:(.text+0x2a): undefined reference to `myfunction2'
collect2: error: ld returned 1 exit status
$ gcc -o testC test.o -Wl,-rpath,. -L. -lC
$ strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version testA testC
$ readelf -sW testA | grep myfunction
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND myfunction1
     6: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND myfunction2
$ readelf -sW testC | grep myfunction
     5: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND myfunction2@XXX (4)
     7: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND myfunction1@XXX_1.0 (5)
Comment 5 Karel Kočí 2019-01-05 15:46:48 UTC
I am sorry for my delay. I was busy with christmass and such..

I added check to package pretend phase. I hope that that is what you wanted as a notice.

I added new version for slot 1.0.0. I also changed used patch to Ubuntu one. That one is what is really required for games and such and has correct version markings. It was also updated with newer version (g).

I changed local to version-less global. It should not break even if patch is updated to new version because if there is some symbol that was not versioned and now is than the old version-less should be still present. That of course require manual edit of Ubuntu patch every time we want to update it but that is future problem.