Dependency hell

[Charles Swiger]

On Apr 19, 2004, at 2:34 PM, Ziller, James wrote:
> So then is there a way that the ports/package system can automatically
> handle replacing libfoo.so.3 with libfoo.so.4, so that packages 
> compiled to
> use libfoo.so.3 can use libfoo.so.4 instead (assuming the new version 
> is
> backward compatable)?

If the new version of the library is backwards-compatible, it ought to 
be installed as libfoo.so.3 (not .4), and yes, the ports system will 
handle such upgrades in place just fine.

In particular, OpenSSL (aka libssl.so.n) is an example of a library 
that has had many bugfiles and updates without changing version numbers 
often.  You don't need to recompile everything that depends on libssl 
when you update libssl.

People (should) only bump shared library numbers when the library's 
interface changes in an incompatible fashion.  When that happens, it's 
a bad idea to try to fake the system out (say by symlinking libfoo.so.3 
to .4): programs tend to crash when you try, or do worse things such as 
corrupt data or mishandle authentication and thus open up a security 
hole.

> Or can the port link against say libfoo.so (which
> should be a symlink to the version of the library that's installed)?

libfoo.so is normally a symlink to the latest version of a particular 
shared library.  A port that genuinely doesn't care which version of 
libfoo you have doesn't need to depend on a particular version #, and 
you'd see a line in the Makefile like:

LIB_DEPENDS=	foo:${PORTSDIR}/misc/foo

...but most ports end up with more specific dependencies (ie, foo.3).

Maintaining backwards compatibility is not a high priority of the ports 
system and the result is that people end up recompiling a lot of stuff, 
but it's not easy to provide better solutions to this problem.

-- 
-Chuck