[csw-maintainers] Proposal: direct binding for all the opencsw software stack

Yann Rouillard yann at pleiades.fr.eu.org
Tue Aug 7 22:43:08 CEST 2012


Hi everybody,

As you may have noticed, updating libssl from 0.9.8 to 1.0.0 is proving to
be quite a pain.
As the linker tries by default to link a symbol against the first library
loaded that provides the symbol, in our case that could easily lead to
situation where a binary or a library is linked against the wrong library,
leading to subtle bugs or crashes.

Linux uses symbol versioning to solve this problem but in the Solaris
world, even if symbol versioning does exist, that is not the solution to
this problem and it turns that a solaris linker feature called direct
binding is a right approach (see the thread
http://lists.opencsw.org/pipermail/maintainers/2012-July/017064.html and
the explanation in oracle manual:
http://docs.oracle.com/cd/E19963-01/html/819-0690/aehzq.html ).

Direct Binding changes the behaviour of the linker at runtime, when a
program or a library has a direct binding against a library, the linker
will now link a symbol against the exact library that provided the symbol
at compile time. That exactly solves the problem we have here because
openssl 0.9.8 symbols will be linked against libssl0.9.8 and not
libssl1.0.0 (and vice versaà.


So to avoid futures difficulties of the same kind, I am proposing to enable
direct binding by default for all opencsw software !)

One day or the other we will to handle an new ABI incompatible library
which still provides the same functions (but maybe with subtle difference
as ABI is not compatible). Openssl is the first big one but we will have
others problem like this (libpng or libjpeg ?).
Currently, we have to pretty much upload together all the packages linked
against the library, which turns out to be difficult to do as it requires a
lot of coordination and blocks the upload of new packages in unstable.

Enable direct binding will definitely solve this problem and is also
supposed to be more efficient, as it doesn't have to search for a symbol in
all libraries.

I don't see a lot of cons, maybe these ones:
  - sometimes, it seems some programs do need the original linker behaviour
but that could be fixed by some other ld options,
  - we never enabled it so maybe we will uncover some problems,
  - it works only with Sun ld (we don't use GNU ld somewhere do we ?)

To be it seems to have been enabled for opensolaris in the past:
https://blogs.oracle.com/rie/entry/direct_binding_now_the_default

I am no expert in linking so I welcome any comment on that proposal.


But if everybody is ok with it, here is how we could try to enable it to
gradually:

 1. write a checkpkg test to test if direct binding if properly enabled in
a package,
 2. enable Direct Binding manually for a reduced set of packages (at least
my packages :) )
     (we just have to pass "-Bdirect" to SUN ld)
 3. wait a bit to see if something unexpected happens :)
 3. if it works, enable it by globally adding the option to LINKER_FLAGS
 4. enable the checkpkg direct binding test by default so we can catch even
packages that don't use LDFLAGS


Thanks in advance for your comments,

Yann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20120807/b38e227e/attachment.html>


More information about the maintainers mailing list