Closed reneengelhard closed 6 months ago
reneengelhard
commented
6 months ago saw https://github.com/pvanhoof/dir-examples, which explains how to do it, too (i.e. -version-info @XMLSEC_VERSION_INFO is wrong, or at least it would have been ok if it was xmlsec1 2.x :))
lsh123
commented
6 months ago Thanks for your feedback. XMLSec library is distributed in the source code form with example makefiles. The binary maintainers are welcome to customize the binary details to fit requirements of a specific distribution like Debian. I would recommend that you create bugs for specific distributions to ensure your concerns are addressed.
reneengelhard
commented
6 months ago erm, so you really want distros to rename the lib to libxmlsec1.so.deb1, .so.deb2 etc to so.deb99999999? Doesn't seem to be really senseful.
Why can't you just bump SONAME properly at least on definitive ABI changes, which you even mention in the changelog?
reneengelhard
commented
6 months ago and the whole point of this issue is that I (I inherited it) maintain this in Debian. And one big r-dep of it (libreoffice).
$ grep-dctrl -FDepends libxmlsec /var/lib/apt/lists/deb.debian.org_debian_dists_unstable_main_binary-amd64_Packages -sSource | sort | uniq
Source: lasso (2.8.1-2)
Source: libaqbanking
Source: libreoffice (4:7.6.4~rc1-1)
Source: nordugrid-arc
Source: oath-toolkit
Source: openscap (1.3.9+dfsg-1)
Source: python-xmlsec (1.3.13-1)
Source: xmlsec1You really suggest linking them all static with the .a? Since that then probably is needed then if one doesn't change the .so eveytime an intentional ABI break (like the size_t change) or a removed symbol happens..
Hi,
sorry, I am definitely late to the party but I have been busy with other stuff and let this slip (except dealing with the symbols).
I see many "(ABI breaking change) in 1.3.0s changelog. Yet still the library is built as libxmlsec1*.so.1. This is extremely bad.
Especially stuff like
(ABI breaking change) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to restore the old behaviour (note that support for xmlSecSize being different from size_t will be removed in the future).
in 1.3.0.
If you break ABI (and that also includes removing symbols, which you also do without bumping the SONAME, but let's leave that aside here, just mentioned for completebess) you have to bump the SONAME of the library since stuff compiled against the 1.2.x .so.1 will break if ran with 1.3.
Rebuild is not really an option and feasible, since that new version would declare it breaks the old "world". And it doesn't help stuff one does not know about.
See
See https://www.debian.org/doc/debian-policy/ch-sharedlibs.html#run-time-shared-libraries for Debian stance on this. This would mean in this specific case that all packages using xmlsec1 needs to be rebuilt against the new package but with that new package name.
Regards,
Rene
[1] libxmlsec1-* as a package name in Debian was probably wrong since the beginning, it should have been e.g. libxmlsec1-openssl1 but anyway. Then it will become libxmlsec1-openssl2 now. See the policy document, xmlsec1 is the name :). I will deal with this when we got a release using .so.2