[gentoo-dev] openssl and preserve_old_lib_notify pitfall

[gentoo-dev] openssl and preserve_old_lib_notify pitfall

[Andreas K. Huettel]

[-- Attachment #1: Type: Text/Plain, Size: 871 bytes --]


Hi, 

Just by accident I noticed during emerge something that may lead to major confusion: the just stabilized openssl-1.0.0-r3 contains the following code:

pkg_postinst() {
        ...
        has_version ${CATEGORY}/${PN}:0.9.8 && return 0
        preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
}

However, portage in my case first updated openssl (slot 0) from 0.9.8 to this version, _printing out the preserve_old_lib_notify message_, and then afterwards installed openssl-0.9.8o-r2.

Net result: if I had relied on the elog messages alone, I would have messed up my system by deleting the required files from openssl:0.9.8...

I have no clue how this could be improved, though. Any ideas?

Cheers, Andreas

-- 
Andreas K. Huettel
Gentoo Linux developer - kde, sci, sunrise
dilfridge@gentoo.org
http://www.akhuettel.de/

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-dev] openssl and preserve_old_lib_notify pitfall

[Samuli Suominen]

On 09/30/2010 07:31 PM, Andreas K. Huettel wrote:
> 
> Hi, 
> 
> Just by accident I noticed during emerge something that may lead to major confusion: the just stabilized openssl-1.0.0-r3 contains the following code:
> 
> pkg_postinst() {
>         ...
>         has_version ${CATEGORY}/${PN}:0.9.8 && return 0
>         preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
> }
> 
> However, portage in my case first updated openssl (slot 0) from 0.9.8 to this version, _printing out the preserve_old_lib_notify message_, and then afterwards installed openssl-0.9.8o-r2.
> 
> Net result: if I had relied on the elog messages alone, I would have messed up my system by deleting the required files from openssl:0.9.8...
> 
> I have no clue how this could be improved, though. Any ideas?

Get Portage 2.2_rcX (with preserved-libs) feature released into ~arch. ;-)

> 
> Cheers, Andreas
> 

Re: [gentoo-dev] openssl and preserve_old_lib_notify pitfall

[Zac Medico]

On 09/30/2010 09:40 AM, Samuli Suominen wrote:
> Get Portage 2.2_rcX (with preserved-libs) feature released into ~arch. ;-)

We probably won't be able to stabilize portage-2.2 at the same time
as openssl, so we should probably be thinking of more short-term
solutions if this openssl thing is a real problem.
-- 
Thanks,
Zac

Re: [gentoo-dev] openssl and preserve_old_lib_notify pitfall

[Zac Medico]

On 09/30/2010 09:31 AM, Andreas K. Huettel wrote:
> 
> Hi, 
> 
> Just by accident I noticed during emerge something that may lead to major confusion: the just stabilized openssl-1.0.0-r3 contains the following code:
> 
> pkg_postinst() {
>         ...
>         has_version ${CATEGORY}/${PN}:0.9.8 && return 0
>         preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
> }
> 
> However, portage in my case first updated openssl (slot 0) from 0.9.8 to this version, _printing out the preserve_old_lib_notify message_, and then afterwards installed openssl-0.9.8o-r2.

The preserve_old_lib_notify message in postinst is invalid if the
package doesn't actually own the file. It would be safer to check
for the file in $D during preinst than to check in $ROOT in postinst
like that function does.

Also, if the openssl-0.9.8o-r2 gets pulled in later then it should
bail out due to a file collision, since it's not allows for two
different SLOTs to install the same file(s).

> Net result: if I had relied on the elog messages alone, I would have messed up my system by deleting the required files from openssl:0.9.8...
> 
> I have no clue how this could be improved, though. Any ideas?
> 
> Cheers, Andreas
> 


-- 
Thanks,
Zac

Re: [gentoo-dev] openssl and preserve_old_lib_notify pitfall

[Samuli Suominen]

On 09/30/2010 08:25 PM, Zac Medico wrote:
> On 09/30/2010 09:40 AM, Samuli Suominen wrote:
>> Get Portage 2.2_rcX (with preserved-libs) feature released into ~arch. ;-)
> 
> We probably won't be able to stabilize portage-2.2 at the same time
> as openssl, so we should probably be thinking of more short-term
> solutions if this openssl thing is a real problem.

The same scenario is present in jpeg and libpng too, or any other
package which is slotted and uses preserve_old_lib.

(I wasn't serious about the 2.2 thing with that ;-)

Re: [gentoo-dev] openssl and preserve_old_lib_notify pitfall

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 1049 bytes --]

On Thursday, September 30, 2010 12:31:16 Andreas K. Huettel wrote:
> Just by accident I noticed during emerge something that may lead to major
> confusion: the just stabilized openssl-1.0.0-r3 contains the following
> code:

fix your e-mail client.  its line wrapping is broken.

> pkg_postinst() {
>         ...
>         has_version ${CATEGORY}/${PN}:0.9.8 && return 0
>         preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
> }
> 
> However, portage in my case first updated openssl (slot 0) from 0.9.8 to
> this version, _printing out the preserve_old_lib_notify message_, and then
> afterwards installed openssl-0.9.8o-r2.

are you sure openssl-1 didnt also take care of preserving the library ?  look 
at the contents of openssl-1.

> Net result: if I had relied on the elog messages alone, I would have messed
> up my system by deleting the required files from openssl:0.9.8...

you may have broken one or two *binary only* packages, but this hardly 
classifies as "messed up my system".
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-dev] openssl and preserve_old_lib_notify pitfall

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 835 bytes --]

On Thursday, September 30, 2010 13:32:07 Zac Medico wrote:
> The preserve_old_lib_notify message in postinst is invalid if the
> package doesn't actually own the file. It would be safer to check
> for the file in $D during preinst than to check in $ROOT in postinst
> like that function does.

that isnt how it works.  the libs being preserved specifically are not part of 
$D (not installed by src_install) and so there is no reference to check 
against in pkg_preinst.  only $ROOT.

> Also, if the openssl-0.9.8o-r2 gets pulled in later then it should
> bail out due to a file collision, since it's not allows for two
> different SLOTs to install the same file(s).

if "by later" you mean "a different emerge at a later point in time", then the 
user did not read / follow his log, so end game there is PEBKAC
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]