On Thu, 2021-08-19 at 13:57 +0200, Chris Hofstaedtler wrote: > Hi, > > I intend to re-enable dm-verity support in util-linux soon. > Remember, last time this broke lots of applications linking JSON > libraries or OpenSSL. > > To quote Simon's list: > > Some possible angles to attack this from: > > > - not enabling the feature > > > > - enabling the feature, but via dlopen rather than linking libcryptsetup > > normally (the developer who added verity support to util-linux seemed > > to be in favour of this, although I've lost the relevant tab and can't > > find a URL right now, sorry) > > > > - enabling the feature, but via invoking a helper subprocess > > > > - json-c, libjansson and json-glib *all* gaining versioned symbols > > (but the maintainer of json-glib has previously rejected requests to > > add versioned symbols, and this doesn't work unless all three libraries > > do it) > > > > - at least two of json-c, libjansson and json-glib renaming their public > > symbols (the maintainer of json-glib already rejected this, and > > the maintainers of the others are likely to be equally reluctant to > > break ABI) > > > > - GLib moving from normal linking of libmount to dlopen with RTLD_LOCAL > > in order to mitigate this by not pulling libmount into everything in > > the GLib/GNOME/MATE/Cinnamon/XFCE/LXDE ecosystem > > (but the GLib upstream maintainers don't like this idea and think > > low-level libraries like libmount should avoid gaining significant > > dependencies, instead) > > > > - changing how Steam links OpenSSL (we cannot do this unilaterally, only > > its upstream maintainers can; I've raised this upstream with various > > suggestions, but it would involve significant restructuring, so don't > > expect immediate results) > > > > - changing how other proprietary binary-only software like Minecraft > > links OpenSSL (we cannot do this unilaterally, only its upstream > > maintainers can) > > I believe Simon has fixed the json library issues in buster. I don't > know if libcryptsetup is now used using dlopen? > > What do you all think? Will we see crashes in third party software > (Steam, et al) again? > > Looking forward to any feedback you might have, > Chris
Hi, Thank you for looking into this! util-linux's libmount can use dlopen since last year and a few releases ago, so that only if this specific feature is requested by the mount command line options, then libcryptsetup is loaded. The MR I opened some time ago on Salsa enables it as such: https://salsa.debian.org/debian/util-linux/-/merge_requests/16 -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part