On 03/02/10 09:33, Nagy Gabor wrote:
On 02/02/2010 09:13 PM, Nagy Gabor wrote:
This is not the competent ML to decide if ArchLinux's repos should use
these flags, personally I have some concerns about db.tar.gz size. (That
needs testing, which requires patched makepkg, too.)
I've repacked core and the results are quite good:
core.db.tar.gz from 35KB to 40KB
unpacked db from 2.1MB to 2.2MB
Here is a little explanation for this nice result:
Florian's patch puts a library into sodepends iff the .so file is owned
by one of its _direct_ dependencies (optdepends are omitted). That is
why the "sodepends" array is shorter than expected (by me).
You may say this method is not as safe as it should be, but imho it
is safe enough (if the user doesn't use the -d switch, of course):
For example, yesterday I broke all my gtk2 packages due to my custom
cairo build (I should have rebuild it with recent libpng). With
soprovides/sodepends enabled, pacman would catch the broken
cairo-cleartype->libpng dependency in the firefox->gtk2->cairo->libpng
dependency chain. So in sum, sodepends/soprovides trick is just ensures
that all "normal" dependencies are not broken in .so level neither.
Moreover, due to this feature, distros can introduce
sodepends/soprovides step-by-step (without rebuilding all packages in
the repo), or they can limit this feature to some "critical" packages.
Basically, +1 for implementing this to makepkg and use this in
ArchLinux's repos. (Although this ML is not competent ;-)
I can see only one edge case that should be addressed (that's why I'm
writing this e-mail): Dependencies can be satisfied via provision. What
to do then? (That is not handled at all atm.)
I will have a decent look into that patch later, but I still think it is
a bit of a false sense of security.
e.g readline-6.0 and readline-6.1 both provide libreadline.so.6.
However, building bash against readline-6.1 and running against
readline-6.0 results in a non-booting system... (Trust me, I got the
bug reports). If this approach does not work for even one of the most
critical pair of packages on a system, then I do not see what we are
gaining.
Finally, this would prevent proper upgrades to partially complete
rebuilds. That is fine for some users who would like such things, but
the people doing and testing a rebuild would have issues. I upgraded
the libpng/libjpeg rebuild packages while there were still several
packages needing to be rebuilt for my system. With this patch, I would
be required to do an incredibly stupid "pacman -Syud".
Allan
