[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: New dependency system.

Stefano Zacchiroli a écrit :
> [...]  In practice however, dh_ocaml computes a single
> ABI checksum for all binary packages of a given source package and use
> that checksum for the Provides of all binary packages. So, even packages
> containing only C stubs have their checksum.

No. dh_ocaml computes a checksum per libxxx/libxxx-dev pair (or per
libxxx-dev if there is no libxxx counterpart), by looking at the ABI of
whatever is shipped by both of them. Have a look at lablgtk2, for example.

If we assume that users of a library which uses C part interacts with it
only via the ML interface (i.e. not declaring external that they don't
own), then we can reduce the ABI of a C stub library to the ABI of the
ML interfaces that give access to it. That's what is done in dh_ocaml.

> Stephane show that we have a probability of collision of about 1.6e-8,
> the probability of a dumb upstream author of releasing a new C library
> breaking ABI without bumping the soname is waaaay higher than that :-))

Indeed :-)

> [1] Actually, this is rather interesting. I'm surprised that upstream
>     has never thought about this: it would be terribly useful to store
>     in some part of the .so a checksum which is verified at runtime
>     before loading the .so. I guess there is a technical reason for not
>     having done that, but I can't find exactly which at the moment.

For the same reason as above, adding such checksums would be pointless
(IMHO).

-- 
Stéphane
Reply to: