On Thu, 19 Aug 2021 at 13:57:30 +0200, Chris Hofstaedtler wrote: > What do you all think? Will we see crashes in third party software > (Steam, et al) again?
If libcryptsetup is opened with dlopen then that's probably OK. If libcryptsetup is opened with an ordinary DT_NEEDED dependency, I think we are going to see crashes again. > To quote Simon's list: > > - enabling the feature, but via dlopen rather than linking libcryptsetup > > normally (the developer who added verity support to util-linux seemed > > to be in favour of this, although I've lost the relevant tab and can't > > find a URL right now, sorry) This appears to have been implemented since v2.36 if you build --with-cryptsetup=dlopen, although it is documented as a "temporary workaround" in the release notes. > > - json-c, libjansson and json-glib *all* gaining versioned symbols > > (but the maintainer of json-glib has previously rejected requests to > > add versioned symbols, and this doesn't work unless all three libraries > > do it) json-c and json-glib have been fixed, but libjansson has not. So this will maybe be OK if json-c (used by libcryptsetup) and json-glib end up in the same process, but it will not be OK if json-c and libjansson end up in the same process. libjansson has been fixed upstream, but the fixed version has not been released. https://bugs.debian.org/966398, https://github.com/akheron/jansson/issues/523 For this to have an effect, programs and "larger" libraries that use json-c and json-glib (and libjansson, if fixed) also need to have been recompiled since the versioned symbols were introduced. > > - at least two of json-c, libjansson and json-glib renaming their public > > symbols I think we can safely say this will not happen. > > - GLib moving from normal linking of libmount to dlopen with RTLD_LOCAL I don't think this will happen either. > > - changing how Steam links OpenSSL (we cannot do this unilaterally, only > > its upstream maintainers can) I tried, but this has not happened successfully. Reading between the lines, I think the build system for the proprietary parts of Steam might be too spaghetti to make this straightforward. smcv
