Hi Helmut Am 25.07.25 um 00:18 schrieb Helmut Grohne:
I understand that having libsystemd-shared and systemctl can be upgraded separately and that doing so results in yet another window where systemctl is dysfunctional. The problem reported here is about systemctl linking libcrypto.so.3 however. Both bookworm and trixie do that. Therefore my understanding is that the aforementioned commit does not cause the libcrypto.so.3 linkage that is the problem here. Conversely, reverting it will not remove libcrypto.so.3 and therefore will not help with the t64-induced library rename.What I'm trying to argue here is that even if reverting it improves robustness in some way, it does not improve robustness regarding libssl3 to libssl3t64 upgrades. Do you concur here?
My hope was, that the systemctl dependencies would be significantly trimmed down but it seems we regressed in that regard already in bookworm. In bullseye e.g. systemctl didn't link against libcrypto:
bullseye# ldd /bin/systemctl
/lib64/ld-linux-x86-64.so.2 (0x00007fb9862de000)
libblkid.so.1 => /usr/lib/x86_64-linux-gnu/libblkid.so.1
(0x00007fb98602a000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb985d12000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fb985c74000)
libgcrypt.so.20 => /usr/lib/x86_64-linux-gnu/libgcrypt.so.20
(0x00007fb985f0a000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0
(0x00007fb985c4e000)
liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1
(0x00007fb986156000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007fb986179000)
libpcre2-8.so.0 => /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0
(0x00007fb985c7a000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007fb985ee6000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1
(0x00007fb9861a1000)
libzstd.so.1 => /usr/lib/x86_64-linux-gnu/libzstd.so.1
(0x00007fb98607b000)
linux-vdso.so.1 (0x00007fb9862dc000)
bookworm# ldd /bin/systemctl
/lib64/ld-linux-x86-64.so.2 (0x00007f4564160000)
libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1
(0x00007f4563d87000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f456341f000)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007f4563fff000)
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
(0x00007f4563600000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20
(0x00007f4563c40000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0
(0x00007f4563b19000)
liblz4.so.1 => /lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f4563f7c000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f4563fa2000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f4563dde000)
libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1
(0x00007f4563bdd000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0
(0x00007f4563b41000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1
(0x00007f4563fd1000)
libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f4563ec0000)
linux-vdso.so.1 (0x00007f456415e000)
systemctl gained a libcap, libcrypto, libm and libmount dependency.
trixie# ldd /bin/systemctl
/lib64/ld-linux-x86-64.so.2 (0x00007f4cd9b29000)
libacl.so.1 => /lib/x86_64-linux-gnu/libacl.so.1 (0x00007f4cd9acb000)
libaudit.so.1 => /lib/x86_64-linux-gnu/libaudit.so.1
(0x00007f4cd9299000)
libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1
(0x00007f4cd9a6b000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f4cd940a000)
libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0
(0x00007f4cd9a3f000)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007f4cd9a5f000)
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
(0x00007f4cd93ce000)
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
(0x00007f4cd8c00000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f4cd8b10000)
libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1
(0x00007f4cd9352000)
libpam.so.0 => /lib/x86_64-linux-gnu/libpam.so.0 (0x00007f4cd9a4b000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0
(0x00007f4cd8997000)
libseccomp.so.2 => /lib/x86_64-linux-gnu/libseccomp.so.2
(0x00007f4cd9324000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1
(0x00007f4cd92f0000)
libsystemd-shared-257.so =>
/usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-257.so (0x00007f4cd9600000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f4cd92d0000)
libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007f4cd8a46000)
linux-vdso.so.1 (0x00007f4cd9b27000)
systemctl (also via libsystemd-shared) gained a libacl, libaudit, libblkid, libcap-ng, libcrypt, libpam and libseccomp dependency.
Building systemd with -Dlink-systemctl-shared=false (in trixie) results in
trixie-shared_false# ldd /bin/systemctl
/lib64/ld-linux-x86-64.so.2 (0x00007fc5348b8000)
libblkid.so.1 => /lib/x86_64-linux-gnu/libblkid.so.1
(0x00007fc53457d000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fc533c0a000)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007fc534701000)
libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3
(0x00007fc533e00000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fc5345dd000)
libmount.so.1 => /lib/x86_64-linux-gnu/libmount.so.1
(0x00007fc534501000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0
(0x00007fc534450000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1
(0x00007fc5346cd000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fc533bea000)
libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007fc533b20000)
linux-vdso.so.1 (0x00007fc5348b6000)
The list of dependencies shrinks significantly, but you are right, libcrypto does not go away. So it's not immediately obvious, if that change would help or not. It might still have an influence as libcrypto (libssl3t64) would be pulled into the Pre-Depends set:
Pre-Depends: libblkid1 (>= 2.30.2), libc6 (>= 2.39), libcap2 (>= 1:2.10), libmount1 (>= 2.30), libselinux1 (>= 3.1~), libssl3t64 (>= 3.0.0)
Michael
OpenPGP_signature.asc
Description: OpenPGP digital signature
