--On Tuesday, February 07, 2017 2:33 PM -0800 Alice Wonder <alice at domblogger.net> wrote:> What I mean is this - my LibreSSL package installs in /usr and not in > /opt and that is intentional, so that it is not possible to have both > opennsl-devel and libressl-devel installed at the same time, since they > both are the same API.That's the very problem that Software Collections endeavors to solve. If you install a non-standard package that conflicts with OS defaults, install it as a collection so that end users can choose whether to use the enhancement or the default, on a per-session basis.> But if LibreSSL was in /opt then RPM would have no problem having both > libressl-devel and openssl-devel installed at the same time, and the > build of PHP could potentially result in mixed implementation of the > OpenSSL API - e.g. PHP is linked against LibreSSL but also is linked > against Net-SNMP which is linked against OpenSSL - so that the dynamic > loader then loads two shared libraries that provide the same API.Does Net-SNMP expose the libraries and API it depend on? Does the loader only link on API signature or does it also look at the library name? Does Net-SNMP fail if it was built against OpenSSL but is loaded with LibreSSL? --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
On 02/08/2017 06:05 PM, Kenneth Porter wrote:> --On Tuesday, February 07, 2017 2:33 PM -0800 Alice Wonder > <alice at domblogger.net> wrote: > >> What I mean is this - my LibreSSL package installs in /usr and not in >> /opt and that is intentional, so that it is not possible to have both >> opennsl-devel and libressl-devel installed at the same time, since they >> both are the same API. > > That's the very problem that Software Collections endeavors to solve. If > you install a non-standard package that conflicts with OS defaults, > install it as a collection so that end users can choose whether to use > the enhancement or the default, on a per-session basis.Does that mean you end up needing to manage crazy long PATH variables?> >> But if LibreSSL was in /opt then RPM would have no problem having both >> libressl-devel and openssl-devel installed at the same time, and the >> build of PHP could potentially result in mixed implementation of the >> OpenSSL API - e.g. PHP is linked against LibreSSL but also is linked >> against Net-SNMP which is linked against OpenSSL - so that the dynamic >> loader then loads two shared libraries that provide the same API. > > Does Net-SNMP expose the libraries and API it depend on? Does the loader > only link on API signature or does it also look at the library name? > Does Net-SNMP fail if it was built against OpenSSL but is loaded with > LibreSSL?As far as I can tell PHP built against LibreSSL works just fine running with the net-snmp bindings built against OpenSSL however there was a warning in the system log from ld when I tried it.> > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
--On Wednesday, February 08, 2017 7:25 PM -0800 Alice Wonder <alice at domblogger.net> wrote:> As far as I can tell PHP built against LibreSSL works just fine running > with the net-snmp bindings built against OpenSSL however there was a > warning in the system log from ld when I tried it.There should only be a problem if Net-SNMP depends on bugs in the OpenSSL implementation. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
> > > > That's the very problem that Software Collections endeavors to solve. If > > you install a non-standard package that conflicts with OS defaults, > > install it as a collection so that end users can choose whether to use > > the enhancement or the default, on a per-session basis. > > Does that mean you end up needing to manage crazy long PATH variables?Manage in what way? The SCL can be used in a number of ways. Most people do it by invoking a shell preconfigured with the correct environment by doing something like scl enable devtoolset-3 bash exiting out of the shell obviously restores your original environment. You can start programs other than a shell in the same way. There is also the option of running the collection's enable script to set up the environment in the current shell. e.g. /opt/rh/devtoolset-3/enable but there is no easy of removing the environment other than restarting the shell. There's information on the RH website about software collections and how to package things properly and how to convert spec files etc. etc. P.