On Sun, Oct 2, 2016 at 9:54 AM, Michael Orlitzky <m...@gentoo.org> wrote: > On 10/02/2016 01:18 AM, meino.cra...@gmx.de wrote: >> >> One curious question remains: >> If -as-needed is included, all libs will be "delinked" :), which >> are not used...so I am throwing away stuff, which no code calls: >> WHY should this cause trouble? >> Or is it again oversimplified by me? :) ;) 8) >> > > Suppose I write a program called "foo" and a library that it uses called > "libfoo". If the libfoo library uses OpenSSL and the main executable has > -lssl in its link command, everything will work fine by default. But, if > you add --as-needed to your linker flags and don't specifically link > libfoo against OpenSSL, the result will be underlinked. >
Typically the problems that come up result from using a library without explicitly linking it, assuming that it will be there because something else will pull it in. There may be niche situations where problems are unavoidable, but for the most part it comes down to always passing libraries to the linker if you use them. In Gentoo lowering the number of unnecessary linked libraries is highly desirable, because anytime one of those libraries changes its SONAME any packages that use it must be rebuilt. When you have a lot of overlinking that greatly increases the amount of rebuilding you end up with, and more circular dependency issues and such, etc. This is why --as-needed became the default (after a lot of build system fixing). Gentoo has a tendency to find bugs in build systems because we run them in a variety of environments/etc. Binary distros can afford to just fuss with it until they somehow manage to get something built, and then forget about it. That said, some distros have better tools for finding missing dependencies, like blocking access to files that aren't part of a declared dependency during the build process. I've looked at the portage jail and that actually wouldn't be hard to add to Gentoo. Right now portage configures the jail to give read access to everything by default. If you disabled that you could instead pass a configuration that explicitly gives read access to every single file in the build dependencies (and @system I suppose), and denied everything else. Implementation is left as an exercise to the reader. -- Rich
