Bug 1166012

OK... the idea with symlinks/hardlinks is dead:
-- snip --
[root@cisco-b22m3-01 ~]# ln /usr/lib64/libkadm5clnt_mit.so.9 /usr/lib64/libkadm5clnt_mit.so.8
[root@cisco-b22m3-01 ~]# ln /usr/lib64/libkadm5clnt_mit.so.9.0 /usr/lib64/libkadm5clnt_mit.so.8.0
[root@cisco-b22m3-01 ~]# yum install http://yum.theforeman.org/releases/1.7/el7/x86_64/rubygem-rkerberos-0.1.3-2.1.el7.x86_64.rpm
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repository 'adelton-identity' is missing name in configuration, using id
rubygem-rkerberos-0.1.3-2.1.el7.x86_64.rpm                                                                               |  28 kB  00:00:00     
Examining /var/tmp/yum-root-5uGpwc/rubygem-rkerberos-0.1.3-2.1.el7.x86_64.rpm: rubygem-rkerberos-0.1.3-2.1.el7.x86_64
Marking /var/tmp/yum-root-5uGpwc/rubygem-rkerberos-0.1.3-2.1.el7.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package rubygem-rkerberos.x86_64 0:0.1.3-2.1.el7 will be installed
--> Processing Dependency: libkadm5clnt_mit.so.8(kadm5clnt_mit_8_MIT)(64bit) for package: rubygem-rkerberos-0.1.3-2.1.el7.x86_64
--> Processing Dependency: libkadm5clnt_mit.so.8()(64bit) for package: rubygem-rkerberos-0.1.3-2.1.el7.x86_64
--> Finished Dependency Resolution
Error: Package: rubygem-rkerberos-0.1.3-2.1.el7.x86_64 (/rubygem-rkerberos-0.1.3-2.1.el7.x86_64)
           Requires: libkadm5clnt_mit.so.8()(64bit)
Error: Package: rubygem-rkerberos-0.1.3-2.1.el7.x86_64 (/rubygem-rkerberos-0.1.3-2.1.el7.x86_64)
           Requires: libkadm5clnt_mit.so.8(kadm5clnt_mit_8_MIT)(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest-- snip --
-- snip --

... so we're back to the options of ...
1. ... not using private APIs
    OR
2. ... undo the SONAME change

There is another option, ship both version 8 and 9 of the library, but it will require some work on the build side.
If it is too much I suggest we roll back the SONAME change with a downstream patch.

I think there really is no chance other than providing a version 8 library because the version information is added:

objdump -T /usr/lib64/gems/ruby/rkerberos-0.1.3/lib/rkerberos.so|grep kadm
0000000000000000      DF *UND*	0000000000000000  kadm5clnt_mit_8_MIT kadm5_get_principals
0000000000000000      DF *UND*	0000000000000000  kadm5clnt_mit_8_MIT kadm5_init_with_skey
0000000000000000      DF *UND*	0000000000000000  kadm5clnt_mit_8_MIT kadm5_modify_policy
...

To fix this you might want to try to

cp -a src/lib/kadm5/clnt src/lib/kadm5/clnt8
sed -i -e 's/LIBMAJOR=9/LIBMAJOR=8/' src/lib/kadm5/clnt8/Makefile.in
sed -i -e 's/SUBDIRS = clnt srv unit-test/SUBDIRS = clnt8 clnt srv unit-test/' lib/kadm5/Makefile.in
(I have not tested it, but I hope the idea is obvious)

before calling configure in the spec file.

HTH

bye,
Sumit

(In reply to Sumit Bose from comment #19)
> I think there really is no chance other than providing a version 8 library
> because the version information is added:
> 
> objdump -T /usr/lib64/gems/ruby/rkerberos-0.1.3/lib/rkerberos.so|grep kadm
> 0000000000000000      DF *UND*	0000000000000000  kadm5clnt_mit_8_MIT
> kadm5_get_principals
> 0000000000000000      DF *UND*	0000000000000000  kadm5clnt_mit_8_MIT
> kadm5_init_with_skey
> 0000000000000000      DF *UND*	0000000000000000  kadm5clnt_mit_8_MIT
> kadm5_modify_policy
> ...

Yes... I figured that out earlier today...
... I'm currently testing the following change:
-- snip --
--- a/src/lib/kadm5/clnt/Makefile.in
+++ b/src/lib/kadm5/clnt/Makefile.in
@@ -4,7 +4,7 @@ LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
 DEFS=
 
 LIBBASE=kadm5clnt_mit
-LIBMAJOR=9
+LIBMAJOR=8
 LIBMINOR=0
 STOBJLISTS=../OBJS.ST OBJS.ST
 SHLIB_EXPDEPS=\
-- snip --
(and curse the situation).

> To fix this you might want to try to> 
> cp -a src/lib/kadm5/clnt src/lib/kadm5/clnt8
> sed -i -e 's/LIBMAJOR=9/LIBMAJOR=8/' src/lib/kadm5/clnt8/Makefile.in
> sed -i -e 's/SUBDIRS = clnt srv unit-test/SUBDIRS = clnt8 clnt srv
> unit-test/' lib/kadm5/Makefile.in
> (I have not tested it, but I hope the idea is obvious)
> 
> before calling configure in the spec file.

Thanks... but for now I just roll back the library version change... I'm already 80% done with testing...

BTW: A 3rd option would be symbol filters/redirection, e.g. see http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libcmd/mapfile-vers#104 ... in our case we would have a library libkadm5clnt_mit.so.8 which redirects all symbol accesses to libkadm5clnt_mit.so.9 (this would prevent any code/symbol duplication) ... but I am not sure whether the GNU linker supports this feature.

I see that the new version of krb5-libs provides libkadm5clnt_mit.so.8 (!version 8) and libkadm5srv_mit.so.9 (!version 9).

# rpm -qp --provides krb5-libs-1.12.2-13.el7.x86_64.rpm |grep libkadm5
libkadm5clnt_mit.so.8()(64bit)
libkadm5clnt_mit.so.8(HIDDEN)(64bit)
libkadm5clnt_mit.so.8(kadm5clnt_mit_8_MIT)(64bit)
libkadm5srv_mit.so.9()(64bit)
libkadm5srv_mit.so.9(HIDDEN)(64bit)
libkadm5srv_mit.so.9(kadm5srv_mit_9_MIT)(64bit)

Is this intentional, e.g. not decreasing the version for srv too? I know that this is basically only playing with numbers, nothing really changed, but I'd like to double check that this is really what we want.

(In reply to Patrik Kis from comment #22)
[snip]
> Is this intentional, e.g. not decreasing the version for srv too? 

Per krb5 upstream the srv libraries were not touched by the specific commit which caused our trouble...

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0439.html