Bug 527867
Summary: | nss-softokn.x86_64 satisfies nss.i686 requires | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jens Petersen <petersen> |
Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | emaldona, kdudka, kengert, rrelyea, wtc |
Target Milestone: | --- | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-12-05 21:25:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Jens Petersen
2009-10-08 01:31:13 UTC
The nss package requires nss-softokn and it seems that both nss-softokn.x64-64 and nss-softokn.i686 fullfull the implicit provides nss-softokn. A possible solution would be to change the line Requires: nss-softokn >= %{nss_softokn_version} to Requires: nss-softokn%{_isa} >= %{nss_softokn_version} Please try the scratch build with such changes at http://koji.fedoraproject.org/koji/taskinfo?taskID=1738172 If it works I would still like to have Bob or Kai review such changes. Created attachment 364259 [details]
changes to ensure nss-softokn and nss-util have the same %{_isa} as nss (#527867)
> Requires: nspr >= %{nspr_version}
Does this also need the %{_isa} treatment?
Could you check the spec files for the other nss-related
changes, such as nss-softokn, nss-softokn-freebl,
nss-util, and nss-tools? Thanks.
(In reply to comment #3) nspr does not need the %{_isa} treatment, nor does %{nss_util} or any other package or subpackage. This attempt doesn't work. I installed google-crome-unstable on an x86_64 F-12 system and it pulled the i686 versions of nspr, nss, nss-util, and nss-softokn-freebl but it didn't pulled nss-softokn. To my surprise it pulls in the i686 nss-softokn-freebl which now is a subpackage of nss-softokn but not the latter. I still don't have an explanation for this. Once there is an x86_64 build of google-chrome it won't be a problem. Even so it would be nice to understand why a package's 32-bit version isn't pulled in while one of its subpackages is. I'm out ths week so I won't be able to pursue this for a while. I am guessing there is no explicit library dependency and that is why rpm thinks x86_64 is good enough? Otherwise sounds like an extra rpm bug... How about making nss.i686 require nss-softokn(x86-32) like spot's chromium does for nss-mdns as a workaround? An x86_64 build of google-chrome will merely hide this bug. The bug still exists that a 32-bit NSS-based application may not pull in the i686 version of nss-softokn on an x86_64 Fedora 12 system Yes, this will not be a problem once chrome has an x86_64 version but will continue to be a problem for 32-bit-only NSS clients. The problem is related to dynamic linking. NSS, actually nss-softoken in F12, has three libraries which are signed. These are freebl3.so, softokn3.so, and nssdbm3.so. We black list them in /etc/prelink.d/nss-softokn.conf so prelink will not touch them. We also rely on dynamic linking annd document that client code rely on dynamic linking. In our the makefiles there is no -lsoftokn3 nor -lfreebl3 nor -lnssdm3 option so. That way client code can still be processed by prelink without any errors caused by the fact that libraries that they depend on aren't prelinked. The fact that thre aren't visible traces of the dependency I believe is what's causing yum/rpm not to bring in nss-softokn. The fact that when google-chrome 32-bit was installed and nss i686 but was pulled in and consequently nss-softoken-freebl was also pulled in whereas nss-softokn wans't caused me surprise as I had mentioned. It so happens that glibc still links statically with nss-softokn-freebl and that explains why nss-softokn-freebl that's show the problem. I think my earlier attempt at a solution: having in the nss.spec Requires: nss-softokn%{_isa} >= %{nss_softokn_version} will be a good work-around. It didn't work before because it was a scratch buld and yum couldn't find it anywher to bring down. I just have to place it in a repository for it to work and will work on this next. Can't make an F12 normal build yet as we are in Beta stage but will post one in my own repository. As google-chrome-unstable isn't currently available I have tried using the fedora one descrived here http://rajaseelan.com/2009/07/04/how-to-install-google-chrome-in-fedora-10-or-fedora-11/. This one seems to ne synchronized nightly with google's. I am running on an x86_64 based system get the 32-bit version I installe using 'yum install chromium.i686'. Here's what I see <clipped> Installing: chromium i686 4.0.220.0-0.1.20090930svn27599.fc12 chromium 7.8 M Installing for dependencies: <clipped> nspr i686 4.8-2.fc12 rawhide 105 k nss i686 3.12.4-14.fc12 rawhide 715 k nss-mdns i686 0.10-8.fc12 rawhide 22 k nss-softokn i686 3.12.4-10.fc12 rawhide 159 k nss-softokn-freebl i686 3.12.4-10.fc12 rawhide 104 k nss-util i686 3.12.4-8.fc12 rawhide 42 k rawhide 69 k <clipped> It's pulling in nss-softokn now. I haven't made my planned nss changes yet. Have there been any changes in google-chrome to work around this problem? Created attachment 365633 [details]
softoken client application repo
This is for testing the bug and the proposed fix. Copy this to /etc/yum.repos.d. It will allow you to install softokeninfo, an application that calls softokn directly. It's just shlibsign renamed. Only the i686 part of client.repo is enabled so we can see the problem. Execute
'sudo yum install softokeninfo'.
Examine the results and answer N at the prompt. Near the bottom you should see something like this (I removed white space so it fits here)
.....
Installing:
softokeninfo i686 1-1 client 11 k
Installing for dependencies:
glibc i686 2.10.90-25 rawhide 4.5 M
nspr i686 4.8-2.fc12 rawhide 105 k
nss i686 3.12.4-14.fc12 rawhide 715 k
nss-softokn-freebl i686 3.12.4-10.fc12 rawhide 104 k
nss-util i686 3.12.4-8.fc12 rawhide 42 k
...
nss-softokn i686 is not listed, that's the problem. The next attachment will show the fix.
Created attachment 365635 [details]
repo file so you can install nss with the fix from my repo
Copy this file to /etc/yum.repos.d. This makes the nss build available from the testing yum repository. Execute
sudo yum install softokeninfo as before. This time the output should look like this (lines omitted and spaces deleted for clarity)
.....
Installing:
softokeninfo i686 1-1 client 11 k
Installing for dependencies:
glibc i686 2.10.90-25 rawhide 4.5 M
ncurses-libs i686 5.7-3.20090207.fc12 rawhide 235 k
nspr i686 4.8-2.fc12 rawhide 105 k
nss i686 3.12.4-14.1.fc12 nss 714 k
nss-softokn i686 3.12.4-10.fc12 rawhide 159 k
nss-softokn-freebl i686 3.12.4-10.fc12 rawhide 104 k
nss-util i686 3.12.4-8.fc12 rawhide 42 k
readline i686 6.0-3.fc12 rawhide 169 k
...
nss-softokn i686 is now pulled in as desired.
Created attachment 365636 [details]
Proposed spec file changes
Comment on attachment 365636 [details]
Proposed spec file changes
Requesting Kai's review on this change.
Comment on attachment 365636 [details] Proposed spec file changes >-Release: 14%{?dist} >+Release: 14.1%{?dist} I think 14.1{?dist} may be smaller than 14 I think you must either use 15{?dist} or 14{?dist}.1 >-Requires: nss-softokn >= %{nss_softokn_version} >+Requires: nss-softokn%{_isa} >= %{nss_softokn_version} Sounds absolutely reasonably to me, after reading http://www.rpm.org/wiki/PackagerDocs/ArchDependencies > > %changelog >+* Tue Oct 20 2009 Elio Maldonado<emaldona> - 3.12.4-14.1 Don't forget this when you fix it :-) This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping nss-3.12.5-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/nss-3.12.5-2.fc12 |