Ticket #19 (closed defect: fixed)
Treatment of bundled libraries
|Reported by:||toshio||Owned by:||spot|
When we deal with bundled libraries there's some ambiguity as to what changes represent "unbundling". The changes may also differ between programming languages.
First the options that I see in descending order of intrusiveness into the package:
- Delete the bundled libraries from the binary rpm so they aren't installed (Note: this would probably never go upstream as is whereas the next two could.)
- Make sure that if bundled libraries are present in the final installed rpm that:
- They are not used by the rpm package
- They are marked private in some way so that they are not used by other rpm packages
- Make sure that if bundled libraries are present in the final installed rpm that they are not used by the rpm package
Here's a case in a python application that bundles but does so compliant to option #2 https://bugzilla.redhat.com/show_bug.cgi?id=549405
In this case, upstream is providing pieces of the python stdlib that may not be present on older versions of python. They mark the copied stdlib modules as private by prepending with a leading underscore. When run on a new enough python, the stdlib version of the module is imported rather than the bundled version. As a tangent, this upstream has set up importing of the modules so that they only have to make the check for stdlib modules in one place. Other upstreams I've seen have made the check each place that the module is imported which can lead to inadvertant use of the bundled module if they forget to make the check.
In the case of other languages, it depends on whether the languages provide a means of conditionally loading the bundled library vs the system library if present and if they provide a means of marking the bundled library private. For C libraries, for instance, I think this would require storing the module in a directory outside of the standard library path and also dlopening the bundled library if the program fails to dlopen the library from the standard library path. Writing this from scratch for C libraries and passing it to upstream is likely to be much more intrusive than writing something like the above python application does and hence less likely to be accepted by upstream. Upstream for C applications normally accept patches to choose the system library or bundled library at buildtime instead of runtime so doing the runtime detection also doesn't make as much sense there as for python.
I'll send email to the packaging list for feedback on this and we can discuss it in an fpc meeting afterwards.