[SOLVED] Reinstall package if upgrading only a dependency
Linux From ScratchThis Forum is for the discussion of LFS.
LFS is a project that provides you with the steps necessary to build your own custom Linux system.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Maybe this is a noob question but I am still curious: if I only needed to upgrade a dependency of a package, would I have to reinstall that particular package for changes to be put into effect? For example, I need to upgrade NSS for security reasons but FireFox depends on NSS, so would I need to reinstall FireFox?
I'm not sure if I fully understand how dependencies work but in my mind, if there are problems/holes in a dependency, wouldn't that imply the same for the other package that depends on it? Or are they separate entities and all links/paths immediately get updated?
I should probably know the answer to this question as I have a suspicion that I wouldn't have to reinstall the other package, but I am not confident in my reasoning and would like to check with someone who knows as I am still learning.
Last edited by budrz89; 05-21-2020 at 06:53 PM.
Reason: For clarification
It depends. Sometimes, e.g. when the soname of a library changes you'll need to rebuild all the packages depending on that library.
This is where the difference between LFS and a distro relying on a package management system really comes to light. Such systems conventionally record versioned dependencies into the package and will force you to reinstall dependent packages if needed. OTOH, in LFS you're on your own. You'll need to investigate yourself what has changed in NSS and how it can affect its compatibility with your Firefox build. A simple security fix most probably won't.
That said, rebuilding Firefox won't hurt. You'll stay on the safe side this way, and it's an piece of software that needs to be updated frequently anyway. But this can quickly become a royal PITA when a library like Glibc that a lot of stuff depends on, gets an upgrade.
I'm not sure if I fully understand how dependencies work but in my mind, if there are problems/holes in a dependency, wouldn't that imply the same for the other package that depends on it? Or are they separate entities and all links/paths immediately get updated?
If it's a library (and most dependencies are libraries), it works through two symbolic links. There is libfoo.so (the linkname) and that is what the program is actually built against. libfoo.so points to libfoo.so.x (the soname), which in turn points to the actual library libfoo.so.x.y.z. So as long as x doesn't change (i.e. it's not a new major version), the linkname doesn't need to be updated.
For example, I need to upgrade NSS for security reasons but FireFox depends on NSS, so would I need to reinstall FireFox?
That, in fact, is a bad example as Firefox contains its own internal nss, so is not dependant on the nss package. And in fact most nss updates do not force recompilations as their API is consistent, you just replace the new package only.
But as sometone else already remarked: if the MAJOR version of a .so file changes, i.e. from .so.42 to .so.43 then you will have to recompile everything that depends ON that .so library.
After writing that post and thinking about it later, I figured it would depend on the package because some packages require a re-installation like shadow or harfbuzz. But as shruggy said, in LFS you're on your own which is why I had to ask to double check.
@ehartman, it was a bad example, maybe harfbuzz and freetype or shadow and linux-pam would of been better examples.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.