LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-05-2014, 03:06 PM   #1
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693
Why are we still using shared libraries?


I understand them being used back in the day when we had to save every bit of space imaginable.

I also concede that compiling on different machines might give you a different output.

But these days, custom compilation yields very little improvement, and we have terrabytes of space.

So,.. why dont package maintainers just package up EVERYTHING they need in one package, instead of relying on dependencies?

Instead of Openoffice relying on Erlang 1.2.3.141.9.222-buld00001.alpha.centauri.486, and breaking when that package can't be found, why doesn't the programmer using Erlang 1.2.3.141.9.222-buld00001.alpha.centauri.486 just copy that all into the Openoffice source tree and call it a day? Why depend on the niceties of package maintainers and goodwill from other projects?

Pull in what you need - make it work - distribute it. Stop with the 'I need this one 2 line function from version 12.83.1323.99a-b of foo.alpha-x86.el2 and my program will NOT compile without it!' nonsense.

Its a thought anyway. Sure there are a million intricate reasons why packaging and installation can't be simplified, and a million more why we need dependencies still.

Anyone know the reasons?

Last edited by Tinkster; 11-06-2014 at 03:15 PM. Reason: language cleanup ...
 
Old 11-05-2014, 03:36 PM   #2
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,184

Rep: Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300
Quote:
Instead of Openoffice relying on Erlang 1.2.3.141.9.222-buld00001.alpha.centauri.486, and breaking when that package can't be found, why doesn't the programmer using Erlang 1.2.3.141.9.222-buld00001.alpha.centauri.486 just copy that all into the Openoffice source tree and call it a day?
Projects that build and distribute their own binaries usually actually do that. (Or they statically link, which is letting the compiler do the same thing). OpenOffice is an example. So are most games, including those on Steam, GOG and the Humble Store.

Last edited by Tinkster; 11-06-2014 at 03:15 PM.
 
1 members found this post helpful.
Old 11-05-2014, 04:16 PM   #3
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Original Poster
Rep: Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693
Nice. Perhaps more programs will follow suit!
 
Old 11-05-2014, 04:29 PM   #4
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,618

Rep: Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651
it could be worse
we could have the windows "dll hell" issue of every single version all called the same thing
 
1 members found this post helpful.
Old 11-05-2014, 07:08 PM   #5
ljb643
Member
 
Registered: Nov 2003
Posts: 526

Rep: Reputation: Disabled
Suppose a bug or security problem is found in a library. Would you rather upgrade one shared library, or tens of applications which are statically compiled with it? Consider that each application upgrade is likely to have new features, new bugs, changed functionality, perhaps a redesigned user interface. Wouldn't that be fun? Not.
 
1 members found this post helpful.
Old 11-05-2014, 07:21 PM   #6
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Original Poster
Rep: Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693
I imagine, If everyone started packaging their own libraries and dependencies in their application:
  • They would be responsible for security updates, as many of them are now anyway
  • They would push out updates, which many of them do now anyway
  • Each program might end up using a different version of said library - possibly skirting the vulnerability by way of version,

Something like that.

Got me thinking. Currently, most things use shared libraries right? So, if the library is a security vulnerability, every single thing on the box that uses it is vulnerable. Possibly 100's of programs. Whereas if a program was pacakged with everything it needed, it might come about that only that version of the library is vulnerable, but only one program is using it, rather than 100's sharing it.

Perhaps.

Last edited by szboardstretcher; 11-05-2014 at 07:22 PM.
 
Old 11-05-2014, 07:32 PM   #7
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
I don't think static libs are a good idea. Like said above, if something changes you'll have to recompile everything. It would also be harder to maintain, and would be less secure because it would take time for them to patch their local version, which may be out-of-date and the patches would need back-porting.

Shared libraries have many advantages and that's why they are used in most cases. The only cases where I don't like it is small libraries that don't even need to exist. I know some small projects like to separate part of their code into libraries, but nobody uses these libraries except for the program they wrote. I guess they are hoping someone would use it.
 
Old 11-05-2014, 08:02 PM   #8
whois
Member
 
Registered: Oct 2014
Posts: 39

Rep: Reputation: Disabled
Quote:
Originally Posted by szboardstretcher View Post
I imagine, If everyone started packaging their own libraries and dependencies in their application:
I believe PC-BSD does this with PBI's.

http://en.wikipedia.org/wiki/PC-BSD#Package_management
Quote:
All software packages and dependencies are installed in their own self-contained directories in /Programs. This convention is aimed to decrease confusion about where binary programs reside, remove the possibility of a package breaking if system libraries are upgraded or changed, and prevent dependency hell.

Last edited by whois; 11-05-2014 at 08:04 PM.
 
Old 11-05-2014, 08:09 PM   #9
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,184

Rep: Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300
Quote:
Originally Posted by szboardstretcher View Post
So, if the library is a security vulnerability, every single thing on the box that uses it is vulnerable. Possibly 100's of programs. Whereas if a program was pacakged with everything it needed, it might come about that only that version of the library is vulnerable, but only one program is using it, rather than 100's sharing it.

Perhaps.
And why would that be better? You can upgrade OpenSSL and fix the vulnerability in hundreds of packages immediately, or you can depend on the maintainer of each of those hundreds of packages to individually notice and tell if they've been using a vulnerable version of OpenSSL.

Last edited by dugan; 11-05-2014 at 08:25 PM.
 
1 members found this post helpful.
Old 11-06-2014, 12:25 PM   #10
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,184

Rep: Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300
Someone seems to be thinking along the same lines as you, szboardstretcher.

http://www.linuxquestions.org/questi...re-4175524566/

(My personal thought: sounds like Mojo installers and other analagous things).

Last edited by dugan; 11-06-2014 at 12:52 PM.
 
Old 11-06-2014, 01:01 PM   #11
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Original Poster
Rep: Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693
I'm not sure it would be better.

But there has to be *some* way to make it less of a pain-in-the-ass to install a package, without the dependency calculations required currently.

And, with that link, it certainly seems like other people have been thinking about the issue as well. That's good. If it's being thought about, talked about and tinkered with, then someday the packaging ecosystem might be more homogenous and less prone to the dependency hells that exist.
 
Old 11-06-2014, 01:07 PM   #12
DavidMcCann
LQ Veteran
 
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Debian
Posts: 6,125

Rep: Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299Reputation: 2299
What dependency hells? I've had to do a bit of juggling with stuff for CentOS from other distros, but that's a penalty of using such a small distro. When testing distros (and I've used 114) only the obscurer ones have had problems with software installation. Except, that is, Debian. Does your profile's "GNU/Linux" entry indicate that you're a Debian user?
 
Old 11-06-2014, 01:17 PM   #13
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Original Poster
Rep: Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693Reputation: 1693
Quote:
Does your profile's "GNU/Linux" entry indicate that you're a Debian user?
Just identifying myself with Linux in general. I've used many (112.5 +- 2%) over the years, and have many different distros that I have to feed at work. I also have a couple of solaris boxes and an AIX db server.

Quote:
What dependency hells?
Assuming you are using a package manager like yum, you might not see the various levels of horrific dependency requirements and collisions that happen still to this day. This happens more often when installing software from source - which is the reason that I prefer the handful of programs that come with everything that they need rather than depending on external packages.
 
Old 11-06-2014, 01:32 PM   #14
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
I think some of dependency hell is caused by programmers' carelessness when choosing dependencies. I know a number of programs that could reduce their dependency list, especially to less esoteric dependencies that are not well maintained and are hard to install. Please consider this when writing programs and choosing dependencies. I mean, here's a concrete example: OGRE. Yeah, if you've ever tried to install it, you'll be missing some hairs on your head.
 
Old 11-06-2014, 03:15 PM   #15
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,184

Rep: Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300Reputation: 5300
Quote:
Originally Posted by metaschima View Post
I think some of dependency hell is caused by programmers' carelessness when choosing dependencies. I know a number of programs that could reduce their dependency list, especially to less esoteric dependencies that are not well maintained and are hard to install. Please consider this when writing programs and choosing dependencies. I mean, here's a concrete example: OGRE. Yeah, if you've ever tried to install it, you'll be missing some hairs on your head.
I haven't tried to install it, but the Slackware packaging script doesn't look too complex to me:

http://slackbuilds.org/slackbuilds/1...gre.SlackBuild

Am I missing something?

Quote:
Originally Posted by szboardstretcher View Post
Assuming you are using a package manager like yum, you might not see the various levels of horrific dependency requirements and collisions that happen still to this day. This happens more often when installing software from source
If you're trying to build your own debs or RPMs, yes. If you're just doing ./configure ; make ; make install or building for a distribution that doesn't enforce dependency versions (Slackware, Arch, Gentoo, etc) then no. The build system detects the dependencies that are present on your system.

Last edited by dugan; 11-06-2014 at 03:19 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
./testSo: error while loading shared libraries: libsy.so: cannot open shared object rohaanembedded Programming 5 06-03-2013 08:23 AM
error while loading shared libraries: libcrypt.so.1: cannot open shared object file: xmixail Linux - Kernel 15 07-29-2012 09:39 PM
honeyd: error while loading shared libraries: libdnet.1: cannot open shared object fi secbuddy Linux - Software 2 12-24-2011 03:01 PM
top: error while loading shared libraries: libproc.so.2.0.6: cannot open shared objec ramesh_india2020 Linux - Newbie 6 07-29-2010 02:49 PM
top: error while loading shared libraries: libproc.so.2.0.6: cannot open shared objec ramesh_india2020 Linux - Server 1 07-29-2010 01:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration