#9109 closed defect (fixed)
libnssckbi.so relinked to libnssckbi.so.orig
| Reported by: | Pierre Labastie | Owned by: | Pierre Labastie |
|---|---|---|---|
| Priority: | normal | Milestone: | 8.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
When running the book instructions for nss, /usr/lib/libnssckbi.so is moved to libnssckbi.so.orig, and is recreated as a symlink to libp11-kit.so (if p11-kit is installed). But checking the link a few days later shows that /usr/lib/libnssckbi.so points to libnssckbi.so.orig!
This happened to Ken as well as to me.
Yesterday, I installed a new version of gnutls, and today, I noticed that the creation time for the /usr/lib/libnssckbi.so symlink was the same as the installation time for gnutls.
So I created again the symlink to libp11-kit.so:
$ ls -l /usr/lib/libnssckbi.so lrwxrwxrwx 1 root root 18 11 avril 13:22 /usr/lib/libnssckbi.so -> libp11-kit.so
Then built gnutls. After running make, the output of the preceding command was still the same (expected, I build as a user and have no rights to change /usr/lib). Then I run "make install", and after that:
$ ls -l /usr/lib/libnssckbi.so lrwxrwxrwx 1 root root 18 11 avril 13:38 /usr/lib/libnssckbi.so -> libnssckbi.so.orig
There is nowhere a mention of nssckbi, neither in the logs, nor by grepping nss[^le] (avoids ssl and dnssec) in the build directory.
The gnutls build system uses libtool to link and install its libraries, and it seems (using ls -lt), that libnssckbi.so is modified after installing libgnutlsxx, and before installing libgnutls-dane.
The amazing part is that this modification is not recorded by porg... Maybe because /usr/lib/libnssckbi already exists, and porg is unable to "see" that the link is modified.
Change History (10)
comment:1 by , 8 years ago
| Type: | enhancement → defect |
|---|
comment:2 by , 8 years ago
comment:3 by , 8 years ago
I just tried: If libnssckbi.so.orig is renamed to origlibnssckbi.so, then ldconfig does not recreate the link... If somebody (DJ?) confirms, we can change the instructions on the nss page.
comment:4 by , 8 years ago
Looked at ldconfig's code. The file is skipped if the filename does not begin with "lib" or "ld-", or does not contain ".so" and is a regular file...
comment:5 by , 8 years ago
I took a look at this and confirm your excellent analysis.
I suggest we just remove the file on the nss page:
readlink /usr/lib/libnssckbi.so || rm -v /usr/lib/libnssckbi.so && ln -sfv libp11-kit.so /usr/lib/libnssckbi.so
comment:6 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:7 by , 8 years ago
My apologies, I did not see this. Yes, that should do well. Excellent work!
gnutls has nothing to do with that. It just happened to be the first package to install libraries using libtool, that is, using ldconfig. Try:
The reason is that ldconfig does 2 things:
When ldconfig finds a shared library with a given soname, it creates a link from a file named according to that soname to the said library...
So, if we want to remove that link, we need to get libnssckbi.so.orig out of the search path (or pattern) of ldconfig.