View previous topic :: View next topic |
Author |
Message |
gus.j.power n00b
Joined: 17 Nov 2010 Posts: 12 Location: London
|
Posted: Thu Aug 21, 2014 9:41 am Post subject: nginx - revdep-rebuild didn't detect undefined symbol |
|
|
Hi,
I'm using binary packages (i.e. emerge -bk) and a shared portage location between docker containers to speed up container builds. I have a base build which contains all the basics (language settings, admin user, vim etc.) and other specialized builds which sit on top of it (via docker's union filesystem mechanism). Each installation runs revdep-rebuild after installation to ensure that there are no broken libraries/linkages. However, one of the builds containing nginx threw this error yesterday:
Code: |
/usr/sbin/nginx: symbol lookup error: /usr/sbin/nginx: undefined symbol: EC_KEY_new_by_curve_name
|
I manually reran revdep-rebuild on the container but it detected no inconsistencies:
Code: |
* Configuring search environment for revdep-rebuild
* Checking reverse dependencies
* Packages containing binaries and libraries broken by a package update
* will be emerged.
* Collecting system binaries and libraries
* Generated new 1_files.rr
* Collecting complete LD_LIBRARY_PATH
* Generated new 2_ldpath.rr
* Checking dynamic linking consistency
[ 100% ]
Dynamic linking on your system is consistent... All done.
|
I have two questions:
- Should revdep-rebuild have caught this kind of bug?
- Is there another way I could automatically detect this kind of error?
Cheers,
Gus. _________________ --with-${relevantQuote} |
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
Posted: Thu Aug 21, 2014 3:14 pm Post subject: |
|
|
revdep-rebuild doesn't detect this kind of problems, as there would be too many false positives (some of python,php,perl,ruby/etc. modules). |
|
Back to top |
|
|
gus.j.power n00b
Joined: 17 Nov 2010 Posts: 12 Location: London
|
Posted: Sun Aug 24, 2014 1:02 pm Post subject: |
|
|
At the moment I'm building images nightly using jenkins and then running some functional tests against each of them to ensure the appropriate services start up correctly, so at least failures of this kind get detected before they can do harm.
I was hoping that someone could suggest a better / more repeatable / more thorough / more automated method of root causing these failures rather than grepping logs, rebuilding packages and browsing forums _________________ --with-${relevantQuote} |
|
Back to top |
|
|
steveL Watchman
Joined: 13 Sep 2006 Posts: 5153 Location: The Peanut Gallery
|
Posted: Sun Aug 24, 2014 3:42 pm Post subject: |
|
|
The EC_KEY thing looks like an openssl symbol, that some packages link to; did you switch to libressl?
There's a writeup about it here for Gentoo, and one about the wider issues on Sabotage if you're interested in the background.
If it is that, then it's simply a bug in the package that needs to be corrected, perhaps with a patch for libressl, or on the libressl side.
WRT automation, I'd play with ldd, nm and readelf, to name three that come to mind. |
|
Back to top |
|
|
gus.j.power n00b
Joined: 17 Nov 2010 Posts: 12 Location: London
|
Posted: Mon Aug 25, 2014 10:14 am Post subject: |
|
|
Yes, it's an openssl symbol - the bug manifested itself when I tried to install a ruby gem (presumably over ssl): Code: | gem install compass |
I was hoping that libressl was going to come into the main portage tree and was holding out for that, but thanks for the write-up that's really useful.
I thought about scripting something with ldd but I thought that revdep-rebuild already covered dynamic linkage errors? nm/readelf would definitely provide a deeper level of information - maybe going down a level and comparing the actual symbols might reveal breakages? e.g. _________________ --with-${relevantQuote} |
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
Posted: Mon Aug 25, 2014 10:52 pm Post subject: |
|
|
gus.j.power wrote: | I thought about scripting something with ldd but I thought that revdep-rebuild already covered dynamic linkage errors? nm/readelf would definitely provide a deeper level of information - maybe going down a level and comparing the actual symbols might reveal breakages? e.g. |
Again, revdep-rebuild does cover linkage errors only on lib level, as otherwise false positives would made it useless. |
|
Back to top |
|
|
lacyc3 n00b
Joined: 14 Oct 2014 Posts: 1
|
Posted: Tue Oct 14, 2014 5:14 pm Post subject: |
|
|
I had the same problem. My solution: disable bindist flag in openssl to enable ecdsa. |
|
Back to top |
|
|
|