Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
nginx - revdep-rebuild didn't detect undefined symbol
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
gus.j.power
n00b
n00b


Joined: 17 Nov 2010
Posts: 12
Location: London

PostPosted: Thu Aug 21, 2014 9:41 am    Post subject: nginx - revdep-rebuild didn't detect undefined symbol Reply with quote

Hi,

I'm using binary packages (i.e. emerge -bk) and a shared portage location between docker containers to speed up container builds. I have a base build which contains all the basics (language settings, admin user, vim :) etc.) and other specialized builds which sit on top of it (via docker's union filesystem mechanism). Each installation runs revdep-rebuild after installation to ensure that there are no broken libraries/linkages. However, one of the builds containing nginx threw this error yesterday:

Code:

/usr/sbin/nginx: symbol lookup error: /usr/sbin/nginx: undefined symbol: EC_KEY_new_by_curve_name


I manually reran revdep-rebuild on the container but it detected no inconsistencies:
Code:

 * Configuring search environment for revdep-rebuild

 * Checking reverse dependencies
 * Packages containing binaries and libraries broken by a package update
 * will be emerged.

 * Collecting system binaries and libraries
 * Generated new 1_files.rr
 * Collecting complete LD_LIBRARY_PATH
 * Generated new 2_ldpath.rr
 * Checking dynamic linking consistency
[ 100% ]                 

Dynamic linking on your system is consistent... All done.


I have two questions:

  • Should revdep-rebuild have caught this kind of bug?
  • Is there another way I could automatically detect this kind of error?


Cheers,

Gus.
_________________
--with-${relevantQuote}
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 6196

PostPosted: Thu Aug 21, 2014 3:14 pm    Post subject: Reply with quote

revdep-rebuild doesn't detect this kind of problems, as there would be too many false positives (some of python,php,perl,ruby/etc. modules).
Back to top
View user's profile Send private message
gus.j.power
n00b
n00b


Joined: 17 Nov 2010
Posts: 12
Location: London

PostPosted: Sun Aug 24, 2014 1:02 pm    Post subject: Reply with quote

At the moment I'm building images nightly using jenkins and then running some functional tests against each of them to ensure the appropriate services start up correctly, so at least failures of this kind get detected before they can do harm.

I was hoping that someone could suggest a better / more repeatable / more thorough / more automated method of root causing these failures rather than grepping logs, rebuilding packages and browsing forums :)
_________________
--with-${relevantQuote}
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Sun Aug 24, 2014 3:42 pm    Post subject: Reply with quote

The EC_KEY thing looks like an openssl symbol, that some packages link to; did you switch to libressl?

There's a writeup about it here for Gentoo, and one about the wider issues on Sabotage if you're interested in the background.

If it is that, then it's simply a bug in the package that needs to be corrected, perhaps with a patch for libressl, or on the libressl side.

WRT automation, I'd play with ldd, nm and readelf, to name three that come to mind.
Back to top
View user's profile Send private message
gus.j.power
n00b
n00b


Joined: 17 Nov 2010
Posts: 12
Location: London

PostPosted: Mon Aug 25, 2014 10:14 am    Post subject: Reply with quote

Yes, it's an openssl symbol - the bug manifested itself when I tried to install a ruby gem (presumably over ssl):
Code:
gem install compass


I was hoping that libressl was going to come into the main portage tree and was holding out for that, but thanks for the write-up that's really useful.

I thought about scripting something with ldd but I thought that revdep-rebuild already covered dynamic linkage errors? nm/readelf would definitely provide a deeper level of information - maybe going down a level and comparing the actual symbols might reveal breakages? e.g.
Code:
stderr@GLIBC_2.2.5

_________________
--with-${relevantQuote}
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 6196

PostPosted: Mon Aug 25, 2014 10:52 pm    Post subject: Reply with quote

gus.j.power wrote:
I thought about scripting something with ldd but I thought that revdep-rebuild already covered dynamic linkage errors? nm/readelf would definitely provide a deeper level of information - maybe going down a level and comparing the actual symbols might reveal breakages? e.g.
Code:
stderr@GLIBC_2.2.5


Again, revdep-rebuild does cover linkage errors only on lib level, as otherwise false positives would made it useless.
Back to top
View user's profile Send private message
lacyc3
n00b
n00b


Joined: 14 Oct 2014
Posts: 1

PostPosted: Tue Oct 14, 2014 5:14 pm    Post subject: Reply with quote

I had the same problem. My solution: disable bindist flag in openssl to enable ecdsa.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum