Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

libatomic dependency may be problematic #410

Open
indygreg opened this issue Dec 6, 2024 · 1 comment
Open

libatomic dependency may be problematic #410

indygreg opened this issue Dec 6, 2024 · 1 comment
Labels
needs-decision Undecided if this should be done

Comments

@indygreg
Copy link
Collaborator

indygreg commented Dec 6, 2024

A dependency to libatomic was added in #400.

The libatomic inclusion might be concerning because it isn't listed in the LSB at https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Common/LSB-Common/requirements.html.

While the LSB may not be the absolute requirements for our distros, deviation from it is concerning and needs to be researched. We can't just introduce new external system dependencies without validating that the most minimal of Linux distros ship the library. If a library is distributed by e.g. the compiler toolchain, that's bad for portability.

I believe I've ran into issues with libatomic in the past. Check the history of the OpenSSL build scripts.

I'd feel much better if libatomic.so linking advertising and the Rust validation is exclusive to MIPS at the moment. And even that may be too lenient. We would need to find a MIPS Linux distro and see where libatomic comes from.

@zanieb
Copy link
Member

zanieb commented Dec 6, 2024

Thanks for following up here.

I'm not sure what changed upstream that caused the MIPS builds to regress, that seems like the first thing to look into.
I'm particularly surprised that libatomic is required by the non-freethreaded variant as well. I've opened an upstream issue python/cpython#127708.

It also sounds very reasonable to scope the validation to MIPS while we investigate that. See #411.

Regarding the choice to allow this in #400, I wanted to prioritize getting the security patches out for the commonly-used distributions. Given the very long CI iteration time, I opted to include the change without further investigation. I'm not sure if you feel differently about how to weigh those decisions, but hopefully there will be less of a trade-off in the future as we invest into reducing build and iteration times — I've already prototyped using paid runners to significantly improve the concurrency of the builds and your work on #392 is promising.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-decision Undecided if this should be done
Projects
None yet
Development

No branches or pull requests

3 participants