-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[conan-center] Forbid linking against removed glibc finite math functions #508
[conan-center] Forbid linking against removed glibc finite math functions #508
Conversation
Here's a Dockerfile to verify that the new hook catches the issue on Ubuntu 18.04 / glibc 2.27: FROM conanio/gcc8:1.60.2
USER root
RUN git clone https://github.com/conan-io/conan-center-index.git --depth 1
RUN conan profile new default --detect && conan profile update settings.compiler.libcxx=libstdc++11 default
RUN mkdir -p ~/.conan/hooks/ && \
wget https://raw.githubusercontent.com/valgur/conan-hooks/feature/forbid-glibc-finite-math-functions/hooks/conan-center.py -O ~/.conan/hooks/conan-center.py && \
chmod +x ~/.conan/hooks/conan-center.py
RUN conan config set hooks.conan-center
RUN conan create conan-center-index/recipes/mpg123/all /1.31.2@ --build=mpg123 -pr:b=default
RUN objdump -t ~/.conan/data/mpg123/1.31.2/_/_/package/*/lib/libmpg123.a | grep _finite || true
# Uncomment to verify that building with the offending optimization turned off fixes the issue
# RUN CFLAGS=-fno-finite-math-only conan create conan-center-index/recipes/mpg123/all /1.31.2@ --build=mpg123 -pr:b=default
# RUN objdump -t ~/.conan/data/mpg123/1.31.2/_/_/package/*/lib/libmpg123.a | grep _finite || true Which produces:
|
@uilianries, @memsharded. Have you had a chance to look at this PR? A friendly ping just in case this has slipped through the cracks. By my count this issue affects at least 75 packages just through the transitive dependencies on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution.
I am a bit concerned about the complexity of this hook check, it is a bit outside of my expertise. As we move towards 2.0 that is not using hooks in ConanCenter yet, not sure about the value, and possible risks of false positives and other issues.
Will ask for further reviews.
I'm concerned about this hook, just like @memsharded said, it's complex and hard to understand, and can turn up as a nightmare in case we need to fix something in the future. Problems related to glibc version in CCI are not new and we really can't fix all them. If we use only new Ubuntu versions, we will break users that are still running older versions, but if we only run old versions, we private some libraries due new glibc features, so we try to keep it balanced. Our suggestion is building from source in case having trouble with glibc, so you can update your package according to your scenario. But in case of real failure in CCI, we should investigate for sure. |
While I empathize with the maintenance concern, I based this hook largely on "KB-H043 - MISSING SYSTEM LIBS" and feel like this hook is almost straightforward compared to that one?
Are there any other examples besides this one? I find it hard to agree if the fix for the issue at hand is to add the following to couple of lines to if not is_msvc(self):
tc.variables["CMAKE_C_FLAGS"] = "-fno-finite-math-only"
tc.variables["CMAKE_CXX_FLAGS"] = "-fno-finite-math-only" as long as there's a simple way to detect this issue (which there isn't when building locally - you would have to run something similar to the above Dockerfile for each recipe to even detect the issue). Not detecting and fixing this issue effectively means that almost none of the packages involving some kind of image or audio I/O can be built with GCC (new or old) unless everything is rebuilt locally. This includes Qt, GTK, OpenCV, GDAL, SDL and many other packages that are both popular and a pain to re-build. Why bother distributing the binaries at all if they will only work with 5+ year old OS releases? |
And as for
It only matches against undefined symbols in library files with two leading underscores. The language standard only allows these to be defined by the compiler and the libc itself. There's a very limited number of these around. The regex pattern could also be replaced with one that matches the exact list of relevant symbols that I linked to above. There is one case where this hook could incorrectly flag an issue, though - pre-built external binaries. I probably should add an exception for that. |
8b74cbf
to
c1c043e
Compare
@memsharded @uilianries @jcar87
FROM conanio/gcc8:1.60.2
# Set-up
USER root
RUN git clone https://github.com/conan-io/conan-center-index.git --depth 1
RUN conan profile new default --detect && conan profile update settings.compiler.libcxx=libstdc++11 default
RUN mkdir -p ~/.conan/hooks/ && \
wget https://raw.githubusercontent.com/valgur/conan-hooks/feature/forbid-glibc-finite-math-functions/hooks/conan-center.py -O ~/.conan/hooks/conan-center.py && \
chmod +x ~/.conan/hooks/conan-center.py
RUN conan config set hooks.conan-center
# The actual test
RUN conan create conan-center-index/recipes/mpg123/all /1.31.2@ --build=mpg123 -pr:b=default
# Uncomment to verify that building with the offending optimization turned off fixes the issue
# RUN CFLAGS=-fno-finite-math-only conan create conan-center-index/recipes/mpg123/all /1.31.2@ --build=mpg123 -pr:b=default
Would that be an acceptable compromise? |
Cc @SpaceIm @ericLemanissier @toge @jwillikers |
I agree that it's a real issue, which somehow needs to be addressed. Unfortunately, the current policy seems to be to reduce all automation changes on conan-center to the bare minimum. If this does not get merged as a hook, It'll probably has more chances to live as a custom command which would have the advantage of being compatible with conan 2. Then you'll have to find some way to make this run automatically on conan-center binaries (cf my DM on slack) |
@valgur I have to agree that this is an important fix for making Conan Center Index binaries consumable by others on Linux. It should not be overlooked as it can lead to unexpected and hard to debug errors for consumers. Unfortunately, I hope the team is able to figure out ways to improve glibc handling, like what your PR offers here. Thanks @valgur for working on this. |
Thanks for your insight everyone :) |
Adds a linter check for any
__*_finite
symbols in.a
,.so
and executable files on Linux to avoid distributing binaries that link against glibc symbols that are no longer available on newer systems with glibc v2.31+. This affects quite a few audio and image libraries that have--ffast-math
set, such asmpg123
,openjpeg
,libx264
andlibx265
.See conan-io/conan-center-index#18951 (comment) for context.
Here are also some code snippets to find any affected libraries in a local Conan cache: https://gist.github.com/valgur/d3b1576de71d29467e2cd2434e19af02
And a full list of glibc symbols this check is supposed to catch: https://gist.github.com/valgur/dac1a98174df755cfa85a04fcc5a93a1