Quoting: JordanPlayz158

Quoting: ShabbyXIt's made exactly so that libraries *can* break ABI if they have to, without the world imploding. glibc made a breaking change, and no matter how small, they should have made an incompatible version change. Yes that would still be inconvenient, but at least it's detectable and fixable. Imagine if python3 did all its backward incompatible things but still called itself python2.

Yes, that's exactly the point we were making, they didn't treat it as a breaking change as they just incremented the patch number by 1 rather than the major. Not to mention a lot of people have said it wasn't very clear and I could buy that as documentation doesn't seem to be a strong point in either linux or c in general (or I could be wrong (or xdg-desktop-portal could be a bad example of a c library) but when I attempted to make an application using xdg-desktop-portal they had the equivalent of a javadoc but that was about it, there are no examples provided in the repo for how to use any of the objects (or it wasn't clearly labeled or findable), there were no tutorials online and I looked into other repos (that are flatpaks as they must use xdg-desktop-portal to my knowledge) and it was a mess because different applications use different languages or sometimes used a middle man library or some combination of the two which made it difficult to know how to use the interface)

glibc is very well documented, as is most C libraries on Linux (don't know where this misconception comes from), they didn't see the ELF sections as part of the glibc ABI/API though which is why this went under the radar for developers that isn't on the glibc mailing lists.

This was not a code change, it was a change in the automake configure script to no longer pass in the argument to ld to include the old hash section when building glibc.

Normally no library/application dev ever sees a change like this as a ABI/API change, but it looks like the glibc devs will do from now on.

View this comment - View article - View full comments

Quoting: JordanPlayz158

Quoting: minidouI fail to see how glibc devs could be blamed for removing a function deprecated for 17 years (though I can agree a major version bump should have been called for). Do videogame devs need that much nursing ? EAC linux lib is a recent piece of software, how many deprecated dependencies do they use ?

Quoting: TermyI tend to agree with the criticism about unstable APIs for many cases - but in this case, i really blame Epic for using a function deprecated for almost two decades in a recent piece of software.

From everything I've read from other people, it wasn't obvious that the function was depreciated. You shouldn't need to search up, "is x function depreciated glibc" for every function you use, it should be immediately obvious (like most languages I know have comments or a depreciation tag), some say that all distros somehow knew about this but you shouldn't need to be familiar with linux development or need to be in the right communities to know about a depreciated function.

Small nitpick here, but DT_HASH is not a libc function, it's a linker section in the ELF header of a shared object. The function that utilizes this section is dlopen() and that function have not changed and it works, it's only applications that tries to read the ELF data manually that have to handle DT_HASH and DT_GNU_HASH, and by all means it looks like the glibc devs "incorrectly" thought that dlopen was their ABI/API and not the actual linker section in the ELF headers.

View this comment - View article - View full comments

Quoting: Zagorim

Quoting: GuestThere's an easy solution, ban the use of EAC in GNU+Linux native games.
Oh, wait...

Except that Shovel Knight is a native linux game that doesn't use EAC and it's still broken by the glibc update.
I think the glibc devs need to be more careful about the kind of updates they push and the impact they can have.

The question is why ShovelKnight have the same problem, very very few applications (and none of them games) should ever have the reason the read the ELF data manually. Everyone else should use the libc provided dlopen() function to open shared dynamic libraries.

Does ShovelKnight use some EAC like middleware?

View this comment - View article - View full comments

Quoting: KlaasBackporting security fixes can lead to a lot of trouble if something is missed. Remember the Debian OpenSSL bug a few years ago?

That had nothing to do with backporting, it was the Debian maintainer thinking that he could improve the entropy of the OpenSSL PRNG with a quick hack of his own.

View this comment - View article - View full comments

Quoting: Beamboom

Quoting: F.UltraNew releases of WINE/Proton breaks games that worked with the older version from time to time so yes they are wrong in that WIN32 is the only stable ABI on Linux since it clearly isn't stable.

It's not a either/or, binary reality discussed here. It's not a question if this or that ever breaks at all, ever.

So how am I then to interpret CodeWeavers "WIN32 is the only stable ABI on Linux" when it have broken more times for me on my Linux system than glibc have ever done, yet this change by glibc triggers CodeWeavers to make that tweet?!

View this comment - View article - View full comments

Quoting: minidou

Quoting: Guest

Quoting: minidouI fail to see how glibc devs could be blamed for removing a function deprecated for 17 years (though I can agree a major version bump should have been called for). Do videogame devs need that much nursing ? EAC linux lib is a recent piece of software, how many deprecated dependencies do they use ?

The blame is not really about removing the deprecated feature. Blame is for the failure to restore it after discovering that users for the feature still exist and the removal broke stuff.

They did restore it because of the backlash, but they really shouldn't have, there's no reason for it. This isn't some obscure lib we're talking about but the GNU C library. If a handful of program gets broken it's on them, the function was marked deprecated almost two decades ago. An outstanding majority of program have no issue at all with the removal of this function, why should a niche but maybe high visibility user dictate the direction of glibc ?

Something not discussed here is that the removal of DT_HASH allows a save of about 1% or 16kB of space per Glibc shared object [External Link]. This is an improvement. There clearly is a good reason for finally removing this deprecated function. But we shouldn't profit from this improvement because of some devs bad practice ?

Quoting: TheSHEEEP

Quoting: GuestThe blame is not really about removing the deprecated feature. Blame is for the failure to restore it after discovering that users for the feature still exist and the removal broke stuff.

Yes, a lot of developers (especially newer, younger ones that lack the experience) argue in favor of always using the very latest everything and always keeping everything updated.
I've seen that time and time again in several teams.

But that's not a position that can be maintained in reality.
You'd require armies just to maintain old stuff.

It's fine to remove a function if you can't see that anyone is using it. An understandable mistake.

This is off topic. The impacted softwares were initialised years after DT_HASH was marked deprecated. In the case of EAC lib, probably a good 15 years later. In every sector of the software industry this would be considered bad practice, but VG softwares get a pass for some reason.

Quoting: TheSHEEEPBut the moment you realize that there were indeed many still using it, it should clearly be restored (with a deprecation marker, but still).

They did that, almost two decades ago.

And it seems there isn't that many users impacted. I can count the EAC lib and some lib used in shovel night. Compared to the millions of programs using glibc.

I'm also wondering if this opens a hole in EAC. Aka since they only seems to check DT_HASH then I can craft a .so that have a nice DT_HASH for EAC to be happy about and then I create my real stuff in the DT_GNU_HASH section that is what the system really loads instead. Now I have never played around with low level linking like this so I don't know if this is possible, but it sure sounds like it.

View this comment - View article - View full comments

Quoting: landeelglibc compatibility has been a pain for a while.
I have released 2 games on Steam with native Linux ports.
I'm always afraid of doing a dist-upgrade, because it's very likely the compiled binaries won't run on the previous distro version.
It's absurd, but targeting win32 is more stable.
There should be a way to have multiple working glibc versions.

There are, you can also in your code tell a new version of GLIBC that you want the function from the older version X since GLIBC uses versioned symbols and keep the old ones around since they started to do that. It's a very painful process though since one have to do this for every single symbol one want's to use.

View this comment - View article - View full comments

Quoting: Beamboom

Quoting: Eike

Quoting: Beamboom

Quoting: 1xokThis whole criticism from CodeWeavers developers should be taken with a pinch of salt...

... Why?

Because WINE is where their money comes from?
It's not like they're a neutral party in this question...

I see nothing wrong or biased in what they said.

New releases of WINE/Proton breaks games that worked with the older version from time to time so yes they are wrong in that WIN32 is the only stable ABI on Linux since it clearly isn't stable. There is a reason why Steam still have several versions of Proton since 3.7 available to choose from.

View this comment - View article - View full comments

Quoting: Eike

Quoting: F.UltraNow for games in particular, security is rarely an issue what so ever

Why do you think so? Many games communicate over the internet, and I fear user security is not among the first 26 concerns of many game developers...

My reasoning here is that those games does not communicate randomly over the Internet but almost always only home (usually over https so the remove url cannot be spoofed easily either) and that the communication initiation is always out-going and not in-going (aka the game does not listen to incoming connections) and that the processing of the data on this communication is handled by the game itself and not by some shared library (which means that there are no benefits to fix the libs).

View this comment - View article - View full comments

Quoting: setzer22I'm an Arch user, and have been for quite a long time. But I'm starting to grow increasingly worried about the sustainability of their distro model. Honestly, this obsession with dynamically linking everything and updating as soon as possible is a huge house of cards waiting to fall under its own weight.

Why are we okay with the basic model for Linux dependencies being to have *all* the system's dependencies share the same global namespace, while a bunch of overworked (and often underpaid!) enthusiasts make sure that updates happen in lockstep and nothing breaks. Of course things are going to break randomly during updates! There's not enough people willing to donate their time to QA test all of this.

Keeping all this machinery working sounds like a tremendous amount of work, and for what? So that our things break randomly every now and then? So that we can feel good about "memory reuse" while in practice all software we use is Electron crap that happily spins up a chromium instance per window?

The only seemingly valid argument supporting all of this rube goldberg machinery is that we want system updates to automatically patch our applications when a CVE is detected in a system-wide dependency like glibc. But that's (1) Much less of a concern for desktop Linux, which are rarely open to the wide internet in a way that most common exploits could be achieved, and (2) Sysadmins and anyone deploying software on servers are moving away of this traditional distro model in favor of Docker precisely because distro updates break things and environments are non-reproducible.

Anyway... I won't side with Epic on this because they used a deprecated function long after it was documented as such and that's not good practice, but things that work should keep working after an update, I'm tired of this.

At least now we have Valve carefully curating the system updates on Steam OS, so there's less of an incentive to boot up windows when some game stops launching after an upgrade.

Because the alternative which is how software is distributed on Windows (and how the "new" distribution ways of flatpak/snap/whatever) where the responsibility of keeping the shared libraries up to date for security holes and other bugs are shifted onto the developers of each and every single application that you install of it being done just once for your entire OS by a much larger and more competent team.

And thinking that Linux is somehow less impacted by security holes by "something internet something" is naive, we are just as conencted and impacted by this as the Windows users. Now for games in particular, security is rarely an issue what so ever, but if we take applications instead then holes in shared libraries can be exposed by you opening a file in OpenOffice, VLC, GIMP or whatever, it does not have to be an exploit in port X where some Windows subsystem listens to external connections.

The main issue in this particular case though is the "and updating as soon as possible" part which only happens on rolling update distros like arch that want's to be on the bleeding edge for everything instead of the slow and methodical way of Debian or Red Hat.

View this comment - View article - View full comments