To Require or not to Require?
Michael Schwendt
mschwendt at gmail.com
Thu Aug 11 12:43:55 UTC 2011
On Thu, 11 Aug 2011 13:19:49 +0100, DH (David) wrote:
>
> Hi,
>
> I have a package (keyutils) that produces three RPMs: keyutils (programs),
> keyutils-libs and keyutils-devel. The programs in the keyutils RPM depend on
> the libraries in the keyutils-libs RPM and pick up implicit dependencies thus:
>
> warthog>rpm -qRp keyutils-1.5.1-1.fc14.x86_64.rpm
> ...
> config(keyutils) = 1.5.1-1.fc14
> ...
> libkeyutils.so.1()(64bit)
> libkeyutils.so.1(KEYUTILS_0.3)(64bit)
> libkeyutils.so.1(KEYUTILS_1.0)(64bit)
> libkeyutils.so.1(KEYUTILS_1.3)(64bit)
> libkeyutils.so.1(KEYUTILS_1.4)(64bit)
> ...
>
> So does the keyutils rpm need an explicit Requires on the keyutils-libs rpm in
> the specfile or is the implicit library dependency sufficient?
>
> rpmlint does not complain, but, for RHEL, rpmdiff does.
>
> David
It's a grey area. Basically, it boils down to these two guidelines:
https://fedoraproject.org/wiki/Packaging/Guidelines#RequiringBasePackage
under consideration of
https://fedoraproject.org/wiki/Packaging:Guidelines#Explicit_Requires
In your case, the -libs package is the real base package in disguise.
The executables in the "keyutils" pkg may need the latest libkeyutils.so.1
API, or else they would fail to link at run-time.
[...]
Occasionally, one can observe users running into this pitfall as it is not
just a theoretical problem. They read about an update notification for
package "foo" and try to apply that update manually with "yum update foo".
However, due to weak dependencies (or not dependencies) on subpackages
containing important stuff, such as the latest version-release of a "foo-libs"
subpackage, the applied update is only a partial one -- and not even a
"yum update foo\*" might have helped, because some subpackage names are
within a different prefix.
More information about the devel
mailing list