Hi,

I was also wondering about this Y2038 thingy and did some experiments.
I'm reporting what I found to document it, but don't see much actionable
stuff here. Many thanks to Arnd Bergmann for his input.

Attempt #1: rebootstrap

Given that I develop rebootstrap, attempting to use it for a time64
bootstrap seemed quite natural. I've been talking to this with Steve
multiple times including DC22. The question was how to plug it in. In
the end I went for Arnd's suggestion to set DPKG_*_APPEND variables to
modify dpkg-buildflags. Not every package uses these flags, but a
majority do. For a survey, this is probably good enough.

Things went somewhat far. The first issue was zlib. There isn't much to
say about it: https://github.com/madler/zlib/issues/447

Then the libprelude build failed with symbol issues. It happens to build
a C++ library and its symbols are dependent on time types. Unsurprising.
This is a case where we do break ABI.

Then it occured to me that not failing does not imply not being affected
right? You can break ABI without failing the build. So as a detection
method this has a significant risk of false negatives.

For just bootstrapping an incompatible time64 armhf, this method should
mostly just work. Would someone like to have the resulting .debs? What
would do with them?

Attempt #2: reproducible

My other favourite QA tool is reproducible builds. So how about building
and comparing binary packages?

Unfortunately, build flags participate in build ids. That directly
implies a high risk of false positives and/or manual work.

Without further ado, here we go.

.debs unchanged:
* base-files
* db-defaults
* coreutils
* diffutils
* findutils
* libonig
* libidn
* libidn2
* libpipeline
* libpthread-stubs
* libsm
* gzip

Question: How many of these ignore dpkg-buildflags?

minor changes:
* gmp: build-id and #define __GMP_CFLAGS
* guile-3.0: build-id and recorded build path

unclear:
* fribidi: only libfribidi-bin changes, probably harmless

ftbfs:
* zlib: see earlier

starts using symbols such as __stat64_time64, __ioctl_time64:
* acl
* attr
* base-passwd
* bash
* blt
* bsdmainutils
* bzip2
* c-ares
* curl
* dash
* debianutils
* dpkg
* e2fsprogs
* expat
* file
* flex
* fontconfig
* freetype
* fuse
* glib2.0
* gnupg2
* gpm
* groff
* hostname
* icu
* jansson
* jemalloc
* keyutils
* kmod
* krb5
* libassuan
* libatomic-ops
* libbsd
* libcap2
* libdebian-installer
* libev
* libevent
* libgc
* libgcrypt20
* libice
* libksba
* libmd
* libnsl
* libpng1.6
* libsepol

starts using large file symbols, but no time64 symbols:
* libffi

starts using symbols such as above, but also changes C++ symbols:
* apt

unreproducible for other non-time reasons:
* binutils

After this sample, it became clear that this method is also not very
helpful. While it shows that basically everything is affected, it
doesn't give a good handle on ABI breakage either.

Please Cc me in replies as I am not subscribed.

Helmut

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Oct 18, 2022, at 12:48 PM, Helmut Grohne wrote:

Hi,

I was also wondering about this Y2038 thingy and did some experiments.
I'm reporting what I found to document it, but don't see much actionable stuff here. Many thanks to Arnd Bergmann for his input.

Thanks a lot for taking a look here, this is very promising, compared
to my attempt from 2020.

Attempt #1: rebootstrap

Given that I develop rebootstrap, attempting to use it for a time64
bootstrap seemed quite natural. I've been talking to this with Steve
multiple times including DC22. The question was how to plug it in. In
the end I went for Arnd's suggestion to set DPKG_*_APPEND variables to
modify dpkg-buildflags. Not every package uses these flags, but a
majority do. For a survey, this is probably good enough.

Things went somewhat far. The first issue was zlib. There isn't much to
say about it: https://github.com/madler/zlib/issues/447

Then the libprelude build failed with symbol issues. It happens to build
a C++ library and its symbols are dependent on time types. Unsurprising.
This is a case where we do break ABI.

Just for my understanding: what would be the correct way to handle this,
under the assumption that the new symbol names that dpkg-shlibdeps
found are the ones we want? Is there a way to flag both the time32
and the tim64 set of symbols as correct, or would we have to have a per-architecture list of expected symbols for the new (still to be
decided) architecture name?

Then it occured to me that not failing does not imply not being affected right? You can break ABI without failing the build. So as a detection
method this has a significant risk of false negatives.

For just bootstrapping an incompatible time64 armhf, this method should mostly just work. Would someone like to have the resulting .debs? What
would do with them?

I think Wookey wants to do a build of a much larger set of packages
as a feasibility study to show that a rebuild actually survives running
with time set to 2038+, before a decision is made about how and when
this becomes an official release target.

Attempt #2: reproducible

My other favourite QA tool is reproducible builds. So how about building
and comparing binary packages?

Unfortunately, build flags participate in build ids. That directly
implies a high risk of false positives and/or manual work.

Without further ado, here we go.

.debs unchanged:
* base-files
* db-defaults
* coreutils
* diffutils
* findutils
* libonig
* libidn
* libidn2
* libpipeline
* libpthread-stubs
* libsm
* gzip

Question: How many of these ignore dpkg-buildflags?

coreutils definitely should have changed, given that 'ls'
prints timestamps.

After this sample, it became clear that this method is also not very
helpful. While it shows that basically everything is affected, it
doesn't give a good handle on ABI breakage either.

I think it's safe to say that most packages will be affected in
some way. Packages that only use glibc and no other libraries could
be converted separately, but this is not helpful in the end since it
does not get any closer to converting libraries that export
modified interfaces. As far as I remember, I could show (using
pattern matching on header files) that about half the libraries
in Debian will require have an ABI change, but a much higher number
of packages depend on at least one library aside from glibc that
changes like this. To actually get this done, everything must be
rebuilt, and in order to coexist with existing binaries, this
requires a new architecture name and target triplet.

Arnd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-10-18, Arnd Bergmann <arnd@arndb.de> wrote:

Just for my understanding: what would be the correct way to handle this, under the assumption that the new symbol names that dpkg-shlibdeps
found are the ones we want? Is there a way to flag both the time32
and the tim64 set of symbols as correct, or would we have to have a per-architecture list of expected symbols for the new (still to be
decided) architecture name?

This is pretty normal for c++ libraries to have either symbol files
depending on the architecture or symbol files or symbol somehow
templated and filled out at build time (e.g. pkgkde-symbolshelper)

/Sune

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi Helmut, all,

On Tue, Oct 18, 2022 at 12:48:25PM +0200, Helmut Grohne wrote:

Then the libprelude build failed with symbol issues. It happens to build
a C++ library and its symbols are dependent on time types. Unsurprising.
This is a case where we do break ABI.

Then it occured to me that not failing does not imply not being affected right? You can break ABI without failing the build. So as a detection
method this has a significant risk of false negatives.

For just bootstrapping an incompatible time64 armhf, this method should mostly just work. Would someone like to have the resulting .debs? What
would do with them?

This is good. One thing that I think has been missing from the discussion about armhf rebootstrap is the fact that we do have experience in Debian
doing cross-cutting ABI transitions without having to change an
architecture name. We've done this at least three times in Debian history:
the libc5->libc6 transition ('g' suffix - which still remains today in libpam0g!), the GCC 4.0 C++ ABI transition ('c2' suffix), and the 'long
double' transition ('ldbl' suffix, and an example of doing this for an ABI transition that didn't affect all architectures).

The first of these didn't require analysis, we knew all shared libraries
were affected (and Debian was much smaller then).

The second required analysis but it was easy because the C++ ABI is very visible in ELF symbols.

The third is the best analogue to the time_t situation, because it involved changing the size of a type that could appear not just in ABIs of C++ libraries, but also C libraries.

And we did manage to survive that intact! https://lists.debian.org/debian-devel/2007/05/msg01173.html


Nowadays, I wonder if abi-compliance-checker would be usable for analyzing
the ABIs of C libraries to accurately identify what needs to change for time64_t. I think it would be interesting to know from this how many shared libraries expose time_t size in their ABIs.

--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmNSI0wACgkQVo0w8yGy Ez2NpBAAlmOA2adSV/oNhxhlomc70p7xiJ9j3eZu3gzqFSo1G5t5pj7Zcib2lNCz p8PbptNk0CZzJsF2i+gcGiBnsq1tSuXZhSaxRVMttDfwY/6CNaRTHJ9sIgo9Z7f6 j6apz+pI4VuhN9pMmaejDy9/RQuri7mTtNvXDUzxQ9CaEpqJD+bwJwt60Phuj/ir HDHujik4ZAsiYu4BOLhxiMuXYTLNa5vMmacd7q7IKRGtUSDQ7zGUsUa55B8VY2I0 YjjVSpgols3nIajBafvNjNfQyLn0ooM9X+LJOOj8XjV1i87KMQlL7kY87vRPYDDB dvQKzHLwrnMAqXIM5IpeXjqQM9X52OI+mGiYGe/auXp9LpQ3cusI2NteiYH+Pl5y JVqu8S0Xf/snZcyyt70wuQNSdB7XLEvDsel2hK+XN1Q+fwOuR3cX5lUvyp+P5ecY 1TK39DFLRVNd6QX5ALh8oHuRIQJx8YILcOgnhS1NTVaAo7HjAwpj/NIk0pdypsTs zKu7W7Hhh3Ml48ksnbPPhBX5WKZreB5r/9HeafBU/iPpLKTGZZTiYC3hQRt8uZd1 qnIVAJK0WXm0/wdnJkO9

Hi,

On 2022-10-18 12:48, Helmut Grohne wrote:

Attempt #2: reproducible

My other favourite QA tool is reproducible builds. So how about building
and comparing binary packages?

Unfortunately, build flags participate in build ids. That directly
implies a high risk of false positives and/or manual work.

Without further ado, here we go.

.debs unchanged:
* base-files
* db-defaults
* coreutils

coreutils 9.1 enables y2038 support by default if available, so this is actually expected.

Regards
Aurelien

--
Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Oct 20, 2022 at 09:42:58PM -0700, Steve Langasek wrote:

This is good. One thing that I think has been missing from the discussion about armhf rebootstrap is the fact that we do have experience in Debian doing cross-cutting ABI transitions without having to change an
architecture name. We've done this at least three times in Debian history: the libc5->libc6 transition ('g' suffix - which still remains today in libpam0g!), the GCC 4.0 C++ ABI transition ('c2' suffix), and the 'long double' transition ('ldbl' suffix, and an example of doing this for an ABI transition that didn't affect all architectures).

The first of these didn't require analysis, we knew all shared libraries
were affected (and Debian was much smaller then).

The second required analysis but it was easy because the C++ ABI is very visible in ELF symbols.

The third is the best analogue to the time_t situation, because it involved changing the size of a type that could appear not just in ABIs of C++ libraries, but also C libraries.

And we did manage to survive that intact! https://lists.debian.org/debian-devel/2007/05/msg01173.html

Nowadays, I wonder if abi-compliance-checker would be usable for analyzing the ABIs of C libraries to accurately identify what needs to change for time64_t. I think it would be interesting to know from this how many shared libraries expose time_t size in their ABIs.

Well, I didn't see anybody else expressing interest in this, so I had a go.

I've done a first-pass analysis of Ubuntu lunar/armhf using abi-compliance-checker. The results of my investigation, including scripts
and detailed reports/logs, are here:

https://people.canonical.com/~vorlon/armhf-time_t/

Notes:

- abi-compliance-checker was used to analyze headers of 767 library
packages in the archive. Of those, 82 of 558 were successfully analyzed
and identified as library packages that would need patched for the
switch to 64-bit time_t to mark them as ABI-incompatible with the
previous version on armhf.

- an additional 209 packages could not be analyzed, because a-c-c failed
to compile the headers using its invocation of gcc. Assuming a roughly
equal distribution of ABI-changing vs non-ABI-changing libraries among
these that have failed to compile, we'd be looking at around 113 of 767
libraries that need changed.

- if we decide the level of effort to patch this many libraries is
worthwhile, to get an actual actionable list of libraries that need
patched for this transition would require getting the compile failures
down to zero. I did dig into the failures alphabetically from "a" to
"libe"; most of these failures were resolved by one of three methods.
- letting a-c-c know that this is a C library and to not try to compile
it with gcc's C++ frontend;
- excluding various headers that can't be included directly, either
because they are internal headers that are included via other headers
in the package, or because they have dependencies on other headers not
in the archive and can't be compiled (and therefore can't affect the
library ABI);
- pulling in additional undeclared package dependencies.
Even when applying these fixes, I still had 8 library packages whose
headers I wasn't able to get to compile. So there's still quite a bit
of work to do here.

- On this preliminary pass, I only included library packages that shipped
both headers and .so's, as this supposedly gives the best quality
results from a-c-c. To get a full list of ABI-breaking changes,
however, we need to include packages that ship only headers and not
.so's, to catch those libraries for which the .so is in a different
binary package (boost), and to catch plugin systems for executables
(apache).

While I'm currently working on this using Ubuntu, the results are largely applicable to Debian, and the script itself certainly is. Note however that there are a couple of bugs in abi-compliance-checker that I've patched in Ubuntu, bug #951076 and bug #1030540, which you would want to have fixed
before trying to run this analysis in Debian. Cc:ing the a-c-c maintainer
for awareness of this.

Does doing an ABI transition of ~113 libraries seem tractable to folks? If there's interest in moving forward on this, I'd say the next step should be
to take it to debian-devel for broader discussion/signoff. I would also
move my scripts into a git repository that folks can contribute to -- adding the necessary overrides for a-c-c for each library, so we can get an authoritative list of ABI breakages, is very parallelizable.

Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmPfQeIACgkQVo0w8yGy Ez1iyhAApu7NE6f0QeFXo/6FbFWbBWlAYBT9oD3/ly9lMd6UYuBUBhO45/1k+Y23 DM4xpF7+tfFULAkRJWYx0AfnX73wGnZUJF+UX3fr01O2C54+SohX+hG5rAl7v7G8 /JcAf2hhuMN+OCsr6n+y21vKe6KfXXlp6ZzCjgTb8iPwygH4d1cwz6yNFdBTyOdI MIEnz9PF+LXuLW+4Uf3XkEY4LeEEvWXpvvtWL+AUazMTY3oap+2ywkvSlhHFwNZu D6E9ZSu8mlFXRHvvueqbudzYuC/5V5W+ZFwavVHVxwMmXkyJefxcGxxtiHKR1ATk kYGlO4u48+PjZGN3puiUSqwsz6ihX3L8HlNCwphymhfrjYC4+9ZL4dPneYxhbX8+ CF3nH3Kmr7Wd1VISnMjiP3qh77hAyoYeZYzDhG4iKOuDCg5oRYBSQ5+iVc2VQWx4 C0EEI8dG3gaqRQSm6MvVQQN5U+5VjmVm9PwkaXszaKfyYv+1Au/OG6tlzy64s32n nUOYDfGnjJ4awsRbc6eh67wIxkrvvBkpv5Q9RVAyb/hDr4IiJEbcBDDJ/gCGjFjs T/uyYb78Cmn7aKWH0hfI

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

On Thu, Oct 20, 2022 at 09:42:58PM -0700, Steve Langasek wrote:

This is good. One thing that I think has been missing from the discussion about armhf rebootstrap is the fact that we do have experience in Debian doing cross-cutting ABI transitions without having to change an architecture name. We've done this at least three times in Debian history: the libc5->libc6 transition ('g' suffix - which still remains today in libpam0g!), the GCC 4.0 C++ ABI transition ('c2' suffix), and the 'long double' transition ('ldbl' suffix, and an example of doing this for an ABI transition that didn't affect all architectures).

I feel like I should already know this, but after a bit of thought,
and reading the transitions wiki page: https://wiki.debian.org/Teams/ReleaseTeam/Transitions I do not
understand how the suffixes are used in these transitions.

That wiki page does not appear to mention adding suffixes to package
names. It appears to only document the process where the version is
just bumped, everything involved is rebuilt in experimental and then re-uploaded to unstable once we are ready to make the change.

I presume that the suffix is used for transitions involving a large
number of packages, in order to keep both the old-ABI and new-ABI
version of the packages around in parallel (and conflicting with each
other?) for a while which is necessary for larger transitions because
doing it all in one go would take too long, or get entangled with
uploads from the unware that might cause breakage, or something?

Can someone point at an explanation of the process, or add it to the above page?

Just rebuilding and not renaming sounds like a much smoother process,
because as soon as we rename then there is a load of renaming in
reverse dependencies too, and there is presumably a set of rules about
when conflicts are added and other details that need to be got right.

I presume there is a good reason for this distinction between 'minor' transitions and 'mega' transitions. I'd like to understand it properly.

Nowadays, I wonder if abi-compliance-checker would be usable for analyzing the ABIs of C libraries to accurately identify what needs to change for time64_t. I think it would be interesting to know from this how many shared
libraries expose time_t size in their ABIs.

Well, I didn't see anybody else expressing interest in this, so I had a go.

I've done a first-pass analysis of Ubuntu lunar/armhf using abi-compliance-checker. The results of my investigation, including scripts and detailed reports/logs, are here:

Thanks very much for this. Really helpful. I tried to use abi-dumper
and abi-compliance-checker but wasn't having much success in getting
useful reports out of them. I found abigail-tools to be quite a lot
simpler to use. Probably we should run both and investigat if they
disagree about differences.

I found out about your effort just in time to include it in my FOSDEM talk, which was good.

https://fosdem.org/2023/schedule/event/fixing_2038/ for anyone who is
unaware. (The Q&A has some dropouts and didn't add all that much
useful info so you can stop at about 17:20 without missing much).

- abi-compliance-checker was used to analyze headers of 767 library
packages in the archive. Of those, 82 of 558 were successfully analyzed
and identified as library packages that would need patched for the
switch to 64-bit time_t to mark them as ABI-incompatible with the
previous version on armhf.

- an additional 209 packages could not be analyzed, because a-c-c failed
to compile the headers using its invocation of gcc. Assuming a roughly
equal distribution of ABI-changing vs non-ABI-changing libraries among
these that have failed to compile, we'd be looking at around 113 of 767
libraries that need changed.

- if we decide the level of effort to patch this many libraries is
worthwhile, to get an actual actionable list of libraries that need
patched for this transition would require getting the compile failures
down to zero. I did dig into the failures alphabetically from "a" to
"libe"; most of these failures were resolved by one of three methods.
- letting a-c-c know that this is a C library and to not try to compile
it with gcc's C++ frontend;
- excluding various headers that can't be included directly, either
because they are internal headers that are included via other headers
in the package, or because they have dependencies on other headers not
in the archive and can't be compiled (and therefore can't affect the
library ABI);
- pulling in additional undeclared package dependencies.
Even when applying these fixes, I still had 8 library packages whose
headers I wasn't able to get to compile. So there's still quite a bit
of work to do here.

- On this preliminary pass, I only included library packages that shipped
both headers and .so's, as this supposedly gives the best quality
results from a-c-c. To get a full list of ABI-breaking changes,
however, we need to include packages that ship only headers and not
.so's, to catch those libraries for which the .so is in a different
binary package (boost), and to catch plugin systems for executables
(apache).

While I'm currently working on this using Ubuntu, the results are largely applicable to Debian, and the script itself certainly is. Note however that there are a couple of bugs in abi-compliance-checker that I've patched in Ubuntu, bug #951076 and bug #1030540, which you would want to have fixed before trying to run this analysis in Debian. Cc:ing the a-c-c maintainer for awareness of this.

I tried just running the script on debian and it tried 121 libraries
before dying, and produced compatibility results for 71. So yes it
needs some work to get useful numbers out.

You just ran this on Ubuntu main, so there will be quite a lot more
libraries in debian, I presume?

Does doing an ABI transition of ~113 libraries seem tractable to folks?

It certainly provides evidence for the idea that this is not
completely intractable, which I think many people (including me)
worried was the case initially.

If
there's interest in moving forward on this, I'd say the next step should be to take it to debian-devel for broader discussion/signoff. I would also
move my scripts into a git repository that folks can contribute to -- adding the necessary overrides for a-c-c for each library, so we can get an authoritative list of ABI breakages, is very parallelizable.

Yes I think we should proceed with this analysis on debian to get a
better handle on just how many libraries we are looking at.

I would also still like suggestions/test cases for $stuff that we
thing will/might break _other_ than library ABI transitions, which we
at least know how to handle in general. So far there have not been
many things suggested, my list of tests I can run to check has zero
entries. That may be good sign (there just aren't that many), or it
might be a bad sign (no-one knows/is checking).

I have created a releasegoal page to discuss this transition in
general, and collect relevant info: https://wiki.debian.org/ReleaseGoals/64bit-time

I think it would be useful do a bit more work on the ABI checking and data-collecting (e.g. raspian input) before going to debian-devel, but
not wait more than another week or two, because people are already
switching, possibly without fully understanding the implications: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026204


Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEER4nvI8Pe/wVWh5yq+4YyUahvnkcFAmPtEZIACgkQ+4YyUahv nkclNxAAsLdooxVedEL+k0ckXszW/2C6h7fVSj6nZ91TUV94xGa7sZK2fVX3kQB+ ZGTyf9Jlb8EzA0bjRPV+/O5eQOQSsFKOC04L5Y09PHm9gFqYJ3m/JQMg7rSQvDWZ zTqJqnFAnad5UFuIRaTYWtnLMqDDa6k4vwfhcZsM+JBqndbAMhKY23e5a1nyv1M1 fGVFMzHEkHhVbKST6H4wHNHgnOYUTtnZUYotHkb6RR2cdMFhbCw+zsmPhccGW+6o ztSsr/V3G6PDd6rJk6PuhDZirFsTMXB89+Xvs3CBWTB5oqdw+mwPlyoGU79JHuEz NGM+YwFrIBx6MUkHn5c0tiaNvOyERZeWRaEVV4gnrqloJS5Ep3kQBOKh6K7DIuCq afLdGtzorza1lV2TRE/G27tvYJcKDJy54ixINmqnTLVsKiONIJOrfSydYdXeN2Ci HPZvNmCeJIQEaOnXXpeCBixGjCpZ4k7yRQPk7mDEwCaBqQ+wItla/Y4B1ErqT0Xl 4OMcGLkO/aAPA9W/uoIPiBc7gtFAo7IqXM/59jgt0jNHwNbCANhuTeDEfMfT0OJC E7tD0KE2ksVQ/jXKW4lHyQeJwhkDtX/b3h1+7hZkOH4vurEGBEBmbq8BvtLFA/ZM ezvzqE30bb54ADSO8gMvtkADHt644LmyjiayKYGdmCGUmdpSpV0=
=SYoM
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Feb 15, 2023, at 18:08, Wookey wrote:

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

On Thu, Oct 20, 2022 at 09:42:58PM -0700, Steve Langasek wrote:

Does doing an ABI transition of ~113 libraries seem tractable to folks?

It certainly provides evidence for the idea that this is not
completely intractable, which I think many people (including me)
worried was the case initially.

When I did a similar analysis a few years ago using just pattern-matching
on header files, the result was that more than half the total packages
in Debian depended on at least one other package that needed an ABI
transition, which in my mind made it unrealistic.

It's possible that there were a lot of false-positive results in my
analysis then, but I would still suggest looking at what portion of
the archive depends on the libraries that you identified this time.

Arnd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Monday, 20 February 2023 16:24:37 CET Arnd Bergmann wrote:

On Wed, Feb 15, 2023, at 18:08, Wookey wrote:

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

On Thu, Oct 20, 2022 at 09:42:58PM -0700, Steve Langasek wrote:

Does doing an ABI transition of ~113 libraries seem tractable to folks?

It certainly provides evidence for the idea that this is not
completely intractable, which I think many people (including me)
worried was the case initially.

When I did a similar analysis a few years ago using just pattern-matching
on header files, the result was that more than half the total packages
in Debian depended on at least one other package that needed an ABI transition, which in my mind made it unrealistic.

If you do it in the early stage of Trixie's dev cycle, would it still be unrealistic? It may be a bumpy ride and take a while, but I don't see an immediate issue with that. Sid may finally become Unstable again ;-P

But *when* you do it, is quite relevant. If you/we are only a few months away from the Trixie Freeze, then it's probably not a good idea.
But if we're 1-1.5 years before that, there's plenty of time to fix things.

Or is that too simplistic on my part?
-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQT1sUPBYsyGmi4usy/XblvOeH7bbgUCY/OlpgAKCRDXblvOeH7b buiTAP0W/sfZow3swsoHKYLCD1eecpg9fWnD11LSsCUdZ9LgzAD7BzjBxqq2pgsk WoHCySRA4Dg7iBJY2obRY7vGNkXKxAU=
=B9V+
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-20 17:53 +0100, Diederik de Haas wrote:

On Monday, 20 February 2023 16:24:37 CET Arnd Bergmann wrote:

On Wed, Feb 15, 2023, at 18:08, Wookey wrote:

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

On Thu, Oct 20, 2022 at 09:42:58PM -0700, Steve Langasek wrote:

Does doing an ABI transition of ~113 libraries seem tractable to folks?

It certainly provides evidence for the idea that this is not
completely intractable, which I think many people (including me)
worried was the case initially.

When I did a similar analysis a few years ago using just pattern-matching on header files, the result was that more than half the total packages
in Debian depended on at least one other package that needed an ABI transition, which in my mind made it unrealistic.

If you do it in the early stage of Trixie's dev cycle, would it still be unrealistic? It may be a bumpy ride and take a while, but I don't see an immediate issue with that. Sid may finally become Unstable again ;-P

But *when* you do it, is quite relevant. If you/we are only a few months away
from the Trixie Freeze, then it's probably not a good idea.
But if we're 1-1.5 years before that, there's plenty of time to fix things.

Or is that too simplistic on my part?

No. I think that's reasonable.

One thing we do have to worry about right now is that anything which
has enabled LFS anytime in the last 15 years that rebuilds against a
current gnulib will automatically get 64-bit time_t unless they
explicitly turn it off. We may well have packages in the archive that
have had this done to them without noticing, and clearly we don't want
to do this in bookworm.

I'm not quite sure what the best way to check for this is. Is there a
place one can grep all buildlogs? AIUI gnulib is statically included
in the build a-la autoconf so it probably only happens when a new
upstream is pulled in with updated gnulib. BICBW.

gnulib doesn't seem to do releases (last tag 9 years ago 'v0.1') so I'm not quite sure when this changed.
Ah July 2021: https://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=history;f=m4/year2038.m4;h=2e4427e6fac10550c99748abebf31b61e6afda2b;hb=b9bf95fd0a6ab666b484b1e224321664f051f7fa

So the module has existed since 2017, but only defaults on since mid
2021. I'm not sure what one should be looking for in build logs to set
off the alarms.

Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEER4nvI8Pe/wVWh5yq+4YyUahvnkcFAmQBcmcACgkQ+4YyUahv nkeoPQ/+MognXmCdlvaUhdz+B8Dyk67DqHB749BHEjE++FqnT05+7YVxt/vnKVKP 1xt6jeBl6rlq7rDmdYy6RyNeRZ6+DoSOHKxILFLLtHZYie/Elo+Y6st8lm3WR9JW 0SrHWSxKv9RQzdGW6Acb77Il/V6ubxYXP/B8zl6tKHWkD61kguWurB3gAx9eNai1 xepawKzJ2DaLa0TasWbjsmvA5pf0qUgqm1nOsHdY40sC9tRh8IDBQc82SpgXuIAG ceRYXZ1xzAqOZCCA8ZqxTK+F/qTqsIJeRsXiQJ910uCRhIUARS704r1bXC9a2vwp zIrcXvTqxsdMEfvLV0vrx/zFRms617ca7r08V1Pcg9I++HSwnFZRp5O4xpNaLd7M R7RSeR/skB3fgglppyfmUuHM4HM0MnCKuCv+kYTZWm71zP7HUXV+eSWPx5747kMK 0Z3mgwfqZvplUNrWkhIEsTARUf8k0XzWmpbGjZbrKhXj2ajACoZecJak3+s1R1D5 au5mwfD3mxUTK+1a47IxeYNwaBdfEtoku2VaqQ6ibe+gddizEWaWTD4pWJur16ao JKooxgj3dn5A9vxn9frlQK1bWpikS/vRaJfYWJSmOljoO6q060heSidsygPs5iw1 hei7jLQDVfW1SQN8p/jlOrTpAsVBUDm3tnJTQD+NaX5hozaOxGs=
=fXWD
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Fri, 2023-03-03 at 04:07 +0000, Wookey wrote:

Is there a place one can grep all buildlogs?

Debian members can access them on the buildd.debian.org server for eg:

/srv/buildd.debian.org/db/0/0ad/0.0.11-1/i386_1347540026_log.bz2

Please keep an eye on system load while searching them though.

If you only need build-dep versions, probably a better option is
the archive of buildinfo files and the database for searching it.

https://buildinfos.debian.net/ftp-master.debian.org/ https://salsa.debian.org/bremner/builtin-pho/

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmQCyo4ACgkQMRa6Xp/6 aaNMPhAAo9ob4QjbUyJXKCY06+cNPeTnWly+OAuWoYOjD5+e+vVn6w/3QtlabGZA 8MLCeJnczLWKOd1mj0qjiHOh2UwkLY9ZnhhopgpRqcrdAfYv4W8AST1XwADdRmaw vV0aWjZ7HMSZukUQPHhsECSVoCxEc0ZzQCWTsZzkSyHEB4UY76gfHZzFbnziN+gP 6tFcBOjltX3FhHDwg7ffbHmeBgncb8xlkqliAnncpp/4EvgpYkvlbBcq6C6SZQ+W fIvubPsuR1tsGkmvZgAIhkILKCRjd9BrU+c3amDrR1CT+e1h/IdKgjGwP8XCzX2t RU2lykoHjS9mlgWyudOLVviF0OcDljEmNWFlvH8kHU0WSDkM75yVtwTHql1kUM1t SBYzoIWErEPuSjJBa3MMf+KbIKeYm9evXxEkbd6/8lULdbA7gb+VAIvPgP9Hta0H itlccMk8clJkORoEG3Bx0Z0QyGD3wUc3V5hcgQfYYQyEoKVnvkA4WUt0Jsw4uUYh Usg6IswwWxsIkAKYUEljpEaBvt4q+MoGgKkYBX3t/aZ20gJXYF9sCJMSANJ4OfJO PE8aWUmB1m3aA6KoMQIZprmJDyuttLVleaAUPoHb2bKw8N/XN1tld1FD49ZolZyo Z330em23/6H+fBhR6iHTjULlr9kMfda+cbtH2SFY9+/DTXD8GCU=
=rrb/
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2023-02-15 17:08 +0000, Wookey wrote:

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

Yes I think we should proceed with this analysis on debian to get a
better handle on just how many libraries we are looking at.

OK. We have over 10,000 *-dev package in debian so this took a while,
but I've now finished an initial pass.
The results are:
Total -dev packages: 10323
Time_t changes ABI: 329
LFS changes ABI: 58 0.6%
ABI unchanged: 1840 5.6%
Compilation failed: 1637
No headers in pkg: 3852
No library in pkg: 5086
total analysed: 10249
(note that the no-headers and no-libs categories are not exclusive
- the other classifications are)

Not quite sure where we lost 74 packages down the back of the sofa but at 0.7% it's noise.

So we have about 5000 packages which can basically be ignored for this purpose: golang* (1943)
librust* (1955) - source-only, no dynamic linking, no .so's in any package
and libghc* (1065) - changes ABI at drop of hat (every new version) anyway.

Of the remaining 5360, 5237 have .so files to check. Of those 329
change ABI and another 58 are not built with LFS currently
so also change ABI due to that. That's 387 (7%).

34% are fine. And an annoyingly large 1637 (30%) did not build under Abi-compliance-checker to determine one way or the other. Assuming 7%
of those are a problem that's another 114 packages.

I've yet to determine how many of the 'no-libs/no-headers' packages
actually expose an ABI we need to worry about. There will be some
more, from stuff like boost and Qt.

So the scale of the transition task in Debian is quite a lot bigger than in Ubuntu: Probably 400-500 packages.

I've linked my lists on the wiki page. https://wiki.debian.org/ReleaseGoals/64bit-time

I believe Steve L (who has done most of the heavy lifting on the
script) is running a check too and will have some results soon.

Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEER4nvI8Pe/wVWh5yq+4YyUahvnkcFAmQZHdQACgkQ+4YyUahv nkfWdBAAxgCbCpqLFfURgAxMiQsAQr78Dwu2qJoBqgxVfJ7+gV2wwZJaJz9BvmHA ZxvykFQvEJoZ1hA2D6zPBcGseylZqfEQ4uVE8GGaY/N67OoZue+hmHEZPMi8nNhX 8D1WlpROZjY1J19vzNX17vUMOyal679wmqmGSw4Ac03oxn4Xy/DafXyxHdK4fwBT 1G7PyfiWVeQAg0fwjErCImCTgdkgpusVVX6HPSyHrdVBQMQD5art+WGN8z8CvWDg zFOmGjQkRl/FjaMJNhUz1nTo3Re5TIoccFuxA3r98rNihVytj/CQxb4QH+tSaSQp b8pOz36X49RG+QGWjah66VeBHKohZpRh2dhvS4jekg+KZ1H5DiyUiiBAExIByuVM IOdajyQ0ROzNpkxoebtFsyf0vh8xNcyXvkaG9bnucOt/mKGGoOOtgVWv/drGsdXI apXUkq9MFpOWHfYIeyqFECJKKbiyovAGGbNImbBvSxb2gY/+3+lSTv4iho7QUo/j vW1KwMpTGVNdlGqYTOxworjGa1JNFWJbof3fYocK4XsV/M9GboJ698QI/IBo8E2B Mz17FfS7HGL9V/omf8TbS3NTjPnpR1de2a14X2SIm/pGHJKaMCmr4/XZY+dykVU9 TMEFMpmhEfaiYXTRZnv/NuiM5TWrleBvje8tFIc8BBdJUTRzgDQ=
=gXZi
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sorry for the long radio silence on this; I had identified some issues with
my prior report and wanted to rerun it with some fixes, and that analysis
took rather longer than expected (mainly due to infrastructure slowness).

Refreshed output for Ubuntu is here:

https://people.canonical.com/~vorlon/armhf-time_t/

So comparing with Wookey's results, I see:

Total -dev packages tested: 4603
Time_t changes ABI: 349
LFS changes ABI: 71
ABI unchanged: 2085
Compilation failed: 2098

So certainly this appears to be the same order of magnitude as Wookey's separate analysis.

The other question is what impact this has on the archive as a whole, with triggering of rebuild transitions. Looking at the
reverse-build-dependencies of those 349 packages gives:

$ while read pkg; do grep-dctrl -n -sPackage -w -FBuild-Depends $pkg /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lunar_*Sources ; done < abi-breaks | sort -u | wc -l
3626
$

NB this is a bit of an undercount as a result of packages that ship headers
but aren't the thing being directly build-depended on. A more accurate
count is probably to look at binary packages, from the same source as the
-dev package, that the -dev package depends on and look at
reverse-dependencies of those. But for a first pass, here's where we are.

There are also roughly 2100 packages for which compilation failed. To know which packages actually have ABI changes and require transitions, we would
need to work through this list and get the count down to 0.

But as a first-order approximation, this looks doable to me as a transition
we could manage.

What do other folks think? Are you on board with proposing this to debian-devel? Anyone want to help add the necessary quirks to drive down
the list of compilation failures?


On Tue, Mar 21, 2023 at 03:00:41AM +0000, Wookey wrote:

On 2023-02-15 17:08 +0000, Wookey wrote:

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

Yes I think we should proceed with this analysis on debian to get a
better handle on just how many libraries we are looking at.

OK. We have over 10,000 *-dev package in debian so this took a while,
but I've now finished an initial pass.
The results are:
Total -dev packages: 10323
Time_t changes ABI: 329
LFS changes ABI: 58 0.6%
ABI unchanged: 1840 5.6%
Compilation failed: 1637
No headers in pkg: 3852
No library in pkg: 5086
total analysed: 10249
(note that the no-headers and no-libs categories are not exclusive
- the other classifications are)

Not quite sure where we lost 74 packages down the back of the sofa but at 0.7% it's noise.

So we have about 5000 packages which can basically be ignored for this purpose:
golang* (1943)
librust* (1955) - source-only, no dynamic linking, no .so's in any package and libghc* (1065) - changes ABI at drop of hat (every new version) anyway.

Of the remaining 5360, 5237 have .so files to check. Of those 329
change ABI and another 58 are not built with LFS currently
so also change ABI due to that. That's 387 (7%).

34% are fine. And an annoyingly large 1637 (30%) did not build under Abi-compliance-checker to determine one way or the other. Assuming 7%
of those are a problem that's another 114 packages.

I've yet to determine how many of the 'no-libs/no-headers' packages
actually expose an ABI we need to worry about. There will be some
more, from stuff like boost and Qt.

So the scale of the transition task in Debian is quite a lot bigger than in Ubuntu: Probably 400-500 packages.

I've linked my lists on the wiki page. https://wiki.debian.org/ReleaseGoals/64bit-time

I believe Steve L (who has done most of the heavy lifting on the
script) is running a check too and will have some results soon.

Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/

--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmQ6IPkACgkQVo0w8yGy Ez1+Ow//RBUepUluqKjwANYN1HLILlRwe8FASUGuZ6/Z1OF/tans+qMe5KjRMs4m GnGGSfkMCn/JLkEH9Kho1nvRwTHKlwnVrDgmWKHV6au9PoaI8sRqX2FnjmEXkvOB VAv+p0aSCrD1A4bxYrCsN/MNofFAMG0Qix7IZ372UTTUgLPqaF3tjVJAXkiA5a7k 3+kabXCuLTicSZ5DL34gp9Dm04qEKP6FBxxrNboumQjmqOTNzfR/fnBv6VS0fE4b mr8druIUJg27YpJ1gsOxgB7I87smxEdF6HJbUJpwuJwt39C7+F+4RKq1A1DYnHO7 Av/8YMd9XJ1YPMX8oonA3bmYEudVXHtbqVrbqvlXnkdqTGPR6x32oMMJlMplUINW P4OeYZlCCTOz84fm5gBRPWB9qbnrr4g35xmJNUMzFfZz5H9hZCzp11yLWdFPp8jk 1md5nPn4zmJ7dmbIMkjRgw7UqHoxinGuXggjNTBvCtvGPLlv77ZMGasgdv1tSy9B ohwBd/1Hpz59Z7VxG69fcKLNjJiZIdPzRR7f+EojTS2lFj45oJyIqV14c+wOZUnC FibdsAv+4tCsHRTpdxb6

On Wed, Feb 15, 2023 at 05:08:40PM +0000, Wookey wrote:

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

On Thu, Oct 20, 2022 at 09:42:58PM -0700, Steve Langasek wrote:

This is good. One thing that I think has been missing from the discussion
about armhf rebootstrap is the fact that we do have experience in Debian doing cross-cutting ABI transitions without having to change an architecture name. We've done this at least three times in Debian history:
the libc5->libc6 transition ('g' suffix - which still remains today in libpam0g!), the GCC 4.0 C++ ABI transition ('c2' suffix), and the 'long double' transition ('ldbl' suffix, and an example of doing this for an ABI
transition that didn't affect all architectures).

I feel like I should already know this, but after a bit of thought,
and reading the transitions wiki page: https://wiki.debian.org/Teams/ReleaseTeam/Transitions I do not
understand how the suffixes are used in these transitions.

That wiki page does not appear to mention adding suffixes to package
names. It appears to only document the process where the version is
just bumped, everything involved is rebuilt in experimental and then re-uploaded to unstable once we are ready to make the change.

I presume that the suffix is used for transitions involving a large
number of packages, in order to keep both the old-ABI and new-ABI
version of the packages around in parallel (and conflicting with each
other?) for a while which is necessary for larger transitions because
doing it all in one go would take too long, or get entangled with
uploads from the unware that might cause breakage, or something?

When we have an ABI change in the distro that affects shared libraries, but
is not the result of sourceful changes to the upstream source, we don't want
to change the soname of the library; that's upstream's domain.

But we do need at the packaging level to distinguish between two packages of the library that provide different ABIs, so that packages depending on one
ABI don't incorrectly get the package with the other ABI, resulting in
broken runtime behavior.

When we transition, the un-annotated package will remain present in older releases, but will be entirely superseded in unstable by the package
providing the new ABI.

BTW, I'll suggest "t64" as the library name suffix here.

Just rebuilding and not renaming sounds like a much smoother process,
because as soon as we rename then there is a load of renaming in
reverse dependencies too, and there is presumably a set of rules about
when conflicts are added and other details that need to be got right.

No, that breaks partial upgrades and makes a right mess of unstable *and* of upgrades between stable releases. "Just rebuilding and not renaming" is the "rebootstrap" approach which I am hoping to avoid.

--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmQ6yQQACgkQVo0w8yGy Ez0ofA/9Glsr5R4c8GwTWjwlApcf6nte0RX2wCroNLkfrK+ye0f5d7IirSLHX7nc 1hB2B3qyz9DkWrfqC3LMZfOjmFieDFxOEfa2rqnWDvY5OqW//7LndxBmh0nWe3Cv KaRyhJvw71raLFmLJCgtQE5Uqw1aPINsRNzkGsjQTRi+Xjmq+Z8ujViL9KqshEzV DionXIR9b3+dC4EqXfmaSWdhrgULvJAHTl8e9IZibj8M4o+Wgi+HTvqDF3ZJBxYf 2Hp3Hka+3QlgX/OrEVmO4CMxeH1oxalwfBVLshpygQkxmp80FOOoX9Tut36rE0W8 eHxo713BbZEaMBvUmzfb6PnWf8uT7qKnzrB7yD5gEY78r6FYnjHNpBPgqaIbUvvP dYiizoDuAcAo14e88HQ8bi9SlAHQc8F/R6dzAoLBLCBC/GpgQejpQvSecTClNmKu WyCmm0CYQ0pyLnG4f8lakN99CM9jouCbsStNQIHK6ee//UpufNxcM1hzCQDeORZL +cy4LtAThRFspKNjX7Rl/bvhFlsUa84jhRaMEUn6lqIaGqkrg9MaccR6Nkzo99Us NFgsTbBmdTJqndKBw1iJ

--hI4pZpavaP5B8IbW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Apr 14, 2023 at 08:58:55PM -0700, Steve Langasek wrote:

Sorry for the long radio silence on this; I had identified some issues with my prior report and wanted to rerun it with some fixes, and that analysis took rather longer than expected (mainly due to infrastructure slowness).

Refreshed output for Ubuntu is here:

https://people.canonical.com/~vorlon/armhf-time_t/

So comparing with Wookey's results, I see:

Total -dev packages tested: 4603
Time_t changes ABI: 349
LFS changes ABI: 71
ABI unchanged: 2085
Compilation failed: 2098

So certainly this appears to be the same order of magnitude as Wookey's separate analysis.

A little more digging here into the failures; I've prioritized them by
number of reverse-build-depends:

while read devpkg; do
count=$(grep-dctrl -w -FBuild-Depends $devpkg -n -sPackage \
/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lunar_*Sources \
| sort -u | wc -l)
echo "$count $devpkg"; done < failed-compilation \
| sort -n -r > sorted-revdep-count

One nice finding is that 807 of the libraries that have failed analysis have
no reverse-build-dependencies at all, so can be more or less ignored for the transition (we should still follow through on the analysis and rename
packages, but this can happen any time during the trixie release cycle).

One *unfortunate* finding, having fixed up the compilation of the top 5 failures, is that each of libssl-dev, libgtk-3-dev, and libgtk2.0-dev breaks ABI with 64-bit time_t.

The other question is what impact this has on the archive as a whole, with triggering of rebuild transitions. Looking at the
reverse-build-dependencies of those 349 packages gives:

$ while read pkg; do grep-dctrl -n -sPackage -w -FBuild-Depends $pkg /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lunar_*Sources ; done < abi-breaks | sort -u | wc -l
3626
$

But on the bright side again, this only increases the number of revdeps that are part of the transition from 3626 to 4004, due to overlap with other libraries.

From my perspective, this is entirely achievable and we should move forward with discussing this more broadly on debian-devel.

Note that while armhf is the priority wrt Ubuntu, this would also address
2038 compatibility for armel and mipsel as Debian release archs. (I do not think we should change i386 to 64-bit time_t as the primary value of this
arch is for binary compatibility with legacy applications that can't be recompiled.)

NB this is a bit of an undercount as a result of packages that ship headers but aren't the thing being directly build-depended on. A more accurate
count is probably to look at binary packages, from the same source as the -dev package, that the -dev package depends on and look at reverse-dependencies of those. But for a first pass, here's where we are.

There are also roughly 2100 packages for which compilation failed. To know which packages actually have ABI changes and require transitions, we would need to work through this list and get the count down to 0.

But as a first-order approximation, this looks doable to me as a transition we could manage.

What do other folks think? Are you on board with proposing this to debian-devel? Anyone want to help add the necessary quirks to drive down
the list of compilation failures?

On Tue, Mar 21, 2023 at 03:00:41AM +0000, Wookey wrote:

On 2023-02-15 17:08 +0000, Wookey wrote:

On 2023-02-04 21:42 -0800, Steve Langasek wrote:

Yes I think we should proceed with this analysis on debian to get a better handle on just how many libraries we are looking at.

OK. We have over 10,000 *-dev package in debian so this took a while,
but I've now finished an initial pass.
The results are:
Total -dev packages: 10323
Time_t changes ABI: 329
LFS changes ABI: 58 0.6%
ABI unchanged: 1840 5.6%
Compilation failed: 1637
No headers in pkg: 3852
No library in pkg: 5086
total analysed: 10249
(note that the no-headers and no-libs categories are not exclusive
- the other classifications are)

Not quite sure where we lost 74 packages down the back of the sofa but at 0.7% it's noise.

So we have about 5000 packages which can basically be ignored for this purpose:
golang* (1943)
librust* (1955) - source-only, no dynamic linking, no .so's in any package and libghc* (1065) - changes ABI at drop of hat (every new version) anyway.

Of the remaining 5360, 5237 have .so files to check. Of those 329
change ABI and another 58 are not built with LFS currently
so also change ABI due to that. That's 387 (7%).

34% are fine. And an annoyingly large 1637 (30%) did not build under Abi-compliance-checker to determine one way or the other. Assuming 7%
of those are a problem that's another 114 packages.

I've yet to determine how many of the 'no-libs/no-headers' packages actually expose an ABI we need to worry about. There will be some
more, from stuff like boost and Qt.

So the scale of the transition task in Debian is quite a lot bigger than in Ubuntu: Probably 400-500 packages.

I've linked my lists on the wiki page. https://wiki.debian.org/ReleaseGoals/64bit-time

I believe Steve L (who has done most of the heavy lifting on the
script) is running a check too and will have some results soon.

Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/

--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

--hI4pZpavaP5B8IbW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=sorted-revdep-count

351 libxext-dev
297 libxt-dev
291 libqt5svg5-dev
251 libkf5config-dev
249 libncurses-dev
224 libsystemd-dev
220 libkf5kio-dev
146 libpq-dev
141 libkrb5-dev
128 qtbase5-private-dev
125 libkf5iconthemes-dev
120 libltdl-dev
118 libpcre2-dev
117 libwayland-dev
115 libavcodec-dev
110 libgstreamer-plugins-base1.0-dev
110 libeigen3-dev
109 libxaw7-dev
108 libkf5notifications-dev
104 librsvg2-dev
104 libhdf5-dev
97 apache2-dev
88 libgtk-4-dev
88 libfuse-dev
86 libwxgtk3.2-dev
86 libprotobuf-dev
85 libmpfr-dev
84 libselinux1-dev
84 libavutil-dev
82 libglew-d