Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We should probably allow libz linkage, and maybe libexpat #152

Closed
njsmith opened this issue Apr 24, 2019 · 7 comments · Fixed by #334
Closed

We should probably allow libz linkage, and maybe libexpat #152

njsmith opened this issue Apr 24, 2019 · 7 comments · Fixed by #334
Labels
enhancement

Comments

@njsmith
Copy link
Member

njsmith commented Apr 24, 2019

Here's the output of ldd python3 on my system (Ubuntu 18.10):

~$ ldd /usr/bin/python3
	linux-vdso.so.1 (0x00007ffd9ddbb000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1f0e73b000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1f0e71a000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1f0e714000)
	libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x00007f1f0e70f000)
	libexpat.so.1 => /lib/x86_64-linux-gnu/libexpat.so.1 (0x00007f1f0e6d2000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1f0e4b5000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1f0e326000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f1f0e94c000)

Most of that is glibc or kernel stuff. The exceptions are libexpat.so.1, and libz.so.1.

ldd /usr/bin/python2 gives a similar list, except it's missing libexpat.so.1.

The standard auditwheel profiles don't allow wheels to link against libz.so.1 or libexpat.so.1 – they get vendored instead. (See also: pypa/manylinux#296)

However... this doesn't actually work!

Because of how ELF symbol resolution works, it doesn't matter whether you vendor these libraries: if they show up in ldd <the interpreter>, then any symbols in the system version of those libraries will be used by all python extensions, no matter what they vendor or link against. Basically the system version of libz.so.1 and libexpat.so.1 are getting LD_PRELOADed into every extension module.

And apparently... this works? I haven't seen any bugs about it. And it's plausible to me that these libraries have extremely stable ABIs.

So maybe we should add them to the list of libraries that auditwheel will allow you to depend on without vendoring... the vendoring isn't doing much anyway.
@njsmith njsmith mentioned this issue Apr 24, 2019
Closed
@mayeut
Copy link
Member

mayeut commented Apr 28, 2019

The dump for python interpreter on manylinux1 and manylinux2010 images are not quit the same.
They only rely on .so mentioned in the respective PEP except for python 3.7 on manylinux2010 which also adds:

libfreebl3.so => /lib64/libfreebl3.so (0x00007fd024df0000)

That being said, I do agree that at least libz.so.1 should be added to the list. zlib is a package that's installed on almost all linux distros as a default package (if not all, it's always available and is a python dependency anyway, at least for the zlib module if not for the interpreter). Its ABI is very stable indeed.

About libexpat.so.1, well, it's not available through yum on manylinux1 (centos5) but is available on manylinux2010 (centos6). I don't know much about its ABI stability.

[root@ce48f06f97b0 /]# yum provides '*/libexpat.so.1'
Reducing CentOS-5 - libselinux to included packages only
Finished
No Matches found

If its ABI is stable, then vendoring it might still be the way to go, it would be unused on systems having a python interpreter linking against it but still be used on systems without it.

@jjhelmus
Copy link

expat has been ABI compatible since the 2.0 release where there was a SONAME change. CentOS 5 includes expat 1.95 where as CentOS 6 has 2.0.1.

@matthew-brett
Copy link
Contributor

Are there any Pythons that do not link against libz and libexpat?

How should we fix this properly? I guess we have to confirm ABI compatibility for all versions of libz and libexpat that may be linked to any installed Python.

@jjhelmus
Copy link

jjhelmus commented May 1, 2019

Are there any Pythons that do not link against libz and libexpat?
There are Pythons that do not link against libexpat, for example the ones provided by Anaconda, Inc and conda-forge. The pyexpat module can be build against the system expat library or not using the--with-system-expat argument. Both Anaconda, Inc and conda-forge do not use this argument Linking against libz should be more reliable although it is possible to statically link libz.

@romaingz romaingz mentioned this issue May 14, 2019
Closed
@ftsamis ftsamis mentioned this issue May 31, 2020
Merged
@skvark skvark mentioned this issue Aug 31, 2020
Closed
4 tasks
mayeut added a commit to mayeut/pep600_compliance that referenced this issue Nov 11, 2020
@mayeut
Find and save python direct dependencies
39d0f94 
This should help investigate pypa/auditwheel#152
mayeut added a commit to mayeut/pep600_compliance that referenced this issue Nov 12, 2020
@mayeut
Add zlib symbols to cache for x86_64
ed561b7 
This should help investigate pypa/auditwheel#152
@mayeut mayeut mentioned this issue Dec 6, 2020
Closed
@mayeut mayeut mentioned this issue Feb 3, 2021
Closed
@mattip
Copy link

mattip commented Feb 3, 2021

Can we separate this into two: remove libz and continue exploring libexpat?

@bdice bdice mentioned this issue Feb 16, 2021
Closed
@mayeut
Copy link
Member

mayeut commented Mar 27, 2021

@mattip, in fact, having checked both, removing libexpat seems safer than libz for now. While I don't expect anything going wrong with libz fo most users, its ABI is in fact less stable than libexpat, with symbols added/removed at different points in time for the same soname (while it makes sense for added symbols, it doesn't for removed ones...).

mayeut added a commit to mayeut/auditwheel that referenced this issue Mar 27, 2021
@mayeut
Add libexpat.so.1 to whitelisted libraries starting with manylinux2010
05738b4 
relates to pypa#152
@mayeut mayeut mentioned this issue Mar 27, 2021
Merged
mayeut added a commit to mayeut/auditwheel that referenced this issue Mar 28, 2021
@mayeut
Add libexpat.so.1 to whitelisted libraries starting with manylinux2010
1091e88 
relates to pypa#152
mayeut added a commit that referenced this issue Mar 28, 2021
@mayeut
Add libexpat.so.1 to whitelisted libraries starting with manylinux2010 (
242dcfd 
#301)

relates to #152
@mayeut mayeut mentioned this issue Apr 3, 2021
Closed
@mayeut mayeut mentioned this issue May 17, 2021
Closed
6 tasks
@mayeut mayeut mentioned this issue May 27, 2021
Closed
This was referenced Aug 28, 2021
Closed
Merged
@tylerjereddy tylerjereddy mentioned this issue Feb 15, 2022
Closed
@mayeut mayeut mentioned this issue Feb 20, 2022
Closed
@jorisvandenbossche jorisvandenbossche mentioned this issue Mar 15, 2022
Merged
@takluyver takluyver mentioned this issue Apr 2, 2022
Closed
@jneem jneem mentioned this issue Oct 19, 2022
Merged
13 tasks
jneem added a commit to jneem/nixpkgs that referenced this issue Jul 2, 2023
@jneem
pythonManylinuxPackages: add libz and expat
38d66c2 
These libs aren't mentioned in PEP 513, but auditwheel allows them
(pypa/auditwheel#152) and so built wheels
may depend on them.
@asottile-sentry
Copy link

hmm so slightly annoyingly the official python slim docker images don't contain libexpat.so.1:

$ docker run --rm -ti python:3.12.6-slim bash -c 'ls /lib/*/libexpat'
ls: cannot access '/lib/*/libexpat': No such file or directory

@asottile-sentry asottile-sentry mentioned this issue Nov 13, 2024
Open
@HinTak HinTak mentioned this issue Nov 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add libz.so.1 to whitelisted libraries mayeut/auditwheel
6 participants
@matthew-brett @njsmith @mattip @jjhelmus @mayeut @asottile-sentry