💾 Archived View for gemini.susa.net › linux_runtime_linking_debug.gmi captured on 2022-01-08 at 13:50:54. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
I compiled and installed GnuTLS to get some features that my distribution package was missing. However the next time I tried to clone a repository, git complained with an error.
git-remote-https: relocation error: /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4: symbol gnutls_srp_allocate_client_credentials, version GNUTLS_3_4 not defined in file libgnutls.so.30 with link time reference
So, I locate the files relating to this shared object...
~$ locate libgnutls.so.30 /usr/lib/x86_64-linux-gnu/libgnutls.so.30 /usr/lib/x86_64-linux-gnu/libgnutls.so.30.13.1 /usr/local/lib/libgnutls.so.30 /usr/local/lib/libgnutls.so.30.28.0
My local installation shows up, along with the original Debian copies of the library.
Some commands that can help here:
nm -gC <file> - list (extern) object file symbols in a readable format. readelf -sW <file> - list symbols, one per line, of an elf file. ldd <file> - list shared object dependencies
In this case, I start with 'ldd' to see what relates to gnutls...
~$ ldd /usr/lib/git-core/git-remote-https|grep gnutls libcurl-gnutls.so.4 => /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4 libgnutls.so.30 => /usr/local/lib/libgnutls.so.30
So, libcurl-gnutls refers to Debian's library, which has a link time reference to my own locally built GnuTLS library. Let's see if the symbol is in my library...
readelf -sW /usr/local/lib/libgnutls.so.30|grep gnutls_srp_allocate_client
Nope! What about in Debian's?
readelf -sW /usr/lib/x86_64-linux-gnu/libgnutls.so.30|grep gnutls_srp_allocate_client 1241: 000767c0 37 FUNC GLOBAL DEFAULT 12 gnutls_srp_allocate_cl...@@GNUTLS_3_4
Yup! So, this is probably down to whatever options I used to ./configure GnuTLS when I built it - I used --disable-srp-authentication when building, so that's kind of a strong clue! I reconfigured, compiled, and installed my GnuTLS and my original git command now works.
There were a number of solutions to this - I could have made Debian's library the default and overridden when I need to use the newer version of GnuTLS, but I'd lose the general enhancements that the more recent version offered (particularly relevant for security-related code). The link below is a good reference on shared libraries and how how manage them.