Spotify 1:1.0.28.89.gf959d4ce-37 depend on both libssl 1.0.0 and 1.0.2?

Reply

Spotify 1:1.0.28.89.gf959d4ce-37 depend on both libssl 1.0.0 and 1.0.2?

sata
Music Fan
➜  ~ ldd /usr/bin/spotify | grep ssl
	libssl.so.1.0.0 => not found
	libssl.so.1.0.2 => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.2 (0x00007f45d7d60000)

libssl 1.0.0 isn't available anymore in Debian testing,  any particular reason to be dependent on both 1.0.0 and 1.0.2?

3 Replies
Highlighted

Re: Spotify 1:1.0.28.89.gf959d4ce-37 depend on both libssl 1.0.0 and 1.0.2?

Spotify
Spotify

The Spotify client depends on libssl to start a webserver that Spotify Play Button can talk to.

 

https://developer.spotify.com/technologies/widgets/spotify-play-button/

 

Unfortunately, the way the library is linked means it is the same version of the library that it builds with, which is libssl.so.1.0.0.

 

The Spotify client also depends libcurl. Libcurl in turn, depends on the libssl, the same version of the library that it was built with, which is libssl.1.0.2

 

So, on systems that only has libssl.1.0.0 (like Ubuntu, which decided to not change the so-name of the library, while still make sure it has all the security fixes) Spotify only depends on one version of the library.

 

$ ldd /usr/bin/spotify | grep -e ssl -e curl
	libcurl.so.4 => /usr/lib/x86_64-linux-gnu/libcurl.so.4 (0x00007f1829b29000)
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f18298c0000)
$ ldd /usr/lib/x86_64-linux-gnu/libcurl.so.4 | grep ssl
	libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f46dd25d000)

This is a big problem that needs to be solved.

 

Re: Spotify 1:1.0.28.89.gf959d4ce-37 depend on both libssl 1.0.0 and 1.0.2?

sata
Music Fan

Shouldn't the package specify what shared libraries it's depended on in the deb package itself as well as what versions? Assuming a certain shared library version should exist without a dependency chain makes no sense. I'm no expert on debian packaging but after skimming through debian policy on shared libs[1] this just looks wrong.

 

Any idea as when this can be fixed? I haven't been able to use Spotify on my Linux box for some time now and this is my major use case.

[1] https://www.debian.org/doc/debian-policy/ch-sharedlibs.html

 

 

 

curl.pngspotify.png

Re: Spotify 1:1.0.28.89.gf959d4ce-37 depend on both libssl 1.0.0 and 1.0.2?

sata
Music Fan

Any response? Why can't you folks sort out an public issue tracker?

SUGGESTED POSTS