[CentOS] How to downgrade gtk2 libs in CentOS 6.8?

Mon Jan 9 18:09:11 UTC 2017
Johnny Hughes <johnny at centos.org>

On 01/09/2017 10:20 AM, Jon LaBadie wrote:
> On Mon, Jan 09, 2017 at 09:39:08AM -0600, Johnny Hughes wrote:
>> On 01/09/2017 07:54 AM, Jonathan Billings wrote:
>>> On Jan 9, 2017, at 4:08 AM, Walter Dnes <waltdnes at waltdnes.org> wrote:
>>>>  Hi all.  I'm using a CentOS 6.8 VM to do volunteer builds for an open
>>>> source project.  I want to build Pale Moon with a gtk2 library older
>>>> than 2.24, to allow people with older linuxes to run it.  Short summary,
>>>> if built against version gtk2-2.24 and/or higher, the binary will use a
>>>> function that does not exist in gtk2-2.23 and lower.  Net result is that
>>>> the program dies with an "undefined symbol:" error for people with
>>>> machines lower than gtk2-2.24.  Yes, before you ask, they do get
>>>> security fixes backported.
> [snip]
>> This ^^ (use mock).
>> You can use mock chroots in sandbox mode to manually get whatever
>> install you want, or if all the things you want are in (for example)
>> CentOS 6.5, you can point your config files for mock to use 6.5 repo
>> from http://vault.centos.org/ and build against that.
> The OP noted the target environment has security fixes backported.
> Is the same true of a mock environment built from vault.centos.org?
> If not, could a binary built under mock introduce old flaws?

Well, I have no idea what the control is for the OS they are using.
Ideally, all the modifications made to that OS were done via RPMs that
are in a separate repository .. and that separate repository is being
maintained where reproducible installs can be done.  If that is the
case, then he can build all software against that controlled repository.

Of course, if someone builds against an older repo, like CentOS-6.5,
that will entail potential security issues.  That is usually WHY
packages have been upgraded.  So, in general, the OP is likely already
at risk with security issues.  If you want to go outside the bounds of
what CentOS provides, you will have to do a whole lot of work to
maintain security.

And the package he wants to use (gtk2-23 or less) is not going to run on
an up2date CentOS system as everything gtk will have been built to work
with the latest version and will likely NOT run with the older version.
That would likely be all gnome based things.

So, I would recommend that they rebuild their software to use CentOS-6.8
and use that as the base of their environment.

But what is not likely to happen is a very much lower version of gtk2 in
any CentOS version.

Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20170109/5af8bf0b/attachment-0004.sig>