manylinux-policy: allow glibc component libanl #607
Merged
+14
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
libanl was addedd to resolv in glibc 2.2.5 in 2001 to support async dns queries. It uses private GLIBC symbols, thus to ensure it works with higher glibc runtime versions, it must be shared linked and should not be vendored into the wheels. (similar to libdl / dlopen) In 2021 with glibc 2.34 similar to many other split libraries, libanl got folded into libc itself, and thus any applications that use async dns queries no longer gain libanl NEEDED shared library dependency with a stub remaining in place. (similar to libdl / libpthread etc). Thus for policies between 2.2.5 and 2.33 there is a need to allow list libanl, for example when vendoring modern builds of icu. Longer term, it would be interested to support dropping libraries, because policies built to manylinux 2.34 policy really should no longer link with libanl / libdl / libpthread etc. As in all of those libraries have now become no-op stubs.
xnox
added a commit
to xnox/os
that referenced
this pull request
Jul 22, 2025
libanl is a glibc component between versions 2.2.5 and 2.33, which should be allowed by default in those older policies. Newer builds do not gain such a dependency, as libanl got folded into libc itself, but it is harmless. Cherry-picked from: - pypa/auditwheel#607
xnox
added a commit
to xnox/os
that referenced
this pull request
Jul 22, 2025
libanl is a glibc component between versions 2.2.5 and 2.33, which should be allowed by default in those older policies. Newer builds do not gain such a dependency, as libanl got folded into libc itself, but it is harmless. Cherry-picked from: - pypa/auditwheel#607
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #607 +/- ##
=======================================
Coverage 92.83% 92.83%
=======================================
Files 21 21
Lines 1772 1772
Branches 333 333
=======================================
Hits 1645 1645
Misses 77 77
Partials 50 50 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull Request Overview
This PR adds the libanl.so.1 library to the manylinux policy whitelists across all policy versions to support async DNS queries. The libanl library was added to glibc 2.2.5 in 2001 for asynchronous DNS resolution and was later folded into libc itself in glibc 2.34 (2021).
- Adds
libanl.so.1to library whitelists for all manylinux policy versions - Enables proper handling of async DNS query dependencies in wheel builds
- Addresses compatibility requirements for libraries like ICU that use modern async DNS functionality
auvipy
approved these changes
Jul 22, 2025
smoser
pushed a commit
to wolfi-dev/os
that referenced
this pull request
Jul 22, 2025
libanl is a glibc component between versions 2.2.5 and 2.33, which should be allowed by default in those older policies. Newer builds do not gain such a dependency, as libanl got folded into libc itself, but it is harmless. Cherry-picked from: - pypa/auditwheel#607
mayeut
approved these changes
Jul 26, 2025
|
Thanks for the details @xnox |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
libanl was addedd to resolv in glibc 2.2.5 in 2001 to support async
dns queries.
It uses private GLIBC symbols, thus to ensure it works with higher
glibc runtime versions, it must be shared linked and should not be
vendored into the wheels. (similar to libdl / dlopen)
In 2021 with glibc 2.34 similar to many other split libraries, libanl
got folded into libc itself, and thus any applications that use async
dns queries no longer gain libanl NEEDED shared library dependency
with a stub remaining in place. (similar to libdl / libpthread etc).
Thus for policies between 2.2.5 and 2.33 there is a need to allow list
libanl, for example when vendoring modern builds of icu.
Longer term, it would be interested to support dropping libraries,
because policies built to manylinux 2.34 policy really should no
longer link with libanl / libdl / libpthread etc. As in all of those
libraries have now become no-op stubs.