Autoconf makes me think we stopped evolving too soon
Autoconf’s Role and Original Value
- Seen as a key enabling technology when many Unix variants were subtly incompatible.
- Automates detection of system features, headers, syscalls, compilers, and library ABIs, sparing users from manual config and making GNU-style portability feasible.
- Often paired with gnulib to transparently polyfill missing or divergent APIs.
Pain Points and Critiques
- Toolchain is complex (m4 + shell + C), hard to understand, and slow; rerunning
configurerepeatedly is a common frustration. - Autotools-based workflows for developers (bootstrap, autoreconf, version pinning) are called “hellish,” especially when bisecting history.
- Libtool gets particular ire for bloated scripts, wrapper binaries, and outdated portability logic around shared libraries.
- Autoconf cross-compilation support works but is described as clumsy, especially when tests try to run target binaries.
Portability, Feature Detection, and Cross-Compilation
- Defenders argue “compile a small test snippet” is still the only fully reliable way to know if a feature/ABI is present.
- Critics counter that modern practice should target well-defined libc/OS triples and avoid ad-hoc probing of the current system state, especially for cross-builds.
- Some argue extreme portability (old Unixes, exotic platforms) is less important today; others note HPC/scientific stacks and niche systems still need it.
Caching and System-Wide Configuration
- Autoconf offers
config.siteandconfig.cache, but they’re considered underused, brittle, or hard to share safely across projects and build options. - A global cache is viewed as a “cache invalidation” problem with tricky target/host separation.
Alternatives and Handwritten Configure Scripts
- Some large projects use hand-written POSIX shell
configurescripts, praised for being understandable and “boring.” - Others suggest that once you standardize and share those tests, you essentially reinvent Autoconf.
- CMake, Meson, Bazel, Buck2, bespoke Makefiles, and newer systems (e.g., Meson+Ninja, Rust’s Cargo) are all discussed; every option has sharp edges or ecosystem lock-in.
- Opinion splits on whether CMake is clearly better than Autotools or just a different kind of ugly.
Security, xz Backdoor, and Supply Chain
- Several comments stress that Autoconf itself isn’t to blame for the xz backdoor; attackers can hide in any sufficiently complex build system.
- In the xz case, one visible sandbox-disabling trick was in CMake logic, not Autoconf.
- The deeper issue is trust in release tarballs vs. VCS, weak auditing of generated artifacts, and the culture of accepting opaque build-time blobs.
Dependencies, Linking, and Distribution Practices
- One camp argues dependencies should live in version control or controlled internal artifact stores; relying on system/global shared libs and ad-hoc networks is fragile.
- Others push back, citing disk space, update complexity, and the static vs dynamic linking “pendulum” that keeps swinging.
- Package managers (pkg-config, vcpkg, Conan, language-specific tools) partly address dependency discovery but bring their own reproducibility and offline-build issues.
- Some note that distro maintainers bear the brunt of Autoconf’s cost, since most end users just install binaries.
Shell, Unix Philosophy, and Evolution Metaphor
- Discussion broadens into Unix’s “stringly-typed” shell ecosystem: ugly yet extremely composable and ubiquitous.
- New shells and stricter modes are mentioned as attempts to evolve scripting while staying compatible.
- Philosophical thread: diversity and messy evolution (many tools, many platforms) enabled today’s ecosystem; forcing premature uniformity might reduce both flexibility and resilience.