| View previous topic :: View next topic |
| Author |
Message |
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20552
|
 Posted: Sun Nov 21, 2021 10:39 pm Post subject: [SOLVED] Made a libcrypt upgrade mistake... what next? |
 |
|
I wasn't intending to perform the upgrade and missed adding the --ask option to the "most common issue." | emerge --ignore-built-slot-operator-deps=y -uvDU @world: | Calculating dependencies... done!
[ebuild U ] sys-libs/glibc-2.33-r7:2.2::gentoo [2.33-r1:2.2::gentoo] USE="multiarch ssp (static-libs) -audit -caps (-cet) -compile-locales (-c
rypt*) -custom-cflags -doc -gd -headers-only (-multilib) -multilib-bootstrap -nscd -profile (-selinux) -static-pie -suid -systemd% -systemtap -test
(-vanilla)" 64 KiB
[ebuild U ] virtual/libcrypt-2:0/2::gentoo [1-r1:0/1::gentoo] USE="-static-libs" 0 KiB
[ebuild N ] sys-libs/libxcrypt-4.4.25-r1:0/1::gentoo USE="(compat) (split-usr) (system) -static-libs -test" 601 KiB |
That completed without errors.
However, before that, I was seeing a dependency conflict and was going through the linked document hoping to find a solution.
This is NOT the exact message (it's from another system), but I believe it to be correct, particularly glibc +crypt and required by libcrypt. If any details seem odd, then that's could be why: | Code: | WARNING: One or more updates/rebuilds have been skipped due to a dependency conflict:
sys-libs/glibc:2.2
(sys-libs/glibc-2.33-r7:2.2/2.2::gentoo, ebuild scheduled for merge) USE="-audit -caps (-cet) -compile-locales (-crypt) -custom-cflags -doc -gd -
headers-only multiarch (multilib) -multilib-bootstrap -nscd -profile (-selinux) ssp (static-libs) -static-pie -suid -systemd -systemtap -test (-van
illa)" ABI_X86="(64)" conflicts with
sys-libs/glibc[crypt(+)] required by (virtual/libcrypt-1-r1:0/1::gentoo, installed) USE="-static-libs" ABI_X86="-32 (64) (-x32)" |
Except for that conflict the system was otherwise up to date (nothing to upgrade, downgrade, etc.)
While sys-libs/libxcrypt was emerging, I was able to get to the system and sudo to root, and after the emerge was completed, I was able to ssh in and use sudo with root, so I don't think I have the old password issue (I had intended to recreate them regardless, but oh well).
So after the upgrade, I'm now seeing this (referencing the most common issue and "doing world again"): | /usr/bin/sudo /usr/bin/emerge -auvDU @world: | These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild UD ] sys-libs/glibc-2.33-r1:2.2::gentoo [2.33-r7:2.2::gentoo] USE="(crypt*) multiarch ssp (static-libs) -audit -caps (-cet) -compile-lo
cales -custom-cflags -doc -gd -headers-only (-multilib) -multilib-bootstrap -nscd -profile (-selinux) -static-pie -suid -systemtap -test (-vanilla)
(-systemd%)" 0 KiB
[uninstall ] sys-libs/libxcrypt-4.4.25-r1:0/1::gentoo USE="(compat) (split-usr) (system) -static-libs -test"
[blocks b ] sys-libs/glibc[crypt(+)] ("sys-libs/glibc[crypt(+)]" is soft blocking sys-libs/libxcrypt-4.4.25-r1)
[ebuild UD ] virtual/libcrypt-1-r1:0/1::gentoo [2:0/2::gentoo] USE="-static-libs" 0 KiB
Total: 2 packages (2 downgrades, 1 uninstall), Size of downloads: 0 KiB
Conflict: 1 block (all satisfied)
Would you like to merge these packages? [Yes/No] |
emerge --info
depclean output
So what should I do next to complete the upgrade?
Thanks.
_________________
Quis separabit? Quo animo?
Last edited by pjp on Sun Nov 28, 2021 5:13 am; edited 1 time in total |
|
| Back to top |
|
 |
Josef.95
Advocate
Joined: 03 Sep 2007
Posts: 4682
Location: Germany
|
| Posted: Sun Nov 21, 2021 11:40 pm Post subject: |
|
|
Adding virtual/libcrypt:0/1 in package.mask should probably help.
(This should prevent the downgrade) |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20552
|
| Posted: Mon Nov 22, 2021 3:18 am Post subject: |
|
|
Thanks. That and reissuing the previously referenced command seems to produce results that look reasonable to me
Since this is a stable upgrade, is this "normal"? I understand this is a unique situation, but the blocker and then having to mask a virtual seems strange, so I want to be sure that nothing seems problematic (partly because my other system has a conflict between news items, but this process may resolve it.)
| emerge -auvDU @world: | Calculating dependencies... done!
[ebuild rR ] dev-lang/perl-5.34.0-r3:0/5.34::gentoo USE="-berkdb -debug -doc -gdbm -ithreads -minimal" 0 KiB
[ebuild rR ] www-servers/nginx-1.20.1-r2::gentoo USE="http http2 http-cache pcre ssl vim-syntax -aio -debug -ipv6 -libatomic -pcre-jit -rtmp (
-selinux) -threads" LUA_SINGLE_TARGET="luajit" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo grpc gzip limit_conn limit_req map memcached mirror proxy referer rewrite scgi split_clients ssi upstream_hash upstream_ip_hash upstream_keepalive upstream_least_conn upstream_zone userid uwsgi -addition -auth_ldap -auth_pam -auth_request -brotli -cache_purge -dav -dav_ext -degradation -echo -fancyindex -flv -geoip -geoip2 -gunzip -gzip_static -headers_more -image_filter -javascript -lua -memc -metrics -mogilefs -mp4 -naxsi -perl -push_stream -random_index -realip -secure_link -security -slice -slowfs_cache -spdy -sticky -stub_status -sub -upload_progress -upstream_check -vhost_traffic_status -x
slt" NGINX_MODULES_MAIL="-imap -pop3 -smtp" NGINX_MODULES_STREAM="-access -geo -geoip -geoip2 -javascript -limit_conn -map -realip -return -split_c
lients -ssl_preread -upstream_hash -upstream_least_conn -upstream_zone" 0 KiB
[ebuild rR ] sys-libs/pam-1.5.1_p20210622-r1::gentoo USE="filecaps (split-usr) -audit -berkdb -debug -nis (-selinux)" 0 KiB
[ebuild rR ] sys-apps/util-linux-2.37.2-r1::gentoo USE="cramfs hardlink logger ncurses nls pam readline (split-usr) suid udev (unicode) -audit -build -caps -cryptsetup -fdformat -kill -magic -python (-rtas) (-selinux) -slang -static-libs -su -systemd -test -tty-helpers" PYTHON_TARGETS="python3_8 python3_9" 0 KiB
[ebuild rR ] dev-lang/python-3.9.8:3.9::gentoo USE="ncurses readline sqlite ssl xml -bluetooth -build -examples -gdbm -hardened -test -tk -ver
ify-sig -wininst" 0 KiB
[ebuild rR ] dev-lang/python-3.8.12_p1:3.8::gentoo USE="ncurses readline sqlite ssl xml -bluetooth -build -examples -gdbm -hardened -test -tk -verify-sig -wininst" 0 KiB
[ebuild rR ] sys-fs/udev-249-r3::gentoo USE="acl kmod (split-usr) (-selinux) -test" 0 KiB
[ebuild rR ] sys-auth/passwdqc-2.0.2-r1::gentoo 0 KiB
[ebuild rR ] sys-apps/systemd-tmpfiles-249.2::gentoo USE="(-selinux) -test" 0 KiB
[ebuild rR ] sys-apps/busybox-1.34.1::gentoo USE="pam -debug -ipv6 -livecd -make-symlinks -math -mdev -savedconfig (-selinux) -sep-usr -static -syslog -systemd" 0 KiB
[ebuild rR ] sys-apps/shadow-4.9-r3::gentoo USE="acl nls pam (split-usr) su xattr -audit -bcrypt -cracklib (-selinux) -skey" 0 KiB
[ebuild rR ] dev-libs/cyrus-sasl-2.1.27-r5:2::gentoo USE="pam sqlite ssl -authdaemond -berkdb -gdbm -java -kerberos -ldapdb -mysql -openldap -
postgres -sample (-selinux) -srp -static-libs -urandom" 0 KiB
[ebuild rR ] app-admin/sudo-1.9.8_p2::gentoo USE="nls pam secure-path sendmail ssl -gcrypt -ldap -offensive -sasl (-selinux) -skey -sssd" 0 KiB
[ebuild rR ] dev-db/mariadb-10.5.10-r2:10.5/18::gentoo USE="backup bindist pam server -columnstore -cracklib -debug -extraengine -galera -inno
db-lz4 -innodb-lzo -innodb-snappy -jdbc -jemalloc -kerberos -latin1 (-mroonga) -numa -odbc -oqgraph -perl -profiling -rocksdb -s3 (-selinux) -sphin
x -sst-mariabackup -sst-rsync -static -systemd -systemtap -tcmalloc -test -xml -yassl" 0 KiB
[ebuild rR ] net-misc/openssh-8.6_p1-r2::gentoo USE="pam pie scp ssl -X -X509 -audit -bindist (-debug) -hpn -kerberos -ldns -libedit -livecd -
sctp -security-key (-selinux) -static -test -xmss" 0 KiB
[ebuild rR ] dev-lang/ruby-2.6.8:2.6::gentoo USE="rdoc ssl -berkdb -debug -doc -examples -gdbm -ipv6 -jemalloc -jit -rubytests -socks5 -static
-libs -systemtap -tk -xemacs" 0 KiB
[ebuild rR ] dev-lang/ruby-2.7.4:2.7::gentoo USE="rdoc ssl -berkdb -debug -doc -examples -gdbm -ipv6 -jemalloc -jit -rubytests -socks5 -static
-libs -systemtap -tk -xemacs" 0 KiB
Total: 17 packages (17 reinstalls), Size of downloads: 0 KiB |
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
sam_
Developer
Joined: 14 Aug 2020
Posts: 2060
|
| Posted: Mon Nov 22, 2021 6:29 am Post subject: |
|
|
I'd say it's not normal to have the blocker appear but it's not unexpected either (I describe this scenario here).
It's often, but not always, helped to mask the older subslot so I was on the fence about whether I should do it globally (I didn't want it to lead to more confusion if it didn't work). I'd now say it's worth us doing it at this point given it can help (done here).
The blocker, for what it's worth, is valid. glibc[crypt] and libxcrypt[system] really do block each other and install colliding files. The issue is that Portage should realise it can upgrade all consumers of virtual/libcrypt and therefore nothing should be holding onto virtual/libcrypt:0/1 (which asks for glibc[crypt]). Most of the time, it does! But not always, apparently. (Explaining in detail because I suspect I'll end up linking to this thread again.)
The output isn't available in this thread for me to explain the issue a bit more but the example output under 'last resort' on the wiki should explain it. In that output, you can see Portage for some reason thinks it can't rebuild e.g. util-linux, even though it can (it's already recognised it should rebuild e.g. mailutils there!). --ignore-built-slot-operator-deps=y tells it to ignore the already-built-against-subslot and just rebuild anyway without trying to hold on to the existing one. It should not be needed, but it is sometimes.
It seems like adding the "mask previous subslot" tactic is necessary even with that option though in some cases  .
(I've updated the news item with a reference to unmasking :0/1 if people want to postpone the upgrade, but I don't recommend doing this.)
TL;DR: The news item was missing a step which hopefully would've able to help you in this case by using the sledgehammer --ignore* option, but I've now masked virtual/libcrypt:0/1 to help dependency calculations as it's helped some people (it's just not a silver bullet).
I do apologise for the inconvenience. This is one of those things which we put off for essentially as long as possible while we figured out a practical plan, but not something we had complete control over given it's an external event (glibc dropping libcrypt support - we're not jumping on this, it's been on the agenda for a while). |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20552
|
| Posted: Mon Nov 22, 2021 3:57 pm Post subject: |
|
|
Thanks sam_. I was primarily wanting to make sure my mistake didn't cause any problems for the upgrade.
As all upgrades are an inconvenience :), I very much appreciate the news item which reflected the potential impact, and of course the efforts toward testing. I by no means expect upgrades, especially complicated ones, to be friction free.
When I complete this system, I'll update the repo on my other one to see where it is, but I suspect I'll have another thread for that issue.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20552
|
| Posted: Sun Nov 28, 2021 5:18 am Post subject: |
|
|
Following up to close this.
The update completed without issue.
The second system I mentioned did not have a conflict with the "Possible failure to preserve libraries" issue. I had a masked package and two others that were no longer in the gentoo repository. After addressing those issues, I had to use the "nudge" command and the upgrade completed.
Thanks again everyone!
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Portage & Programming
