| View previous topic :: View next topic |
| Author |
Message |
dinominant
Tux's lil' helper
Joined: 27 Oct 2006
Posts: 102
|
 Posted: Wed Jan 26, 2022 8:29 am Post subject: Permanent slot conflicts and removing insecure packages |
 |
|
Years ago I would have a global USE variable in my make.conf so I could enable features that I would like to have. However this often resulted in circular dependencies, failling updates, and a broken system. I started applying USE flags to only the packages that I wanted in /etc/portage/package.use/package-name. In my make.conf I enabled several autounmask options so that dependency packages could have required USE flags enabled and stored in /etc/portage/package.use/zzzz-autounmask-write
The problem is that autounmask always uses ">=" and over time more use flags are enabled, for all future versions, and eventually too many use flags are enabled. They are never restricted to only what is actually needed and a dependency conflict arises. Updates start being skipped, and eventually the system becomes unmaintainable or insecure due to legacy packages never being updated or removed.
I tried emptying my zzzz-autounmask-write however portage never recalculates the dependency use flags if a package is already installed, so I can't really clean up the mess.
I could write a simple script to replace all the '>=' with '=' in zzzz-autounmask-write however this isn't really a proper solution because portage never recalculates what is minimally needed and updates zzzz-autounmask-write based on what I have in /var/lib/portage/world with my current use flags.
emerge has --autounmask-unrestricted-atoms=n however that only applies to keyword and mask changes.
Is there a solution where I can keep using autounmask to resolve dependencies, in a way that does not progressively grow the dependency graph until it is unsolvable over time?
make.conf
| Code: | EMERGE_DEFAULT_OPTS="--autounmask=y --autounmask-backtrack=y --autounmask-continue=y --autounmask-unrestricted-atoms=n --autounmask-use=y --autounmask-write=y --backtrack=64"
ACCEPT_LICENSE="*"
USE="$USE bluetoth pulseaudio"
USE="$USE vaapi vdpau" |
An example package that has this problem is net-misc/turbovnc with the java use flag enabled. It requires media-libs/libjpeg-turbo java and that dependency is never resolved if turbovnc is already installed resulting in permanent slot conflicts and packages that never update.
I am becoming increasingly more frustrated with these dependency conflicts in general to the point where I am starting to consider static binaries and/or appimage for everything. I probably would set USE="static appimage" in my make.conf if it was an option. |
|
| Back to top |
|
 |
ulenrich
Veteran
Joined: 10 Oct 2010
Posts: 1483
|
| Posted: Wed Jan 26, 2022 4:54 pm Post subject: |
|
|
I never understood this _autounmask_ feature. If I wanted to lose control over my system subsequently, I would have changed to Arch Linux distribution in the first place.
As there are shortcomings with portage dependency resolution every now and then I try my portage system configuration with a pretend:
emerge -1p @installed
And I'll get a full resolution when having in /etc/portage/package.mask:
| Code: | >=dev-python/docutils-0.18 # dev-python/sphinx
>=dev-python/mistune-2.0.1 # m2r
>=media-libs/opencv-4.5.5 # nomacs |
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23361
|
| Posted: Wed Jan 26, 2022 5:27 pm Post subject: |
|
|
| Autounmask should be viewed purely as a labor-saving alternative to writing the entry to the file by hand. If you need to perform an unmask, letting autounmask write it for you is fine. The problem is if you let it write an unmask entry that you shouldn't write at all, such as unmasking a hard masked package without a clear reason why you need to unmask that package instead of some other solution. Only unmask / change keywords / change USE flags when you can explain why that is the right solution. Never make a change solely because Portage suggests it; it suggests the most expedient path to whatever it thinks you want, which may not always be what you actually want. |
|
| Back to top |
|
|
dinominant
Tux's lil' helper
Joined: 27 Oct 2006
Posts: 102
|
| Posted: Wed Jan 26, 2022 10:56 pm Post subject: |
|
|
| Hu wrote: | | Autounmask should be viewed purely as a labor-saving alternative to writing the entry to the file by hand. If you need to perform an unmask, letting autounmask write it for you is fine. The problem is if you let it write an unmask entry that you shouldn't write at all, such as unmasking a hard masked package without a clear reason why you need to unmask that package instead of some other solution. Only unmask / change keywords / change USE flags when you can explain why that is the right solution. Never make a change solely because Portage suggests it; it suggests the most expedient path to whatever it thinks you want, which may not always be what you actually want. |
This is why I generally only put my use flags in /etc/portage/package.use/package-name so as to minimize what is actually needed and to indicate to portage what I actually want. I have an exception for desktops, where I globally enable pulseaudio because doing that for every package manually by hand is somewhat ridiculous.
Consider this example, which demonstrates the problem (and is an extreme case, note that simpler cases exist):
| Code: | # gentooinstall -d /mnt/gentoo
Installing Gentoo Linux...
Destination: /mnt/gentoo
Architecture: x86_64
Downloading the stage 3 tarball... done.
Verifying the cryptographic signature of the stage3 hashes... Success.
Verifying the hash of the stage3 tarball... Success.
Extracting "/mnt/gentoo/stage3-amd64-openrc-20220123T170538Z.tar.xz" to "/mnt/gentoo"... done.
Not installing qemu for dynamic binary translation because the host and guest are the same architecture.
Adding 8.8.8.8 and 8.8.4.4 to /etc/resolv.conf
Installing portage... done.
Setting the timezone to "UTC"... done.
Setting the locale to "en_US ISO-8859-1" and "en_US.UTF-8 UTF-8"... done.
Updating world packages... done.
# chroot /mnt/gentoo emerge -a wine |
This is a clean fresh install, which results in 52 packages that have use flags added. And I am okay with that since since I explicitly installed wine and those are required packages for the current version of wine in /var/lib/portage/world.
| Code: | # cat /etc/portage/package.use/zzzz-autounmask-write | grep -v ^#
>=x11-libs/libXcursor-1.2.0 abi_x86_32
>=x11-libs/libXext-1.3.4 abi_x86_32
>=x11-libs/libXfixes-6.0.0 abi_x86_32
>=x11-libs/libXrandr-1.5.2 abi_x86_32
>=x11-libs/libXi-1.8 abi_x86_32
>=x11-libs/libXxf86vm-1.1.4-r2 abi_x86_32
>=media-libs/alsa-lib-1.2.4 abi_x86_32
>=media-libs/fontconfig-2.13.1-r2 abi_x86_32
>=media-libs/lcms-2.12 abi_x86_32
>=sys-devel/gettext-0.21-r1 abi_x86_32
>=media-libs/libpng-1.6.37-r2 abi_x86_32
>=net-libs/gnutls-3.7.2 abi_x86_32
>=media-libs/freetype-2.11.0-r1 abi_x86_32
>=sys-apps/dbus-1.12.20-r4 abi_x86_32
>=sys-libs/libunwind-1.5.0-r1 abi_x86_32
>=x11-libs/libXcomposite-0.4.5 abi_x86_32
>=dev-libs/libxml2-2.9.12-r5 abi_x86_32
>=dev-libs/libxslt-1.1.34-r2 abi_x86_32
>=app-emulation/wine-gecko-2.47.2 abi_x86_32
>=dev-libs/libgcrypt-1.9.4 abi_x86_32
>=dev-libs/libgpg-error-1.42 abi_x86_32
>=sys-libs/zlib-1.2.11-r4 abi_x86_32
>=x11-libs/libX11-1.7.3 abi_x86_32
>=x11-libs/libxcb-1.14 abi_x86_32
>=x11-libs/libXau-1.0.9-r1 abi_x86_32
>=x11-libs/libXdmcp-1.1.3 abi_x86_32
>=x11-base/xcb-proto-1.14.1 abi_x86_32
>=app-arch/bzip2-1.0.8-r1 abi_x86_32
>=dev-libs/libtasn1-4.17.0 abi_x86_32
>=dev-libs/libunistring-0.9.10-r1 abi_x86_32
>=dev-libs/nettle-3.7.3 abi_x86_32
>=dev-libs/gmp-6.2.1-r2 abi_x86_32
>=net-dns/libidn2-2.3.2 abi_x86_32
>=dev-libs/expat-2.4.3 abi_x86_32
>=sys-apps/util-linux-2.37.3 abi_x86_32
>=media-libs/libsdl2-2.0.16-r1 abi_x86_32
>=x11-libs/libXrender-0.9.10-r2 abi_x86_32
>=virtual/libintl-0-r2 abi_x86_32
>=virtual/libiconv-0-r2 abi_x86_32
>=virtual/jpeg-100 abi_x86_32
>=virtual/glu-9.0-r2 abi_x86_32
>=virtual/opengl-7.0-r2 abi_x86_32
>=media-libs/libjpeg-turbo-2.1.1-r2 abi_x86_32
>=media-libs/glu-9.0.2 abi_x86_32
>=media-libs/mesa-21.3.4 abi_x86_32
>=media-libs/libglvnd-1.4.0 abi_x86_32 X
>=x11-libs/libdrm-2.4.109 abi_x86_32
>=x11-libs/libxshmfence-1.3-r2 abi_x86_32
>=app-arch/zstd-1.5.0 abi_x86_32
>=sys-devel/llvm-13.0.0 abi_x86_32
>=x11-libs/libpciaccess-0.16-r1 abi_x86_32
>=virtual/libelf-3 abi_x86_32 |
However if any one of those packages is rebuilt with abi_x86_32 disabled for any reason, then portage is unable to recalculate and fix the problem permanently. So then the old stale package remains on the system, along with it's dependencies, which eventually cause conflicts and all future emerge tasks to fail. When there is a workstation with KDE and over 1000 packages, this becomes impossible to set and maintain manually. |
|
| Back to top |
|
|
dinominant
Tux's lil' helper
Joined: 27 Oct 2006
Posts: 102
|
| Posted: Wed Jan 26, 2022 11:13 pm Post subject: |
|
|
| ulenrich wrote: | I never understood this _autounmask_ feature. If I wanted to lose control over my system subsequently, I would have changed to Arch Linux distribution in the first place.
As there are shortcomings with portage dependency resolution every now and then I try my portage system configuration with a pretend:
emerge -1p @installed
And I'll get a full resolution when having in /etc/portage/package.mask:
| Code: | >=dev-python/docutils-0.18 # dev-python/sphinx
>=dev-python/mistune-2.0.1 # m2r
>=media-libs/opencv-4.5.5 # nomacs |
|
This seems to do the trick. I can clear my /etc/portage/package.use/zzzz-autounmask-write file and run emerge -1a @installed to have it regenerated with my current world set. Then if I replace all '>=' with '=' in zzzz-autounmask-write it can mitigate the use flag scope creep. |
|
| Back to top |
|
|
|
Portage & Programming
