| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Valid values for boolean options in repos.conf are currently not managed
in a consistent manner. Some options only support 'true' and 'false',
whilst others additionally support 'yes' and 'no'. Using the latter
forms on options that do not support them will lead to unexpected
behaviour. For example, an option checking for 'true' will be disabled
when 'yes' is used. This is counter-intuitive and adds additional
burden: the user has to look up in the manual which form is accepted by
which option.
Have all boolean options consistently accept 'yes', 'no', 'true', and
'false' and make sure to document this in the portage(5) manual.
Additionally, document the default value for each.
Signed-off-by: Wynn Wolf Arbor <wolf@oriole.systems>
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a sync-openpgp-key-refresh option that makes it possible to
disable key refresh, which may be useful in cases when it is not
possible to refresh keys.
Key refresh is enabled by default, and if it is disabled then
the SyncBase._refresh_keys method will output an ewarn message
like this when the --quiet option is not enabled:
* Key refresh is disabled via a repos.conf sync-openpgp-key-refresh
* setting, and this is a security vulnerability because it prevents
* detection of revoked keys!
Tested-by: Rick Farina <zerochaos@gentoo.org>
Bug: https://bugs.gentoo.org/661518
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Update all relevant references in docs, messages, and comments
to refer to /var/db/repos/gentoo instead of /usr/portage. Also
update DISTDIR and PKGDIR references to refer to the new
/var/cache/{distfiles,binpkgs} locations.
Bug: https://bugs.gentoo.org/378603
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Allowing users to define which keyservers they update from allows them
to work around buggy keyservers. It is also useful for local mirrors
and / or private keyservers.
Bug: https://bugs.gentoo.org/680908
Signed-off-by: Matthew Thode <mthode@mthode.org>
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
| |
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a boolean sync-rcu repos.conf setting that behaves as follows:
Enable read-copy-update (RCU) behavior for sync operations. The
current latest immutable version of a repository will be referenced
by a symlink found where the repository would normally be located
(see the location setting). Repository consumers should resolve
the cannonical path of this symlink before attempt to access
the repository, and all operations should be read-only, since
the repository is considered immutable. Updates occur by atomic
replacement of the symlink, which causes new consumers to use the
new immutable version, while any earlier consumers continue to
use the cannonical path that was resolved earlier. This option
requires sync-allow-hardlinks and sync-rcu-store-dir options to
be enabled, and currently also requires that sync-type is set
to rsync. This option is disabled by default, since the symlink
usage would require special handling for scenarios involving bind
mounts and chroots.
Bug: https://bugs.gentoo.org/662070
Reviewed-by: Brian Dolbec <dolsen@gentoo.org>
Signed-off-by: Zac Medico <zmedico@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a repos.conf sync-webrsync-delta setting that makes the webrsync
module call emerge-delta-webrsync, so that emerge-delta-webrsync users
can benefit from sync-openpgp-key-path support in the webrsync module.
Bug: https://bugs.gentoo.org/661838
Reviewed-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
| |
Add a repos.conf sync-webrsync-keep-snapshots setting that enables
the emerge-webrsync --keep option, which keeps snapshots in DISTDIR
instead of deleting them.
Reviewed-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add repos.conf sync-webrsync-verify-signature = true|false setting that
enables sync-openpgp-key-path support like in the rsync and git sync
modules. This is disabled by default, in order to avoid interference
with legacy manual PORTAGE_GPG_DIR configuration.
When sync-webrsync-verify-signature = true is set in repos.conf,
if the PORTAGE_GPG_DIR has not been exported, emerge-webrsync will
assume that it has been called directly and it will output an error
message advising the user to instead call emerge --sync or emaint sync.
Bug: https://bugs.gentoo.org/661838
Reviewed-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support sync-depth for shallow sync, using git reset --merge just
like in the earlier implementation that was reverted in commit
ab840ac982d3c8b676b89f6bedd14e85dd06870f. Also, run git gc --auto
in the foreground, in order to trigger periodic housekeeping and
hopefully avoid errors from automatic git gc calls as reported in
bug 599008.
The default sync-depth is unlimited, which means that default
behavior remains unchanged (unlike the previous implementation that
was reverted).
Bug: https://bugs.gentoo.org/552814
Bug: https://bugs.gentoo.org/599008
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync into a quarantine subdirectory, using the rsync --link-dest option
to create hardlinks to identical files in the previous snapshot of the
repository. If hardlinks are not supported, then show a warning message
and sync directly to the normal repository location.
If verification succeeds, then the quarantine subdirectory is synced
to the normal repository location, and the quarantine subdirectory
is deleted. If verification fails, then the quarantine directory is
preserved for purposes of analysis.
Even if verification happens to be disabled, the quarantine directory
is still useful for making the repository update more atomic, so that
it is less likely that normal repository location will be observed in
a partially synced state.
The new behavior may conflict with configurations that restrict the
use of hardlinks, such as overlay filesystems. Therefore, users will
have to set "sync-allow-hardlinks = no" in repos.conf if they have
a configuration that prevents the use of hardlinks, but this should
not be very common.
Bug: https://bugs.gentoo.org/660410
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users have reported that using all processors to verify
manifests results in overloading, therefore default to using
a single processor. On modern hardware, verification of the
gentoo repository completes in less than 20 seconds, so using
multiple processors is not really necessary. Also, gemato-13.0
disables parallel verification due to the unresolved deadlock
issue reported in bug 647964, so this brings the default
portage configuration into alignment with current gemato
behavior.
Bug: https://bugs.gentoo.org/650696
Bug: https://bugs.gentoo.org/647964
|
|
|
|
| |
Fixes: Fixes: 8aa1a070921d ("GitSync: Support setting environment variables for git")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since key refresh is prone to failure, retry using exponential
backoff with random jitter. This adds the following sync-openpgp-*
configuration settings:
sync-openpgp-key-refresh-retry-count = 40
Maximum number of times to retry key refresh if it fails. Between
each key refresh attempt, there is an exponential delay with a
constant multiplier and a uniform random multiplier between 0 and 1.
sync-openpgp-key-refresh-retry-delay-exp-base = 2
The base of the exponential expression. The exponent is the number
of previous refresh attempts.
sync-openpgp-key-refresh-retry-delay-max = 60
Maximum delay between each retry attempt, in units of seconds. This
places a limit on the length of the exponential delay.
sync-openpgp-key-refresh-retry-delay-mult = 4
Multiplier for the exponential delay.
sync-openpgp-key-refresh-retry-overall-timeout = 1200
Combined time limit for all refresh attempts, in units of seconds.
Bug: https://bugs.gentoo.org/649276
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new sync-git-verify-commit-signature option (defaulting to false)
that verifies the top commit signature after syncing. The verification
is currently done using built-in git routines.
The verification passes if the signature is good or untrusted.
In the latter case, a warning is printed. In any other case,
the verification causes sync to fail and an appropriate error is output.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
| |
Issue an explicit warning if the Manifest timestamp for Gentoo
repository is 24 hours behind the system clock. This is meant to detect
attacks based on preventing the user from upgrading.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
| |
Fix sync-rsync-verify-metamanifest to correctly parse yes|no. Also
correct the manpage to use those two terms as they were the ones used
in repos.conf and the news item.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Rename the 'sync-rsync-openpgp-key-path' to a more generic
'sync-openpgp-key-path'. OpenPGP is the basis of at least three
different verification schemes (git, rsync, snapshots) and at least
two of them use the same keys.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
| |
Requested-by: Ulrich Müller <ulm@gentoo.org>
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add two new configuration options to rsync repositories:
sync-rsync-verify-metamanifest and sync-rsync-openpgp-key-path.
The first controls whether gemato verification is run for
the repository (defaults to true for ::gentoo, false otherwise),
the second makes it possible to override the key path for custom
repositories.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
The set of required hashes specify which hashes must be present for
a distfile not to be refetched. It makes little sense to hardcode this
value, and it is mostly useful for transition periods, so make it
configurable via layout.conf and default to all hashes
in manifest-hashes.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Remove the MANIFEST2_HASH_FUNCTIONS const and replace it with
(deduplicated) calls to get_valid_checksum_keys(). We want Portage
to always complain whenever one of the hashes is not available even
if it is technically supported by the specific Portage version.
Closes: https://bugs.gentoo.org/634812
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
| |
GLEPs have been moved to https://www.gentoo.org/glep/.
|
|
|
|
| |
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can be used to provide private SSH keys to portage in order to
clone repositories from a non-public repository.
An exemplary usage would be setting this in the repositories' repos.conf:
sync-git-env = "GIT_SSH_COMMAND=ssh -i /etc/portage/.ssh/id_rsa -o UserKnownHostsFile=/etc/portage/.ssh/known_hosts" GIT_TRACE=false
sync-git-pull-env = "GIT_SSH_COMMAND=ssh -i /etc/portage/.ssh/id_rsa -o UserKnownHostsFile=/etc/portage/.ssh/known_hosts" GIT_TRACE=true
sync-git-clone-env = "GIT_SSH_COMMAND=ssh -i /etc/portage/.ssh/id_rsa -o UserKnownHostsFile=/etc/portage/.ssh/known_hosts" GIT_TRACE=true
Closes: https://github.com/gentoo/portage/pull/165
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
The -* wildcard has been supported since portage-2.3.4, but it was
not explicitly documented.
X-Gentoo-Bug: 610670
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=610670
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since sync-depth actually controls clone depth, rename it
to clone-depth, and show a warning message when the sync-depth
option has been specified:
UserWarning: repos.conf: sync-depth is deprecated, use clone-depth instead
This makes it feasible to change the meaning of sync-depth in
the future (it could be used to control git pull depth).
X-Gentoo-Bug: 552814
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=552814
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This setting determines whether digests are checked for files declared
in the Manifest with MISC type (includes ChangeLog and metadata.xml
files). Defaults to true.
The current GLEP 60 draft specifies that non-strict handling of MISC
digests should be supported.
X-Gentoo-Bug: 600128
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=600128
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
| |
Use https where available, and update old links (like www.gentoo.org)
to point to the new location.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 739845a6eab95fbc44eab1b7b938c860563631d7.
The feature implemented in this commit for bug 577720 was determined to
be an overcomplicated method of colorizing user sets. Instead, this
feature will be implemented as in bug 583164. The configuration options
implemented in this reverted commit will be removed. Per bug 583164,
packages that belong to a set listed in world_sets will be colorized as
world packages. This eliminates the extra configuration and associated
complications.
See bug 583164 for more details.
Acked-by: Alexander Berntsen <bernalex@gentoo.org>
Acked-by: Zac Medico <zmedico@gentoo.org
Signed-off-by: Alexander Berntsen <bernalex@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three new settings were added to /etc/portage/color.map:
PKG_MERGE_USER_SET, PKG_BINARY_MERGE_USER_SET, and
PKG_NOMERGE_USER_SET. These colors are applied when the package is
selected from a set in /etc/portage/sets/
X-Gentoo-bug: 577720
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=577720
Signed-off-by: Alexander Berntsen <bernalex@gentoo.org>
Acked-by: Zac Medico <zmedico@gentoo.org>
Reviewed-by: Alexander Berntsen <bernalex@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
From f3ae0003f8cb0c5f4fc8728254ee05bda38d7304 Mon Sep 17 00:00:00 2001
From: Ross Konsolebox <konsolebox@gmail.com>
Date: Sun, 24 Jan 2016 16:27:36 +0800
Subject: [PATCH] Add sync-git-clone-extra-opts and sync-git-pull-extra-opts
This allows a user more flexibility when using overlays. Such as forcing
or rebasing the pull due to local changes. It then allows any possible
git options to be passed as needed for clone or pull operations.
This is not something that would be commonly used or supported for the gentoo tree.
|
|
|
|
|
|
| |
This reverts commit 10cccf7e0a1423f77a0962bcd7bf9658d2a15343. The commit
was unreviewed, the design is controversial and lacked proper
discussion.
|
|
|
|
|
|
| |
Reverts: e7d95cb ("Support location with trailing whitespace [...]")
Reverts: 7853950 ("Delete support for PORTDIR and PORTDIR_OVERLAY [...]")
Reverts: 31923f4 ("Skip some warnings for Portage Python [...]")
|
|
|
|
|
|
| |
whitespace by using quoting.
configparser.ConfigParser strips initial and trailing whitespace.
|
|
|
|
|
|
|
|
| |
repositories.
PORTAGE_REPOSITORY:${repository_name}:${attribute} overrides value of given attribute.
PORTAGE_ADDED_REPOSITORIES specifies names of repositories added to configuration.
PORTAGE_DELETED_REPOSITORIES specifies names of repositories deleted from configuration.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If sync-hooks-only-on-change is set to true, do not trigger postsync
hooks unless hooks would have executed for a master repository or the
repository has changed since the previous sync operation.
If the user has not explicitly enabled sync-hooks-only-on-change in
repos.conf, then execute all hooks regardless of whether or not
anything has changed (for backward compatibility).
X-Gentoo-Bug: 565172
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=565172
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
If "sync-rsync-vcs-ignore = true" is set in repos.conf, then ignore
any vcs directories that may be present. It is the user's responsibility
to set sync-rsync-extra-opts to protect vcs directories if appropriate.
X-Gentoo-Bug: 296085
X-Gentoo-Bug-url: https://bugs.gentoo.org/show_bug.cgi?id=296085
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support "profile-formats = build-id" setting for layout.conf. When
this is enabled in layout.conf of the containing repository, a
dependency atom in the profile can refer to a specific build, using the
build-id that is assigned when FEATURES=binpkg-multi-instance is
enabled. A build-id atom is identical to a version-specific atom,
except that the version is followed by a hyphen and an integer build-id.
With the build-id profile format, it is possible to assemble a system
using specific builds of binary packages, as users of "binary"
distros might be accustomed to. For example, an atom in the "packages"
file can pull a specific build of a package into the @system set, and
an atom in the "package.keywords" file can be used to modify the
effective KEYWORDS of a specific build of a package.
Refering to specific builds can be useful for a number of reasons. For
example, if a particular build needs to undergo a large amount of
testing in a complex environment in order to verify reliability, then
it can be useful to lock a profile to a specific build that has been
thoroughly tested.
|
|
|
|
| |
The section number should not be bolded like the main page.
|
|
|
|
|
|
|
|
|
|
| |
This documents /etc/portage/sets.conf, /usr/portage/sets.conf, and
/usr/share/portage/config/sets. It refers to "Package Set Configuration"
section of the html documentation for more information.
X-Gentoo-Bug: 541188
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=541188
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Soname dependency resolution is disabled by default, since it will not
work correctly unless all available installed and binary packages have
been built by a version of portage which generates REQUIRES and PROVIDES
metadata.
Soname dependency resolution is enabled when --ignore-soname-deps=n is
specified, and one of the following is true:
* --usepkgonly option is enabled
* removal actions (--depclean and --prune)
Soname dependencies are automatically ignored for dependency
calculations that can pull unbuilt ebuilds into the dependency graph,
since unbuilt ebuilds do not have any soname dependency metadata,
making it impossible to determine whether an unresolved soname
dependency can be satisfied. Therefore, --usepkgonly must be used
in order to enable soname depedency resolution when installing packages.
A new soname.provided file is supported for profiles, making it possible
to selectively ignore soname dependencies (see the portage(5) man page).
When soname dependency resolution is enabled, the soname dependencies
are represented as SonameAtom instances which expose an interface that
is minimally compatible with Atom instances. This allows both types of
atoms to be satisfied using mostly the same mechanisms, with minimal
use of conditional logic to handle the differences. Both atom classes
have "soname" and "package" attributes that make it convenient for
conditional code to distinguish package atoms and soname atoms. Both
classes also implement a match method, so that it is possible to match
a Package instance using identical syntax for both types of atoms.
Since soname dependencies and slot-operator := dependencies share many
properties, the slot-operator rebuild code has been generalized to
handle both types of dependencies. Many of the existing unit tests
involving slot-operator dependencies have been copied and adapted to
test soname dependencies (the new tests are located in the
pym/portage/tests/resolver/soname/ directory).
X-Gentoo-Bug: 282639
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=282639
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Generate soname dependency metadata for binary and installed packages,
in the form of PROVIDES and REQUIRES metadata. It is useful to generate
PROVIDES and REQUIRES metadata now, so that it will be available
when dependency resolver support is added in the future. Note that
slot-operator dependencies will not be able to serve as a substitute
for soname dependencies for the forseeable future, because system
dependencies are frequently unspecified (according to Gentoo policy).
The PROVIDES/REQUIRES system is very similar to the automatic Requires
and Provides system which is supported by RPM. The PROVIDES/REQUIRES
metadata is generated automatically from the ELF files that are
installed by a package. The PROVIDES/REQUIRES syntax is described in
the /var/db/pkg section of the portage(5) man page. REQUIRES_EXCLUDE
and PROVIDES_EXCLUDE ebuild variables allow for filtering of the
sonames that are saved in REQUIRES and PROVIDES (see the ebuild(5) man
page for details).
The /var/db/pkg NEEDED.ELF.2 format now includes an additional field
which indicates the multilib category, as discussed in bug #534206. The
multilib category is used to categorize the sonames that are listed in
PROVIDES/REQUIRES metadata, since sonames need to be resolved
separately for each multilib category. The complete list of supported
multilib categories is documented in the comments of the
portage.dep.soname.multilib_category module.
X-Gentoo-Bug: 282639
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=282639
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
| |
Fix some missed - escapes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support prefixing groups of USE_EXPAND flags with 'USE_EXPAND:' in user
configuration package.use and similar files. This provides a convenient
way of declaring specifying multiple USE_EXPAND flags and matches the
syntax supported by Paludis. Example:
dev-util/netbeans NETBEANS_MODULES: php webcommon extide
media-libs/mesa osmesa VIDEO_CARDS: intel nouveau
X-Gentoo-Bug: 471776
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=471776
|
| |
|