| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
| |
Add a repos.conf sync-webrsync-delta setting that makes the webrsync
module call emerge-delta-webrsync, so that emerge-delta-webrsync users
can benefit from sync-openpgp-key-path support in the webrsync module.
Bug: https://bugs.gentoo.org/661838
Reviewed-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
| |
Add a repos.conf sync-webrsync-keep-snapshots setting that enables
the emerge-webrsync --keep option, which keeps snapshots in DISTDIR
instead of deleting them.
Reviewed-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add repos.conf sync-webrsync-verify-signature = true|false setting that
enables sync-openpgp-key-path support like in the rsync and git sync
modules. This is disabled by default, in order to avoid interference
with legacy manual PORTAGE_GPG_DIR configuration.
When sync-webrsync-verify-signature = true is set in repos.conf,
if the PORTAGE_GPG_DIR has not been exported, emerge-webrsync will
assume that it has been called directly and it will output an error
message advising the user to instead call emerge --sync or emaint sync.
Bug: https://bugs.gentoo.org/661838
Reviewed-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
| |
Closes: https://github.com/gentoo/portage/pull/343
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support sync-depth for shallow sync, using git reset --merge just
like in the earlier implementation that was reverted in commit
ab840ac982d3c8b676b89f6bedd14e85dd06870f. Also, run git gc --auto
in the foreground, in order to trigger periodic housekeeping and
hopefully avoid errors from automatic git gc calls as reported in
bug 599008.
The default sync-depth is unlimited, which means that default
behavior remains unchanged (unlike the previous implementation that
was reverted).
Bug: https://bugs.gentoo.org/552814
Bug: https://bugs.gentoo.org/599008
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sync into a quarantine subdirectory, using the rsync --link-dest option
to create hardlinks to identical files in the previous snapshot of the
repository. If hardlinks are not supported, then show a warning message
and sync directly to the normal repository location.
If verification succeeds, then the quarantine subdirectory is synced
to the normal repository location, and the quarantine subdirectory
is deleted. If verification fails, then the quarantine directory is
preserved for purposes of analysis.
Even if verification happens to be disabled, the quarantine directory
is still useful for making the repository update more atomic, so that
it is less likely that normal repository location will be observed in
a partially synced state.
The new behavior may conflict with configurations that restrict the
use of hardlinks, such as overlay filesystems. Therefore, users will
have to set "sync-allow-hardlinks = no" in repos.conf if they have
a configuration that prevents the use of hardlinks, but this should
not be very common.
Bug: https://bugs.gentoo.org/660410
|
|
|
|
|
| |
This deprecates the --root-deps option and the PORTAGE_CONFIGROOT
variable.
|
|
|
|
|
|
|
| |
Export the BROOT variable corresponding to the location where BDEPEND
are installed.
Bug: https://bugs.gentoo.org/317337
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users have reported that using all processors to verify
manifests results in overloading, therefore default to using
a single processor. On modern hardware, verification of the
gentoo repository completes in less than 20 seconds, so using
multiple processors is not really necessary. Also, gemato-13.0
disables parallel verification due to the unresolved deadlock
issue reported in bug 647964, so this brings the default
portage configuration into alignment with current gemato
behavior.
Bug: https://bugs.gentoo.org/650696
Bug: https://bugs.gentoo.org/647964
|
|
|
|
| |
Fixes: Fixes: 8aa1a070921d ("GitSync: Support setting environment variables for git")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since key refresh is prone to failure, retry using exponential
backoff with random jitter. This adds the following sync-openpgp-*
configuration settings:
sync-openpgp-key-refresh-retry-count = 40
Maximum number of times to retry key refresh if it fails. Between
each key refresh attempt, there is an exponential delay with a
constant multiplier and a uniform random multiplier between 0 and 1.
sync-openpgp-key-refresh-retry-delay-exp-base = 2
The base of the exponential expression. The exponent is the number
of previous refresh attempts.
sync-openpgp-key-refresh-retry-delay-max = 60
Maximum delay between each retry attempt, in units of seconds. This
places a limit on the length of the exponential delay.
sync-openpgp-key-refresh-retry-delay-mult = 4
Multiplier for the exponential delay.
sync-openpgp-key-refresh-retry-overall-timeout = 1200
Combined time limit for all refresh attempts, in units of seconds.
Bug: https://bugs.gentoo.org/649276
|
|
|
|
|
|
| |
This is similar to --changed-deps, but for SLOT metadata.
Bug: https://bugs.gentoo.org/631358
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore the @world package set and its dependencies. This may be useful
if there is a desire to perform an action even though it might break
the dependencies of some installed packages (it might also remove
installed packages in order to solve blockers). This also alters the
behavior of --complete-graph options so that only deep dependencies
of packages given as arguments are included in the dependency graph.
This option may be useful as an alternative to --nodeps in cases where
it is desirable to account for dependencies of packages given as
arguments.
Bug: https://bugs.gentoo.org/608564
|
|
|
|
|
|
|
|
|
| |
Remove the support for PROVIDE metadata. The aux entry that used to
be assigned to this variable is now reused in the PMS, so we finally
need to clean up.
Closes: https://github.com/gentoo/portage/pull/266
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new sync-git-verify-commit-signature option (defaulting to false)
that verifies the top commit signature after syncing. The verification
is currently done using built-in git routines.
The verification passes if the signature is good or untrusted.
In the latter case, a warning is printed. In any other case,
the verification causes sync to fail and an appropriate error is output.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
| |
Issue an explicit warning if the Manifest timestamp for Gentoo
repository is 24 hours behind the system clock. This is meant to detect
attacks based on preventing the user from upgrading.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
| |
This option is too noisy to enable by default, since it reports
hundreds of packages for most users.
Suggested-by: Michał Górny <mgorny@gentoo.org>
Bug: https://bugs.gentoo.org/645780
|
|
|
|
|
|
|
|
|
| |
There's been a lot of pushback involving the --dynamic-deps=n default.
What we really need is a tool to apply dependency changes in-place,
without the need for a rebuild.
Reverts: 2905e1c2c28d ("Disable dynamic-deps by default")
Bug: https://bugs.gentoo.org/646458
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Warn about empty directories installed to /var in install-qa-check phase
(that were not "filled" using keepdir), to help developers stop relying
upon Portage preserving them. Those directories are rather unlikely to
be false positives.
Furthermore, remove all the empty directories if FEATURES=strict-keepdir
is used to catch even more problems (intended for developers). Here
warnings are not really suitable since there will be a high number
of false positives.
The PMS specifies the behavior upon merging empty directories
as undefined, and specifically prohibits ebuilds from attempting
to install empty directories. However, ebuilds occasionally still fall
into the trap of relying on 'dodir' preserving the directory. Make
the Portage behavior more strict in order to prevent that.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
| |
Fix sync-rsync-verify-metamanifest to correctly parse yes|no. Also
correct the manpage to use those two terms as they were the ones used
in repos.conf and the news item.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Rename the 'sync-rsync-openpgp-key-path' to a more generic
'sync-openpgp-key-path'. OpenPGP is the basis of at least three
different verification schemes (git, rsync, snapshots) and at least
two of them use the same keys.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
| |
Requested-by: Ulrich Müller <ulm@gentoo.org>
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --dynamic-deps=n default causes confusion for users that are
accustomed to dynamic deps, therefore add a --changed-deps-report
option that is enabled by default for deep updates (if --usepkgonly
is not enabled).
The report is entirely suppressed in the following cases in which
the packages with changed dependencies are entirely harmless to the
user:
* --changed-deps or --dynamic-deps is enabled
* none of the packages with changed deps are in the graph
These cases suppress noise for the unaffected user, even though some
of the changed dependencies might be worthy of revision bumps.
The --quiet option suppresses the NOTE section of the report, but
the HINT section is still displayed since it might help users
resolve problems that are solved by --changed-deps.
Example output is as follows:
!!! Detected ebuild dependency change(s) without revision bump:
net-misc/openssh-7.5_p1-r3::gentoo
sys-fs/udisks-2.7.5::gentoo
NOTE: Refer to the following page for more information about dependency
change(s) without revision bump:
https://wiki.gentoo.org/wiki/Project:Portage/Changed_Deps
In order to suppress reports about dependency changes, add
--changed-deps-report=n to the EMERGE_DEFAULT_OPTS variable in
'/etc/portage/make.conf'.
HINT: In order to avoid problems involving changed dependencies, use the
--changed-deps option to automatically trigger rebuilds when changed
dependencies are detected. Refer to the emerge man page for more
information about this option.
Bug: https://bugs.gentoo.org/645780
|
|
|
|
|
|
|
|
|
|
|
| |
Add two new configuration options to rsync repositories:
sync-rsync-verify-metamanifest and sync-rsync-openpgp-key-path.
The first controls whether gemato verification is run for
the repository (defaults to true for ::gentoo, false otherwise),
the second makes it possible to override the key path for custom
repositories.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
Some ebuilds are a bit hard to fix their use of the network in src
phases, so allow them to disable things. This allows us to turn off
access by default and for the vast majority while we work out how to
fix the few broken packages.
URL: https://crbug.com/731905
|
| |
|
| |
|
|
|
|
|
| |
Man pages generally separate long & short options via a comma,
not by putting the short option in parens.
|
|
|
|
|
|
| |
The comma separating the short & long options should not be highlighted.
Arguments to the options should be styled with \fI instead of \fB.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We have prepared for this for quite a while and it's time to pull
the plug. Disable dynamic-deps by default and restore the standard
PMS behavior. This will cause some one-time pain but eventually will
result in improvement of ebuild quality, especially when developers
start experiencing the need for revbumps first hand.
Acked-by: Alexander Berntsen <bernalex@gentoo.org>
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
The set of required hashes specify which hashes must be present for
a distfile not to be refetched. It makes little sense to hardcode this
value, and it is mostly useful for transition periods, so make it
configurable via layout.conf and default to all hashes
in manifest-hashes.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Remove the MANIFEST2_HASH_FUNCTIONS const and replace it with
(deduplicated) calls to get_valid_checksum_keys(). We want Portage
to always complain whenever one of the hashes is not available even
if it is technically supported by the specific Portage version.
Closes: https://bugs.gentoo.org/634812
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
| |
Functions containing "hook" or "prep" in their name may not be used
or relied upon by ebuilds. Therefore they should not be documented
in ebuild(5) which describes the funtions available for ebuilds.
PMS reference: https://projects.gentoo.org/pms/6/pms.html#x1-14700011.3.3.16
Acked-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
| |
GLEPs have been moved to https://www.gentoo.org/glep/.
|
|
|
|
| |
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The option prevents --autounmask from making changes to
package.accept_keywords. This option does not imply
--autounmask-keep-masks, so --autounmask is still allowed
to create package.unmask changes unless the
--autounmask-keep-masks is also specified.
X-Gentoo-bug: 622480
X-Gentoo-bug-url: https://bugs.gentoo.org/622480
Reviewed-by: Manuel Rüger <mrueg@gentoo.org>
|
|
|
|
|
|
|
| |
This is more consistent with the names of the existing
PORTAGE_COMPRESS* variables.
Suggested-by: Michał Górny <mgorny@gentoo.org>
|
|
|
|
|
|
|
|
| |
This patch allows to set the compressor for binary packages via a
BINPKG_COMPRESSION variable. BINPKG_COMPRESSION_ARGS allows to specify
command-line arguments for the chosen compressor.
Reviewed-By: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This can be used to provide private SSH keys to portage in order to
clone repositories from a non-public repository.
An exemplary usage would be setting this in the repositories' repos.conf:
sync-git-env = "GIT_SSH_COMMAND=ssh -i /etc/portage/.ssh/id_rsa -o UserKnownHostsFile=/etc/portage/.ssh/known_hosts" GIT_TRACE=false
sync-git-pull-env = "GIT_SSH_COMMAND=ssh -i /etc/portage/.ssh/id_rsa -o UserKnownHostsFile=/etc/portage/.ssh/known_hosts" GIT_TRACE=true
sync-git-clone-env = "GIT_SSH_COMMAND=ssh -i /etc/portage/.ssh/id_rsa -o UserKnownHostsFile=/etc/portage/.ssh/known_hosts" GIT_TRACE=true
Closes: https://github.com/gentoo/portage/pull/165
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
| |
The -* wildcard has been supported since portage-2.3.4, but it was
not explicitly documented.
X-Gentoo-Bug: 610670
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=610670
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add --onlydeps-with-rdeps=n option in order to omit pure
run-time dependencies with --onlydeps. The dependencies
that get pulled in are those that are necessary for the
equivalent --buildpkgonly command to succeed. The default
--onlydeps behavior remains unchanged.
X-Gentoo-bug: 294719
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=294719
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the default behavior is now for emerge to terminate early for
autounmask changes (unless either --autounmask-backtrack=y or
--autounmask-continue is enabled), it is much less likely that time
will be wasted by fruitless backtracking. Therefore, raise the default
backtrack value from 3 to 10, restoring it to the value it had prior
to commit 1891388ea0ae0dd58903a71a3adc779731523601 (see bug 536926).
This will allow many users to avoid having to manually raise the
--backtrack value.
X-Gentoo-bug: 540562
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=540562
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since autounmask changes are a strong indicator that backtracking
will ultimately fail to produce a solution, terminate early for
autounmask changes, and add a --autounmask-backtrack=<y|n> option
to modify this behavior. The --autounmask-continue option implies
--autounmask-backtrack=y behavior, for backward compatibility.
When backtracking terminates early, the following warning message
is displayed after the autounmask change(s):
* In order to avoid wasting time, backtracking has terminated early
* due to the above autounmask change(s). The --autounmask-backtrack=y
* option can be used to force further backtracking, but there is no
* guarantee that it will produce a solution.
With this change, five of the existing cases fail unless
--autounmask-backtrack=y is added to the options. For each of
these cases, comments below the test case document how it behaves
with and without --autounmask-backtrack=y enabled.
X-Gentoo-bug: 615680
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=615680
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
|
|
| |
quickpkg takes atom input, not /var/db/pkg/<category>/<package>.
X-Gentoo-bug: 616262
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=616262
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a model of fake FILESDIR path to ensure that invalid accesses to
FILESDIR will result in failures rather than being silently allowed by
Portage. This mostly involves accesses in the global scope and pkg_*
phases, although the current model does not cover the latter completely
(i.e. does not guarantee that the directory is removed post src_*).
This model aims to follow PMS wording quite precisely. The value of
FILESDIR is meant to be stable throughout the build process, and it is
reliably set to a temporary directory path. However, since the path is
not guaranteed to be present outside src_*, the directory symlink is not
actually created before src_* phases.
Reviewed-by: Zac Medico <zmedico@gentoo.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's useful to automatically enable --with-bdeps so that @world updates
will update all packages that are not eligible for removal by
emerge --depclean. However, many users of binary packages do not want
unnecessary build time dependencies installed, therefore do not
auto-enable --with-bdeps for installation actions when the --usepkg
option is enabled.
A new --with-bdeps-auto=<y|n> option is provided, making it possible to
enable or disable the program logic that causes --with-bdeps to be
automatically enabled. Use --with-bdeps-auto=n to prevent --with-bdeps
from being automatically enabled for installation actions. This is useful
for some rare cases in which --with-bdeps triggers unsolvable dependency
conflicts (and putting --with-bdeps=n in EMERGE_DEFAULT_OPTS would cause
undesirable --depclean behavior).
X-Gentoo-bug: 598444
X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=598444
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
|
|
|
|
| |
X-Gentoo-Bug: 610852
X-Gentoo-Bug-Url: https://bugs.gentoo.org/show_bug.cgi?id=610852
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since sync-depth actually controls clone depth, rename it
to clone-depth, and show a warning message when the sync-depth
option has been specified:
UserWarning: repos.conf: sync-depth is deprecated, use clone-depth instead
This makes it feasible to change the meaning of sync-depth in
the future (it could be used to control git pull depth).
X-Gentoo-Bug: 552814
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=552814
Acked-by: Brian Dolbec <dolsen@gentoo.org>
|
| |
|