[gentoo-portage-dev] [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[gentoo-portage-dev] [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Zac Medico]

X-Gentoo-Bug: 563482
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=563482
---
 man/emerge.1 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/man/emerge.1 b/man/emerge.1
index 237fb79..c03f044 100644
--- a/man/emerge.1
+++ b/man/emerge.1
@@ -676,6 +676,13 @@ packages that depend on matching packages due to \fB\-\-rebuild\fR.
 .BR "\-\-oneshot " (\fB\-1\fR)
 Emerge as normal, but do not add the packages to the world file
 for later updating.
+
+\fBWARNING:\fR This option should only be used for packages that are
+reachable from the @world package set (those that would not be removed
+by \fB\-\-depclean\fR), since dependencies of unreachable packages are
+allowed to be broken when satisfying dependencies of other packages.
+Broken dependencies of this sort will invalidate assumptions that make
+it possible for \fB\-\-deep\fR to be disabled by default.
 .TP
 .BR "\-\-onlydeps " (\fB\-o\fR)
 Only merge (or pretend to merge) the dependencies of the packages
-- 
2.4.9

Re: [gentoo-portage-dev] [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Alexander Berntsen]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Maybe it's a bit heavy-handed to state the reason, since this
paragraph is a bit complicated (since it's describing somewhat
complicated functionality)... I don't know. It's probably fine.

ACK anyway. If someone figures out a better way to document it, we can
do that some other time.
- -- 
Alexander
bernalex@gentoo.org
https://secure.plaimi.net/~alexander
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWJpm5AAoJENQqWdRUGk8B7n0QAMW2uCNEys3dtLejt4f4oBW4
A3FZMkMWXd6TiMSU4UZ8sYlb3fomJ0tKv/6S4w9bv8W2x5DR7cwTSegp306dPf6q
Dz2P/H4pZrm55yWyizjbCn5Fjs3vawcy1NGYohL+EayiLPiRsJVni+/obNgowQWB
pQv3eg2dSUxXEgSQQC3e/EjPG38Q9X2ZOo81juRPahZ2WRfg8HZpVntA1zq0444S
WiwMRggKEJbuQpr2sq1JjyZ+XghOPdtgVJag2zep4NZpFQ03r8UlIt7kgpICZ1g5
f3g05+MZfunBkOttbBBriBg/qsJwt/eIakM/hRmvUPy0oYXvXr13XzQog3/BmUZH
8cpAuyttf2rD3xNCtNHLDooXuQuFmiHDlnwmxMnjhj7amo3q8FNXCHwP/anXYjyQ
basV3U3Te/h4E3afvIlt1lQmRuBdTLeBKENLtg2+SHL0onNtw4NQphmfGOfXlsq+
cR6Ss1+xoWDt4hyS1uMm9JMYDyPwf1bmD7fIcOdrdGcxipZbVcgWnyB77jVLYgqk
dV2pAqKd94qeTi1UPbXub4RAusbMd9TmUrJ1JskzMZasb7fpkipoQT/o+f7JWi2e
oe2rZlkfUFatqaXX+RFfRgkGVPAWHEwss3QWYjiRgOq6+izR8RcUjbTDG2rSw0Q7
X+is6tvlVEhsEhbgDjth
=lbsc
-----END PGP SIGNATURE-----

Re: [gentoo-portage-dev] [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Rob Wortman]

On 2015-10-20 at 21:44:58 +0200, bernalex@gentoo.org wrote:
> (since it's describing somewhat complicated functionality)

So, I'm curious what's actually going on there. If I emerge packages
with --oneshot, does that create the possibility of broken dependencies
for world-reachable packages, or does updating @world create the
possiblity of broken dependencies for oneshot'ed packages?

-- 
Batou: Hey, Major... You ever hear of "human rights"?
Kusanagi: I understand the concept, but I've never seen it in action.
  --Ghost in the Shell

[gentoo-portage-dev] Re: [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Duncan]

Rob Wortman posted on Tue, 20 Oct 2015 17:37:37 -0700 as excerpted:

> On 2015-10-20 at 21:44:58 +0200, bernalex@gentoo.org wrote:
>> (since it's describing somewhat complicated functionality)
> 
> So, I'm curious what's actually going on there. If I emerge packages
> with --oneshot, does that create the possibility of broken dependencies
> for world-reachable packages, or does updating @world create the
> possiblity of broken dependencies for oneshot'ed packages?

AFAIK, the latter.  @world's dep-calc doesn't take into account anything 
beyond what's in @world (which by definition includes @system and, where 
appropriate, @profile).  So @world should be safe, but packages not in it 
or deps of what's in it aren't accounted for and both won't be updated, 
and could be unmerged if the depgraph that portage calculates for @world 
works most directly by doing so.

They won't be unmerged unless they're simple-blockers to something, 
however; that's what depclean is for.  It's just that portage doesn't 
account for them in the depgraph, either, and thus might "accidentally" 
unmerge them.


Meanwhile, the suggestion that --update --deep avoids the problem is most 
interesting to me, since all my normally used update-everything scripts 
have included --deep for nigh on a decade, now, while my normally used 
named-merge scripts have included --oneshot, since back in the day I 
didn't want to inadvertently pollute my world file with manually merged 
deps, and these days I don't even have an @world file, only a world_sets 
file, which names the various sets I've grouped the contents of both my 
former @world file and my former @system set (which is nullified, no 
@system packages at all, here, with everything I decided I actually 
needed in @world).

Plus, I reasonably commonly use merged but not assigned to a set packages 
as a sort of temporary package purgatory, for testing until I've decided 
I either like the package enough to keep, in which case I add it to the 
appropriate set as named in @world_sets, or I don't, in which case I 
simply run depclean and it cleans up both the package and any deps that 
only it pulled in, without cleaning up anything else, since I always run 
depclean in --ask mode after an update, simply to keep my system free of 
any detritus.

But I'm not sure of the avoidance mechanism, since for all I knew, 
without @world pinning them in, portage's depgraph didn't include them 
and that was that, --deep or not.

So the connection between --deep and --oneshot is new to me, and I'd love 
to know more about the implications.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-portage-dev] [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Zac Medico]

On 10/20/2015 05:37 PM, Rob Wortman wrote:
> On 2015-10-20 at 21:44:58 +0200, bernalex@gentoo.org wrote:
>> (since it's describing somewhat complicated functionality)
> 
> So, I'm curious what's actually going on there. If I emerge packages
> with --oneshot, does that create the possibility of broken dependencies
> for world-reachable packages, or does updating @world create the
> possiblity of broken dependencies for oneshot'ed packages?
> 

Any packages that are not reachable from @world are ripe for removal by
--depclean, so we allow their dependencies to break in order to satisfy
other dependencies (like in bug 563482). If you don't use --deep, then
emerge may try to build something that depends on one of these
unreachable packages with broken dependencies, such that whatever you
are trying to build has broken indirect dependencies (which is likely to
trigger a build failure like in bug 563482).
-- 
Thanks,
Zac

Re: [gentoo-portage-dev] [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Rob Wortman]

On 2015-10-20 at 22:11:24 -0700, zmedico@gentoo.org wrote:
> Any packages that are not reachable from @world are ripe for removal by
> --depclean, so we allow their dependencies to break in order to satisfy
> other dependencies (like in bug 563482). If you don't use --deep, then
> emerge may try to build something that depends on one of these
> unreachable packages with broken dependencies, such that whatever you
> are trying to build has broken indirect dependencies (which is likely to
> trigger a build failure like in bug 563482).

I think I understand. So, one could get the hypothetical scenario:

# emerge --oneshot A # which depends on B
# emerge --update @world # shuffles stuff around breaking B
# emerge C # which depends on A

Package C's dependency is filled, so emerge goes ahead and builds C.
Now, either C fails to build, or it is installed but fails at runtime,
because it depends on a package which depends on a package which is
broken.

Sound about right?

-- 
There are problems in today's world that cannot be
solved by the level of thinking that created them.
  -- Albert Einstein

Re: [gentoo-portage-dev] [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Zac Medico]

On 10/21/2015 09:13 AM, Rob Wortman wrote:
> On 2015-10-20 at 22:11:24 -0700, zmedico@gentoo.org wrote:
>> Any packages that are not reachable from @world are ripe for removal by
>> --depclean, so we allow their dependencies to break in order to satisfy
>> other dependencies (like in bug 563482). If you don't use --deep, then
>> emerge may try to build something that depends on one of these
>> unreachable packages with broken dependencies, such that whatever you
>> are trying to build has broken indirect dependencies (which is likely to
>> trigger a build failure like in bug 563482).
> 
> I think I understand. So, one could get the hypothetical scenario:
> 
> # emerge --oneshot A # which depends on B
> # emerge --update @world # shuffles stuff around breaking B
> # emerge C # which depends on A
> 
> Package C's dependency is filled, so emerge goes ahead and builds C.
> Now, either C fails to build, or it is installed but fails at runtime,
> because it depends on a package which depends on a package which is
> broken.
> 
> Sound about right?
> 

Yeah, and if you run emerge --depclean regularly, then it will prevent
problems like these.
-- 
Thanks,
Zac

[gentoo-portage-dev] Re: [PATCH] emerge(1): document --oneshot caveats (bug 563482)

[Duncan]

Zac Medico posted on Wed, 21 Oct 2015 12:26:11 -0700 as excerpted:

> Yeah, and if you run emerge --depclean regularly, then it will prevent
> problems like these.

Thanks, Zac.  I should be covered then, since I both consistently run
--deep, and consistently --depclean after updates. =:^)

(And now I understand the interaction between not running --deep,
and --oneshot, as well. =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman