Gentoo Repository News
amd64 17.1 profiles are now stable - 05/06/2019 00:00 GMT
A new set of 17.1 amd64 profiles has been added to the Gentoo
repository in Dec 2017. These profiles switch to a more standard
'no SYMLINK_LIB' multilib layout, and require explicit migration as
described below. They are considered stable at the moment, and we would
like to request all users to upgrade their systems. The old profiles
will be deprecated in the near future.
In the new profiles, the lib->lib64 compatibility symlink is removed.
64-bit libraries need to be installed directly to lib64. /lib
and /usr/lib become real directories, that are used for cross-arch
and native non-library packages (gcc, clang) and 32-bit libraries
on the multilib profile (which improves compatibility with prebuilt x86
packages).
Migration from both 13.0 and 17.0 profiles is supported. In case
of the former, reading the news item for 17.0 upgrade [1]
is recommended.
The migration is performed using app-portage/unsymlink-lib tool.
The following steps can be used to upgrade your system:
1. Sync and upgrade your system to the newest package versions
to reduce the risk of issues.
2. If you are still running a 13.0 profile, select gcc 6.4.0 or later
as the system compiler, source /etc/profile and reinstall libtool:
# gcc-config -l
[1] x86_64-pc-linux-gnu-5.5.0 *
[2] x86_64-pc-linux-gnu-8.3.0
# gcc-config 2
# . /etc/profile
# emerge -1v libtool
3. Install the tool:
# emerge -1v app-portage/unsymlink-lib
4. Run 'unsymlink-lib --analyze' and check the output for obvious
mistakes. If you need to perform any changes to the system, remember
to run 'unsymlink-lib --analyze' again afterwards.
[past this point do not call emerge or modify /usr manually]
5. This is a very good time to make a backup.
6. Run 'unsymlink-lib --migrate'. You can add '--pretend' first to see
what is going to happen.
7. Reboot your system. Check if important programs work.
In particular, verify that e.g. 'emerge --info' works (but do not
install anything). If you hit any serious problems, you can use
'unsymlink-lib --rollback' to revert the changes and return to
step 4.
8. Run 'unsymlink-lib --finish'. You can add '--pretend' first to see
what is going to happen but note that you're going to see a very long
list of files to remove.
9. Switch the profile, e.g.:
# eselect profile set default/linux/amd64/17.1/desktop
[at this point you can start using emerge again]
10. Rebuild the toolchain:
# emerge -1v sys-devel/gcc:8.3.0
[ repeat for other slots you will be using ]
[ if you are upgrading from 13.0 profile, also: ]
# emerge -1v sys-devel/binutils
# emerge -1v sys-libs/glibc
11. If you are using a multilib profile, rebuild all 32-bit packages.
This can be done using:
# emerge -1v --deep /lib32 /usr/lib32
Alternatively, if you are switching from one of the 13.0 profiles
you can rebuild all packages as detailed in the 17.0 news item:
# emerge -ev @world
12. Once the last 32-bit package is rebuilt, your package manager
should remove the orphaned /lib32 and /usr/lib32 symlinks. If that
does not happen, remove them manually:
# rm /lib32 /usr/lib32
For known issues, please see bug #506276 [2]. If you have any problems
with the new profiles or the migration procedure, please report a bug
and make it block the tracker.
For more information on the layout, please see the wiki article
on AMD64 multilib layouts [3].
[1] https://gentoo.org/support/news-items/2017-11-30-new-17-profiles.html
[2] https://bugs.gentoo.org/506276
[3] https://wiki.gentoo.org/wiki/Project:AMD64/Multilib_layout
Posted By: Michał Górny
Change of ACCEPT_LICENSE default - 23/05/2019 00:00 GMT
The default set of accepted licenses has been changed [1,2] to: ACCEPT_LICENSE="-* @FREE" This means that by default only free software and documentation will be installable. The "FREE" license group is defined in the profiles/license_groups file in the Gentoo repository. It contains licenses that are explicitly approved by the Free Software Foundation, the Open Source Initiative, or that follow the Free Software Definition. The system wide default for the accepted licenses is controlled by the ACCEPT_LICENSE variable in /etc/portage/make.conf, or it can be specified on a per-package basis in /etc/portage/package.license. For example, to allow the app-arch/unrar and sys-kernel/linux-firmware packages to be installed, the following lines would have to be added to /etc/portage/package.license: app-arch/unrar unRAR sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE A migration tool app-portage/elicense is available. It scans installed packages for licenses that are no longer accepted, and generates a list in the same format as the package.license file. See elicense's README for further details. If you want to revert to the previous default, add the following line to /etc/portage/make.conf: ACCEPT_LICENSE="* -@EULA" This will permit all licenses, except End User License Agreements that require reading and signing an acceptance agreement. Note that this will also accept non-free software and documentation. See GLEP 23 [3] as well as the make.conf(5) and portage(5) man pages for the detailed syntax of the ACCEPT_LICENSE variable. Further information about licenses can be found in the Gentoo Handbook [4] and on the license groups wiki page [5]. [1] https://projects.gentoo.org/council/meeting-logs/20190210-summary.txt [2] https://bugs.gentoo.org/676248 [3] https://www.gentoo.org/glep/glep-0023.html [4] https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Portage#Licenses [5] https://wiki.gentoo.org/wiki/License_groups
Posted By: Thomas Deutschmann
MySQL server and library dependency shift - 13/02/2019 00:00 GMT
Due to the complexity of supporting multiple client libraries, the Gentoo MySQL maintainers have decided to drop dependencies on the server installation where it is not absolutely necessary. This will mean that packages might not automatically install the server as a dependency since it does not have to exist on the local machine. To ensure uninterrupted service, verify that the server package, such as dev-db/mariadb, dev-db/mysql, etc, is included in the world file where it is in operation. This can be accomplished by running emerge with the --noreplace option. Eg.: emerge --noreplace dev-db/mariadb
Posted By: Brian Evans
ARM 17.0 profile migration with CHOST change - 07/09/2018 00:00 GMT
The new 17.0 profiles for ARM are now officially available. This not only features the PIE migration previously announced for other architectures but also a tuple (CHOST) change for hardfloat systems. In short, the tuple will change from armv7a-hardfloat-linux-gnueabi to armv7a-unknown-linux-gnueabihf or similar. This is to fall in line with what the rest of the Linux community are now using. If the vendor (2nd) part of your tuple is different or missing then you may keep it as it is. The hf ending is what matters. If you are using an unversioned alternative profile such as hardened/linux/arm/armv7a then the default CHOST will have changed for you already. Hopefully, you were shielded from the change by having CHOST explicitly set in your make.conf. In this case, a migration is still required. Changing CHOST is never simple and does carry some risk. We encourage users to migrate but if you do not have sys-devel/llvm on your system and you do not cross-compile for ARM then you may choose to keep your existing CHOST. We will continue to support this to some degree although we cannot promise that other packages will not be affected in future. If you choose not to migrate or your system is not hardfloat then you must ensure that CHOST is explicitly set in make.conf and then proceed with a regular 17.0 migration to deal with PIE as detailed here: https://www.gentoo.org/support/news-items/2017-11-30-new-17-profiles.html Otherwise, if you do wish to migrate then we have written a script to do the necessary steps for you. Download the raw script here: https://dev.gentoo.org/~chewi/armhf-migrate.bash View with syntax highlighting and change history here: https://gist.github.com/chewi/1601684ad8f3cf8de0b786c00fa09b3c It takes a minimal backup of the existing toolchain with quickpkg before changing anything but we strongly recommend that you take a full backup first. The script echos each command as it goes along so that you can keep an eye on what it's doing. You are, of course, welcome to tinker with the script or perform the migration manually if you think you know your own system better. It is heavily commented for this reason. If the script fails then you can take remedial action before running it again and it should skip any time-consuming builds that it has already done. If the migration doesn't go to plan then please do seek help in #gentoo-arm. A migration of this kind can justify rebuilding @world but with ARM typically being very slow, the script does just the minimum necessary. You are free to rebuild @world yourself after running it.
Posted By: James Le Cuirot
Migration required for OpenSSH with LDAP - 07/08/2018 00:00 GMT
If your sshd authenticates against LDAP, you have to migrate your current setup to a new one using sshd's "AuthorizedKeysCommand" option and a wrapper provided by packages like the new sys-auth/ssh-ldap-pubkey or sys-auth/sakcl because beginning with net-misc/openssh-7.7_p1, OpenSSH-LPK patch set is deprecated and no longer applies. We have created a short migration guide in the Wiki [1] for more details. [1] https://wiki.gentoo.org/wiki/SSH/LDAP_migration
Posted By: Thomas Deutschmann
Portage rsync hardlink support - 11/07/2018 00:00 GMT
For users of the rsync tree, beginning with sys-apps/portage-2.3.42,
the default behavior for sync operations will use hardlinks in order
to ensure that a repository remains in a valid state if something
goes wrong [1]. For example, if signature verification fails during a
sync operation, the new hardlink behavior will preserve the previous
state of the repository.
The new behavior may conflict with configurations that restrict the
use of hardlinks, such as overlay filesystems. Therefore, users will
have to set "sync-allow-hardlinks = no" in repos.conf if they have
a configuration that restricts the use of hardlinks, but this should
not be very common:
[DEFAULT]
sync-allow-hardlinks = no
Note that it is possible to sync more efficiently using git [2]
instead of rsync, though git consumes an increasing amount of disk
space over time unless shallow pull is enabled via the sync-depth
option in repos.conf [3] (requires sys-apps/portage-2.3.42 or later).
[1] https://bugs.gentoo.org/660410 sys-apps/portage: use rsync
--link-dest to implement atomic repository updates (and abort if
signature verification fails)
[2] https://wiki.gentoo.org/wiki/Portage_Security#git-mirror_repo
[3] https://bugs.gentoo.org/552814 sys-apps/portage: support shallow
git pull by setting sync-depth = 1 in repos.conf
Posted By: Zac Medico
Python 3.6 to become the default target - 22/05/2018 00:00 GMT
On 2018-06-22, Python 3.6 will replace Python 3.5 in the default Python
targets for Gentoo systems. The new default targets will be:
PYTHON_TARGETS="python2_7 python3_6"
PYTHON_SINGLE_TARGET="python3_6"
If you have not overriden the value of those variables on your system,
then your package manager will want to use the new targets immediately.
In order to prevent dependency conflicts, please clean stray packages
and rebuild/upgrade all packages with USE flag changes after the change,
e.g.:
emerge --depclean
emerge -1vUD @world
emerge --depclean
Please note that upgrading dependencies in place may cause some
of the package dependencies to be temporarily missing. While this
should not affect scripts that are already fully loaded, it may cause
ImportErrors while starting Python scripts or loading additional
modules (only scripts running Python 3.5 are affected).
In order to improve stability of the upgrade, you may choose to
temporarily enable both targets, i.e. set in /etc/portage/make.conf
or its equivalent:
PYTHON_TARGETS="python2_7 python3_5 python3_6"
PYTHON_SINGLE_TARGET="python3_5"
This will cause the dependencies to include both Python 3.5 and 3.6
support on the next system upgrade. Once all packages are updated,
you can restart your scripts, remove the custom setting and run another
upgrade to remove support for Python 3.5.
If you would like to postpone the switch to Python 3.6, you can copy
the current value of PYTHON_TARGETS and/or PYTHON_SINGLE_TARGET
to /etc/portage/make.conf or its equivalent:
PYTHON_TARGETS="python2_7 python3_5"
PYTHON_SINGLE_TARGET="python3_5"
If you would like to migrate your systems earlier, you can do the same
with the new value.
If you are still using Python 3.4, please consider switching to a newer
version as it is reaching its end-of-life. The end-of-life dates
for the currently used versions are:
Python 3.4 2019-03-16
Python 2.7 2020-01-01
Python 3.5 2020-09-13 [1]
[1]:https://devguide.python.org/#status-of-python-branches
Posted By: Michał Górny
Radicale 2 requires pre-install migration - 02/04/2018 00:00 GMT
Radicale version 2 uses a new storage format and is not able to read databases created by version 1. Version 1 releases starting from 1.1.3 include a --export-storage option which can be used to export their databases in a format that Radicale 2 can use; you must do this before upgrading to version 2. If you have kept the Gentoo-default database configuration, this will work: 1. Stop any running instance of Radicale. 2. Run `radicale --export-storage ~/radicale-exported`. 3. Run `chown -R radicale: ~/radicale-exported` 4. Run `mv /var/lib/radicale /var/lib/radicale.old`. 5. Install Radicale version 2. 6. Run `mv ~/radicale-exported /var/lib/radicale/collections`. For more details, or if you are have a more complex configuration, please see the migration guide: http://radicale.org/1to2/ If you do a custom migration, please ensure the database is cleaned out of /var/lib/radicale, including the hidden .props file.
Posted By: Christopher Head
Portage rsync tree verification - 30/01/2018 00:00 GMT
Starting with sys-apps/portage-2.3.21, Portage will verify the Gentoo repository after rsync by default. The new verification is intended for users who are syncing via rsync. Users syncing via git or other methods are not affected, and complete verification for them will be provided in the future. The verification is implemented via app-portage/gemato. Currently, the whole repository is verified after syncing. On systems with slow hard drives, this could take around 2 minutes. If you wish to disable it, you can disable the 'rsync-verify' USE flag on sys-apps/portage or set 'sync-rsync-verify-metamanifest = no' in your repos.conf. Please note that the verification currently does not prevent Portage from using the repository after syncing. If 'emerge --sync' fails, do not install any packages and retry syncing. In case of prolonged or frequent verification failures, please make sure to report a bug including the failing mirror addresses (found in emerge.log). The verification uses information from the binary keyring provided by the app-crypt/gentoo-keys package. The keys are refreshed from the keyserver before every use in order to check for revocation. The post-sync verification ensures that the authenticity of the key package itself is verified. However, manual verification is required before the first use. On Gentoo installations created using installation media that included portage-2.3.22, the keys will already be covered by the installation media signatures. On existing installations, you need to manually compare the primary key fingerprint (reported by gemato on every sync) against the official Gentoo keys [1]. An example gemato output is: INFO:root:Valid OpenPGP signature found: INFO:root:- primary key: 1234567890ABCDEF1234567890ABCDEF12345678 INFO:root:- subkey: FEDCBA0987654321FEDCBA0987654321FEDCBA09 Please note that the above snippet does not include the real key id on purpose. The primary key actually printed by gemato must match the 'Gentoo Portage Snapshot Signing Key' on the website. Please make sure to also check the certificate used for the secure connection to the site! [1]:https://www.gentoo.org/downloads/signatures/
Posted By: Michał Górny
systemd sysv-utils blocker resolution - 23/01/2018 00:00 GMT
Starting with systemd-236, the sysv-utils USE flag is enabled by
default.
The sysv-utils USE flag controls installation of symlinks for several
key commands:
/sbin/halt -> ../bin/systemctl
/sbin/init -> ../lib/systemd/systemd
/sbin/reboot -> ../bin/systemctl
/sbin/poweroff -> ../bin/systemctl
/sbin/runlevel -> ../bin/systemctl
/sbin/shutdown -> ../bin/systemctl
/sbin/telinit -> ../bin/systemctl
These commands are otherwise provided by sys-apps/sysvinit. This package
is blocked by systemd when the sysv-utils USE flag is enabled.
Enabling sysv-utils should cause Portage to un-merge sysvinit and OpenRC
if they are currently installed. emerge may emit a warning message
before doing so; if you are booting with systemd, this message is safe
to ignore.
If you wish to keep sysvinit (and openrc) installed, you may disable the
sysv-utils USE flag locally.
If you run into unresolvable blockers with sysv-utils enabled, ensure
that you do not have any reverse dependencies of sys-apps/sysvinit
selected (in your world file).
Common packages to look for:
sys-apps/sysvinit
sys-apps/openrc
net-misc/netifrc
The equery command from gentoolkit may help track down installed
packages that depend on openrc.
equery depends sys-apps/openrc
Posted By: Mike Gilbert