Search Portage & Overlays:

Gentoo Repository News

Portage rsync tree verification - 30/01/2018 00:00 GMT

Starting with sys-apps/portage-2.3.21, Portage will verify the Gentoo
repository after rsync by default.

The new verification is intended for users who are syncing via rsync.
Users syncing via git or other methods are not affected, and complete
verification for them will be provided in the future.

The verification is implemented via app-portage/gemato. Currently,
the whole repository is verified after syncing. On systems with slow
hard drives, this could take around 2 minutes. If you wish to disable
it, you can disable the 'rsync-verify' USE flag on sys-apps/portage
or set 'sync-rsync-verify-metamanifest = no' in your repos.conf.

Please note that the verification currently does not prevent Portage
from using the repository after syncing. If 'emerge --sync' fails,
do not install any packages and retry syncing. In case of prolonged
or frequent verification failures, please make sure to report a bug
including the failing mirror addresses (found in emerge.log).

The verification uses information from the binary keyring provided
by the app-crypt/gentoo-keys package. The keys are refreshed
from the keyserver before every use in order to check for revocation.
The post-sync verification ensures that the authenticity of the key
package itself is verified. However, manual verification is required
before the first use.

On Gentoo installations created using installation media that included
portage-2.3.22, the keys will already be covered by the installation
media signatures. On existing installations, you need to manually
compare the primary key fingerprint (reported by gemato on every sync)
against the official Gentoo keys [1]. An example gemato output is:

  INFO:root:Valid OpenPGP signature found:
  INFO:root:- primary key: 1234567890ABCDEF1234567890ABCDEF12345678
  INFO:root:- subkey: FEDCBA0987654321FEDCBA0987654321FEDCBA09

Please note that the above snippet does not include the real key id
on purpose. The primary key actually printed by gemato must match
the 'Gentoo Portage Snapshot Signing Key' on the website. Please make
sure to also check the certificate used for the secure connection
to the site!


Posted By: Michał Górny

systemd sysv-utils blocker resolution - 23/01/2018 00:00 GMT

Starting with systemd-236, the sysv-utils USE flag is enabled by

The sysv-utils USE flag controls installation of symlinks for several
key commands:

    /sbin/halt -> ../bin/systemctl
    /sbin/init -> ../lib/systemd/systemd
    /sbin/reboot -> ../bin/systemctl
    /sbin/poweroff -> ../bin/systemctl
    /sbin/runlevel -> ../bin/systemctl
    /sbin/shutdown -> ../bin/systemctl
    /sbin/telinit -> ../bin/systemctl

These commands are otherwise provided by sys-apps/sysvinit. This package
is blocked by systemd when the sysv-utils USE flag is enabled.

Enabling sysv-utils should cause Portage to un-merge sysvinit and OpenRC
if they are currently installed. emerge may emit a warning message
before doing so; if you are booting with systemd, this message is safe
to ignore.

If you wish to keep sysvinit (and openrc) installed, you may disable the
sysv-utils USE flag locally.

If you run into unresolvable blockers with sysv-utils enabled, ensure
that you do not have any reverse dependencies of sys-apps/sysvinit
selected (in your world file).

Common packages to look for:


The equery command from gentoolkit may help track down installed
packages that depend on openrc.

    equery depends sys-apps/openrc

Posted By: Mike Gilbert

GnuCash 2.7+ Breaking Change - 14/01/2018 00:00 GMT

Along with changes to use modern libraries, GnuCash 2.7+ has changed the
schema [1] it uses for both databases and files. GnuCash will
automatically modify the file or database in place upon open.

Therefore, it is imperative that you back up any files or databases
before using GnuCash 2.7 in case you run into an issue and want or need
to revert back to 2.6.

Close any open session of GnuCash including remote sessions, then
follow the relevant backup instructions as follows:

For XML (plain files):
$ cp /path/to/file.gnucash /path/to/file.gnucash.bak

For MySQL:
$ mysqldump gnucash_db | xz > gnucash-2.6.sql.xz

For PostgreSQL:
$ pg_dump -U gnucash_user -Z 5 gnucash_db > gnucash-2.6.sql.gz

For SQLite:
$ cp /path/to/sqlite.file.gnucash /path/to/sqlite.file.gnucash.bak


Posted By: Aaron W. Swenson

Experimental amd64 17.1 profiles up for testing - 26/12/2017 00:00 GMT

A new set of 17.1 amd64 profiles has been added to the Gentoo
repository. Those profiles switch to a more standard 'no SYMLINK_LIB'
multilib layout, and require explicit migration as described below. They
are considered experimental at the moment, and have a fair risk
of breaking your system. We would therefore like to ask our users to
test them on their non-production ~amd64 systems.

In those profiles, the lib->lib64 compatibility symlink is removed.
The 'lib' directory becomes a separate directory, that is used
for cross-arch and native non-library packages (gcc, clang) and 32-bit
libraries on the multilib profile (for better compatibility with
prebuilt x86 packages).

Migration from both 13.0 and 17.0 profiles is supported. In case
of the former, please read the news item for 17.0 upgrade first
and enable gcc 6.4.0 or newer first as explained there.

The migration is performed using app-portage/unsymlink-lib tool.
The following steps can be used to upgrade your system:

1. Sync and upgrade your system to the newest package versions
   to reduce the risk of issues.

2. Install the tool, e.g. via 'emerge -1v app-portage/unsymlink-lib'

3. Run 'unsymlink-lib --analyze' and check the output for obvious
   mistakes. If you need to perform any changes to the system, remember
   to run 'unsymlink-lib --analyze' again afterwards.

[past this point do not call emerge or modify /usr manually]

4. This is a very good time to make a backup.

5. Run 'unsymlink-lib --migrate'. You can add '--pretend' first to see
   what is going to happen.

6. Reboot your system and see if it still boots. Check if important
   programs work. In particular, check if e.g. 'emerge --info' works
   (but do not install anything). If you hit any serious problems,
   you can use 'unsymlink-lib --rollback' to revert the changes
   and return to step 3.

7. Run 'unsymlink-lib --finish'. You can add '--pretend' first to see
   what is going to happen but note that you're going to see a very long
   list of files to remove.

8. Switch the profile, e.g.:

     eselect profile set --force default/linux/amd64/17.1/desktop

[at this point you can start using emerge again]

9. Rebuild sys-devel/gcc. If you are switching from 13.0 profiles,
   rebuild sys-devel/binutils and sys-libs/glibc afterwards.

10. If you are using a multilib profile, rebuild all 32-bit packages.
    This can be done using:

      emerge -1v /lib32 /usr/lib32

    Alternatively, if you are switching from one of the 13.0 profiles
    you can rebuild all packages as detailed in the 17.0 news item.

11. Once the last 32-bit package is rebuilt, your package manager
    should remove the orphaned /lib32 and /usr/lib32 symlinks. If that
    does not happen, remove them manually.

For known issues, please see bug #506276 [1]. If you have any problems
with the new profiles or the migration procedure, please report a bug
and make it block the tracker.

For more information on the layout, please see the wiki article
on AMD64 multilib layouts [2].


Posted By: Michał Górny

New 17.0 profiles in the Gentoo repository - 30/11/2017 00:00 GMT

We have just added (for all arches except arm and mips, these follow
later) a new set of profiles with release version 17.0 to the Gentoo 
repository. These bring three changes:
1) The default C++ language version for applications is now C++14.
   This change is mostly relevant to Gentoo developers. It also
   means, however, that compilers earlier than GCC 6 are masked 
   and not supported for use as a system compiler anymore. Feel 
   free to unmask them if you need them for specific applications.
2) Where supported, GCC will now build position-independent
   executables (PIE) by default. This improves the overall
   security fingerprint. The switch from non-PIE to PIE binaries,
   however, requires some steps by users, as detailed below.
3) Up to now, hardened profiles were separate from the default
   profile tree. Now they are moving into the 17.0 profile
   as a feature there, similar to "no-multilib" and "systemd".

Please migrate away from the 13.0 profiles within the six weeks after
GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
will be deprecated then and removed in half a year.

If you are not already running a hardened setup with PIE enabled, then
switching the profile involves the following steps: 
If not already done,
* Use gcc-config to select gcc-6.4.0 or later as system compiler
* Re-source /etc/profile:
    . /etc/profile
* Re-emerge libtool
    emerge -1 sys-devel/libtool
* Select the new profile with eselect
* Re-emerge, in this sequence, gcc, binutils, and glibc
    emerge -1 sys-devel/gcc:6.4.0
    emerge -1 sys-devel/binutils
    emerge -1 sys-libs/glibc
* Rebuild your entire system
    emerge -e @world

Switching the profile from 13.0 to 17.0 modifies the settings of 
GCC 6 to generate PIE executables by default; thus, you need to do 
the rebuilds even if you have already used GCC 6 beforehand.
If you do not follow these steps you may get spurious build
failures when the linker tries unsuccessfully to combine non-PIE
and PIE code.

Posted By: Andreas K. Hüttel

No stable KEYWORDS for Gentoo Games - 22/11/2017 00:00 GMT

As the Games team does not have enough manpower to keep tabs on all
games packages, we have dropped all ebuilds maintained by the games
project to unstable KEYWORDS (without those required by other stable
packages). If you have any of these stable games packages installed,
you will have to add them to /etc/portage/package.accept_keywords/
manually. Failures related to missing stable KEYWORDS will show up as

  The following keyword changes are necessary to proceed:
   (see "package.accept_keywords" in the portage(5) man page for more details)
  # required by @selected
  # required by @world (argument)
  =games-action/0verkill-0.16-r4 ~amd64

While we accept that this will cause some irritation for the community,
pretending we have a well supported games collection by having a
wealth of stable games packages is misleading at best. We welcome
contributions from outsiders willing to polish up the games landscape
in Gentoo via the Proxy Maintainers Project.

Posted By: David Seifert

Old Wine versions moving to wine-overlay - 21/11/2017 00:00 GMT

To reduce the burden on main Gentoo repository, older versions of Wine
will be available only in the wine overlay. These ebuilds will still be
fully supported by the Gentoo Wine Project.  This will result in
upstream stable releases and the several most recent upstream devel
releases being the only versions in ::gentoo; all versions meeting the
criteria for support within Gentoo [1] will be available in ::wine.

To install the overlay you can either add the repos.conf file to your
portage configuration directory, add the repository via layman, or add the
repository via eselect-repository.

* To add the repos.conf file:
# wget -O \

Edit the /etc/portage/repos.conf/wine.conf file so that "location"
points to your desired folder to install the overlay.
# emaint sync --repo wine

* To install the overlay via layman:
# layman -a wine

* To install the overlay via eselect-repository:
# eselect repository enable wine


Posted By: NP-Hardass

OpenRC "service" binary removal - 13/10/2017 00:00 GMT

OpenRC 0.33 will remove the "service" binary, which was just a copy of
the "rc-service" binary.

If you only use rc-service this will not affect you. However, if you
still need the "service" command, you should install

Posted By: William Hubbs

Perl 5.26 update: possible breakage - 10/10/2017 00:00 GMT

You have just upgraded to Perl 5.26. This release brings several 
incompatible changes, as a result of deprecations coming to term
and of changes in default settings to mitigate a potential
security issue [1].

While we have made sure that all resulting build failures within 
Gentoo are fixed, this may not be the case for runtime issues, 
and certainly can affect third-party code (e.g., "hand-installed" 
server applications).

Typical errors are:
* Can't locate inc/... in @INC (you may need to install the inc::... module)
* error: ... has no member named ‘op_sibling’
* Unescaped left brace in regex is illegal in ...

Please see the pages [2,3] for details and report bugs if you run
into problems during or after the Perl update.

General purpose advice on updating Perl can be found on page [4].


Posted By: Andreas K. Hüttel

app-portage/gentoolkit-dev deprecation and removal - 19/09/2017 00:00 GMT

The app-portage/gentoolkit-dev package has been deprecated and the ebump,
ekeyword and imlate have been moved to the app-portage/gentoolkit-0.4.0
package. With the upcoming marking of >=app-portage/gentoolkit-0.4.0 stable,
users will need to take action since gentoolkit-dev and those versions of
gentoolkit block each other.

In order to upgrade to the new version of gentoolkit, you will need to resolve
the blocks. The following command will remove gentoolkit-dev from your world
set and uninstall gentoolkit-dev. This will then allow the installation of 

emerge --depclean app-portage/gentoolkit-dev

Once >=app-portage/gentoolkit-0.4.0 is stabilized, the remaining gentoolkit-dev
releases will be masked for removal and subsequent tree-cleaning.

Posted By: Paul Varner