It appears that DEPEND and RDEPEND is mixed up in all app-admin/logrotate packages. This is from the latest: RDEPEND=" >=dev-libs/popt-1.5 selinux? ( sys-libs/libselinux )" DEPEND="${RDEPEND} >=sys-apps/sed-4 selinux? ( sec-policy/selinux-logrotate )" Reproducible: Always Steps to Reproduce: 1. Emerge logrotate on an SELinux profile. 2. Unmerge selinux-logrotate (or wait for a new version of it...) 3. emerge -uDN logrotate Actual Results: No package merged. Expected Results: selinux-logrotate merged. I assume the same applies to sed.
This is not a bug, I believe. sed and selinux-logrotate are only needed to *build* logrotate, not to run it. If you emerge -av1 (no -u, so that logrotate actually gets rebuilt) it should pull in sed and selinux-logrotate.
(In reply to comment #1) > This is not a bug, I believe. sed and selinux-logrotate are only needed to > *build* logrotate, not to run it. If you emerge -av1 (no -u, so that logrotate > actually gets rebuilt) it should pull in sed and selinux-logrotate. You are right. Uninstalling an SELinux package leaves the policy in place. I was not aware of that. Many packages do list their SELinux policy in RDEPEND, nevertheless. I can think of two advantages of doing so: 1) Less noise from "emerge --depclean", and 2) if the policy is updated and the package is not, then "emerge -uD world" would catch the update.
Since I don't maintain selinux-logrotate (nor use selinux anywhere), I'll ask the maintainer. Chris: What's your take on this? Should selinux-logrotate be in DEPEND instead of RDEPEND?
The sec-policy ebuilds only have SELinux policy, and are generally only required at runtime (RDEPEND only). However, libselinux is needed to build and run (RDEPEND and DEPEND).
Thanks, Chris. I've moved logrotate-selinux to RDEPEND.