sys-apps/portage-2.1.11.55 installs dev-python/pyxattr even if USE="-xattr" is set. The existence of pyxattr is taken by other python programs as an indicator to use extended attributes. For instance app-backup/rdiff-backup on my system has now done a backup that includes extended attributes and issues a warning about their unexpected arrival. I am unsure what will happen when I remove pyxattr to my backups now, even though none of my file systems have xattrs. Reproducible: Always
Please post the output of these commands: emerge -pv1 portage emerge -pv --depclean pyxattr
-------------------------------------------- $ emerge -pv1 portage These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-apps/portage-2.1.11.55 USE="doc (ipc) (xattr) -build -epydoc (-pypy2_0) -python2 -python3 (-selinux)" LINGUAS="-pl -ru" 0 kB -------------------------------------------- -------------------------------------------- $ emerge -pv --depclean pyxattr Calculating dependencies... done! dev-python/pyxattr-0.5.0 pulled in by: sys-apps/portage-2.1.11.55 requires dev-python/pyxattr >>> No packages selected for removal by depclean Packages installed: 536 Packages in world: 118 Packages in system: 43 Required packages: 536 Number to remove: 0 -------------------------------------------- And since they might be useful: -------------------------------------------- $ ls -la /etc/make.profile lrwxrwxrwx 1 root root 44 Mar 10 2011 /etc/make.profile -> ../usr/portage/profiles/hardened/linux/amd64 -------------------------------------------- Snippet from make.conf, can post the whole thing if you want: -------------------------------------------- [...] FEATURES="strict userfetch userpriv usersandbox" # These are the USE flags that were used in addition to what is provided by the # profile used for building. USE="acpi authdaemond bash-completion bzip2 clearpasswd dcc doc gd imap javascript jpeg logrotate maildir mime mmx nfs pear perlsuid php png pni postfix pyzor pyzord razor sasl spell spf 3dnow sse sse2 sse4 sse4a svg vhosts diffheaders network-cron mysqli caps smp fontconfig secure-delete mysql python apache apache2 sqlite3 vda tcl tools fam truetype threads lzma lm_sensors udev -acl -cups -fortran -gdbm -ipv6 -ldap -nls -snmp -X -alsa -oss -unicode -epydoc -pulse -pulseaudio -xattr" [...] -------------------------------------------- Let me know if you need anything else.
(In reply to comment #2) > [ebuild R ] sys-apps/portage-2.1.11.55 USE="doc (ipc) (xattr) -build > -epydoc (-pypy2_0) -python2 -python3 (-selinux)" LINGUAS="-pl -ru" 0 kB Apparently your profile has xattr in use.force, which is what (xattr) means. If it's in /etc/portage/profile then this should find it: grep -r xattr /etc/portage/profile If it's not there, then please post `emerge --version` so we can see which profile you have selected.
(In reply to comment #2) > $ ls -la /etc/make.profile > lrwxrwxrwx 1 root root 44 Mar 10 2011 /etc/make.profile -> > ../usr/portage/profiles/hardened/linux/amd64 Oh, now I see the hardened profile has xattr in package.use.force: /usr/portage/profiles/hardened/linux/package.use.force:sys-apps/portage xattr You can disable it like this: mkdir -p /etc/portage/profile echo -xattr >> /etc/portage/profile/use.force
I don't know how safe it is to disable xattr for hardened, so re-assigning.
(In reply to comment #5) > I don't know how safe it is to disable xattr for hardened, so re-assigning. We need it for XATTR_PAX markings, so we forced it on our package management system. I was actually thinking of forcing it profile wide but figured we should at least have it with portage.
The list of programs that can depend on pyxattr looks like it's a short one: app-backup/rdiff-backup sys-apps/portage sys-cluster/swift (Grep'ed for pyxattr in /usr/portage/ -- there's probably a better way, but it seems valid.) I suppose if the list is that short, we could turn the bug on it's head and point out that rdiff-backup outputs xattr's even though -xattr is set on a hardened system. If there's an easy way to block the package when this happens so the user is aware of the choice, I'd be happy. If that sounds reasonable to you, is there a way to get the Gentoo maintainers of the rdiff-backup & swift ebuilds to see if it's kosher with them too?
(In reply to comment #7) > If that sounds reasonable to you, is there a way to get the Gentoo > maintainers of the rdiff-backup & swift ebuilds to see if it's kosher with > them too? It's probably best to file separate bugs for each of those packages.
(In reply to comment #8) > (In reply to comment #7) > > If that sounds reasonable to you, is there a way to get the Gentoo > > maintainers of the rdiff-backup & swift ebuilds to see if it's kosher with > > them too? > > It's probably best to file separate bugs for each of those packages. And cite this bug as the source.
Just added bug #463362 against rdiff-backup. Swift can be knocked off the list because it has pyxattr as a non-conditional RDEPEND. (So I didn't make a bug for it.)
Okay there's nothing more to be done for this bug by hardened.
