Created attachment 548000 [details] emerge debug log for conflict between dev-libs/openssl[-bindist] and dev-libs/openssl[bindist] As reported in bug 658648, comment #2, conflicting USE dependencies can trigger inappropriate autounmask package.unmask changes: > $ USE="gost" emerge -pv --verbose-conflicts bind-tools > > These are the packages that would be merged, in order: > > Calculating dependencies ... done! > [ebuild U #] dev-libs/openssl-1.1.1:0/1.1::gentoo [1.0.2p:0/0::gentoo] USE="asm zlib -bindist* -rfc3779 -sctp -sslv3* -static-libs -test -tls-heartbeat* -vanilla (-gmp%) (-kerberos%) (-sslv2%)" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="(sse2)" 8143 KiB > [ebuild N ] net-dns/bind-tools-9.11.2_p1::gentoo USE="gost ipv6 readline seccomp ssl -doc -gssapi -idn -libressl -urandom -xml" 9555 KiB > > Total: 2 packages (1 upgrade, 1 new), Size of downloads: 17697 KiB > > !!! Multiple package instances within a single package slot have been pulled > !!! into the dependency graph, resulting in a slot conflict: > > dev-libs/openssl:0 > > (dev-libs/openssl-1.1.1:0/1.1::gentoo, ebuild scheduled for merge) pulled in by > >=dev-libs/openssl-1.0.0:0=[-bindist] required by (net-dns/bind-tools-9.11.2_p1:0/0::gentoo, ebuild scheduled for merge) > ^^^^^^^^ > > (dev-libs/openssl-1.0.2p:0/0::gentoo, installed) pulled in by > dev-libs/openssl:0/0=[abi_x86_64(-)] required by (net-misc/curl-7.61.1:0/0::gentoo, installed) > ^^^^^ > dev-libs/openssl:0/0= required by (net-misc/iputils-20171016_pre:0/0::gentoo, installed) > ^^^^^ > dev-libs/openssl:0/0= required by (dev-lang/python-2.7.15:2.7/2.7::gentoo, installed) > ^^^^^ > dev-libs/openssl:0/0= required by (net-misc/wget-1.19.5:0/0::gentoo, installed) > ^^^^^ > dev-libs/openssl:0/0= required by (net-misc/openssh-7.7_p1-r9:0/0::gentoo, installed) > ^^^^^ > >=dev-libs/openssl-1.0.1:0=[bindist=] required by (net-misc/openssh-7.7_p1-r9:0/0::gentoo, installed) > ^^^^^^^^ > >=dev-libs/openssl-1.0.1:0/0=[bindist] required by (net-misc/openssh-7.7_p1-r9:0/0::gentoo, installed) > ^^^^^ > dev-libs/openssl:0/0= required by (dev-lang/python-3.6.5:3.6/3.6m::gentoo, installed) > ^^^^^ > > > It may be possible to solve this problem by using package.mask to > prevent one of those packages from being selected. However, it is also > possible that conflicting dependencies exist such that they are > impossible to satisfy simultaneously. If such a conflict exists in > the dependencies of two different packages, then those packages can > not be installed simultaneously. > > For more information, see MASKED PACKAGES section in the emerge man > page or refer to the Gentoo Handbook. > > > The following keyword changes are necessary to proceed: > (see "package.accept_keywords" in the portage(5) man page for more details) > # required by net-misc/iputils-20171016_pre::gentoo[-libressl,ipv6,ssl,-static,openssl] > # required by @system > # required by @world (argument) > =dev-libs/openssl-1.1.1 ~amd64 > > The following mask changes are necessary to proceed: > (see "package.unmask" in the portage(5) man page for more details) > # required by net-misc/iputils-20171016_pre::gentoo[-libressl,ipv6,ssl,-static,openssl] > # required by @system > # required by @world (argument) > # /usr/portage/profiles/package.mask: > # Lars Wendler <polynomial-c@gentoo.org> (26 Aug 2016) > # Masked while being tested and reverse deps aren't fully compatible > =dev-libs/openssl-1.1.1 > > NOTE: The --autounmask-keep-masks option will prevent emerge > from creating package.unmask or ** keyword changes. > > * In order to avoid wasting time, backtracking has terminated early > * due to the above autounmask change(s). The --autounmask-backtrack=y > * option can be used to force further backtracking, but there is no > * guarantee that it will produce a solution. > > * IMPORTANT: 13 news items need reading for repository 'gentoo'. > * Use eselect news read to view new items. >
The debug log shows that the USE dependency conflict triggers a backtracking loop which ultimately causes both the installed and "ebuild scheduled for merge" instances of dev-libs/openssl-1.0.2p to be added to the runtime_pkg_mask: > backtracking due to slot conflict: > first package: (dev-libs/openssl-1.0.2p:0/0::gentoo, ebuild scheduled for merge) > package to mask: (dev-libs/openssl-1.0.2p:0/0::gentoo, installed) > runtime_pkg_mask: {<Package ('installed', '/', 'dev-libs/openssl-1.0.2p', 'nomerge', 'installed')>: {'slot conflict': {(<Package ('ebuild', '/', 'net-dns/bind-tools-9.11.2_p1', 'merge', 'gentoo')>, '>=dev-libs/openssl-1.0.0:0=[-bindist]')}}} > Exiting... (dev-libs/openssl-1.0.2p:0/0::gentoo, ebuild scheduled for merge) > !!! backtracking loop detected: (dev-libs/openssl-1.0.2p:0/0::gentoo, installed) {'slot conflict': {(<Package ('ebuild', '/', 'net-dns/bind-tools-9.11.2_p1', 'merge', 'gentoo')>, '>=dev-libs/openssl-1.0.0:0=[-bindist]')}} > backtracking due to slot conflict: > first package: (dev-libs/openssl-1.0.2p:0/0::gentoo, ebuild scheduled for merge) > package to mask: (dev-libs/openssl-1.0.2p:0/0::gentoo, installed) > runtime_pkg_mask: {<Package ('installed', '/', 'dev-libs/openssl-1.0.2p', 'nomerge', 'installed')>: {'slot conflict': {(<Package ('ebuild', '/', 'net-dns/bind-tools-9.11.2_p1', 'merge', 'gentoo')>, '>=dev-libs/openssl-1.0.0:0=[-bindist]')}}, <Package ('ebuild', '/', 'dev-libs/openssl-1.0.2p', 'merge', 'gentoo')>: {'slot conflict': {(<Package ('installed', '/', 'net-misc/openssh-7.7_p1-r9', 'nomerge', 'installed')>, '>=dev-libs/openssl-1.0.1:0/0=[bindist]'), (<Package ('installed', '/', 'net-misc/openssh-7.7_p1-r9', 'nomerge', 'installed')>, '>=dev-libs/openssl-1.0.1:0=[bindist]')}}}
The "backtracking loop detected" logic can serve as a heuristic indicating that it would be risky for autounmask to create package.mask or keyword changes for the corresponding package slot. Since it's only a heuristic, there's no guarantee that package.mask or keyword changes are really not appropriate. I think a reasonable approach would be to disable backtracking by default for this case, and add a new --use-conflict-backtrack=<y|n> option which can be used to force it to continue backtracking (similar to the --autounmask-backtrack=<y|n> option). The documentation can advise people that if --use-conflict-backtrack=y is used then the --autounmask-keep-masks=y and --autounmask-keep-keywords=y options are also recommended in order to prevent spurious package.mask and keywords adjustments.