Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 527698

Summary: [TRACKER] Removal of "selinux? ( sec-policy/selinux-* )" dependency from DEPEND (not RDEPEND!)
Product: Gentoo Linux Reporter: Sven Vermeulen (RETIRED) <swift>
Component: SELinuxAssignee: Sven Vermeulen (RETIRED) <swift>
Status: RESOLVED FIXED    
Severity: normal CC: perfinion, selinux
Priority: Normal Keywords: Tracker
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 527702, 527704, 527706, 527708, 527710, 527712, 527714, 527716, 527718, 527720, 527722, 527726, 527730, 527732, 527734, 527736, 527738, 527740, 527742, 527744, 527746, 527748, 527750, 527752, 527754, 527756, 527758, 527760, 527762, 527764, 527766, 527768, 527770, 527772, 527774, 527778, 527780, 527782, 527784, 527786, 527790, 527792, 527794, 527796, 527798, 527800, 527802, 527804, 527806, 527808, 527810, 527812, 527814, 527816, 527818, 527820, 527822, 527824    
Bug Blocks:    

Description Sven Vermeulen (RETIRED) gentoo-dev 2014-11-01 08:03:48 UTC 
Short version:

Please remove the USE="selinux" dependency in the DEPEND variable (not RDEPEND) of the package if the dynamic dependency only referred to the sec-policy/selinux-* package(s). Take this into account with your next package bump - if after 6 months there have been no need for other package upgrades, we will be bumping the package(s) ourselves with just this change.


Longer version:

Recent evolutions in the SELinux support inside Gentoo made the need for DEPEND dependencies towards sec-policy/selinux-* packages obsolete. In the past, we needed this to set the file contexts of newly installed packages without risking that their files would not be labeled properly. Recently, we moved some of the logic inside the SELinux eclass so that the policy package dependency can remain on the RDEPEND only.

As this changes the information inside an ebuild that influences the VDB of the package managers, such change requires a package version bump [1]. For the majority of Gentoo users though, this is a change that has no benefit for them (as the "selinux" USE flag is masked and only usable in the SELinux profiles). Revbumping all packages would give a (very) big rebuild with no reason.

For this reason, we ask you to take this change into account for the next package update(s) so that this change can trickle through the Portage tree without influencing end users unnecessarily. We will keep an eye out for packages that don't change much and will perform the change ourselves 6 months after notification. That way, the majority of packages will already be updated (through their regular package updates) and we still have a lifecycle on this SELinux-related change.

This approach was mentioned in August this year on the Gentoo development mailinglist [2], which also provides a bit more information as to why the DEPEND dependency was needed in the first place.

[1] http://www.gossamer-threads.com/lists/gentoo/dev/289827
[2] http://www.gossamer-threads.com/lists/gentoo/dev/291590


Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2014-11-02 07:53:01 UTC 
As per the discussion on the gentoo-mailinglist (same thread as mentioned in the description) the change can be made without revbump, so I can go forward with this myself.

Sorry for the noise.
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2014-11-02 14:45:19 UTC 
Packages updated.