136804 – emerge --usepkg ignores USE flags unless --newuse is enabled

Bug 136804 - emerge --usepkg ignores USE flags unless --newuse is enabled

Summary: emerge --usepkg ignores USE flags unless --newuse is enabled

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Core - Interface (emerge) (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-06-14 11:08 UTC by Lukas Graf
Modified:	2009-12-29 07:48 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lukas Graf 2006-06-14 11:08:17 UTC

Overview Description: 

emerge --usepkg[only] does not take USE flags into account at all. If a matching binary package exists, it will be merged even if the USE flags in that binary package contradict the flags set for that package. This behaviour can already be detected when comparing the pretended outputs of a regular and a binary merge, they differ in the USE flags. 

This can lead to serious trouble, e.g. if you have openssh compiled with LDAP support to authenticate against an LDAP directory, and accidentally binary-merge a version without LDAP support, you can easily lock yourself out of your remote server. Because there are several other possibilities how this behaviour can break your system, I chose "major" for the severity of this bug.

IMHO emerge -k should reject binary packages with wrong USE flags and compile the package, emerge -K should refuse to do anything. 


Steps to reproduce: 

1) Choose any package with USE flags to test this. For that package,
   choose a USE flag which you're going to modify to test this issue. 
   I'll choose www-client/links here, because it's small and the "ssl" 
   USE flag is easy to test. 

2) Check the currently active USE flags, and build a binary package:
   # emerge -pv www-client/links 

   [ebuild   R   ] www-client/links-2.1_pre20  USE="... -ssl ..." 

   # quickpkg www-client/links 

   Here I first have the "ssl" flag deactivated, so I build the binary
   package without SSL support. 

3) Change (invert) the USE flag you have chosen: 
   # echo "www-client/links ssl" >> /etc/portage/package.use 
   # emerge -pv www-client/links 
   
   [ebuild   R   ] www-client/links-2.1_pre20  USE="ssl* ..." 

   So links will be rebuilt with SSL support. 

4) Rebuild the package: 
   # emerge www-client/links 

5) Compare the pretended actions of a regular and a binary merge: 
   # emerge -pv www-client/links 
   
   [ebuild   R   ] www-client/links-2.1_pre20  USE="ssl ..." 
   
   # emerge -pvk www-client/links 
   
   [binary   R   ] www-client/links-2.1_pre20  USE="... -ssl ..."

   Here you already see what will happen: The binary merge will 
   install links without SSL support, although the "ssl" flag is 
   active. 

6) Perform the binary merge:  
   # emerge -k www-client/links 

7) Verify that the package actually has been installed with the 
   wrong USE flags: 
   
   # links https://bugs.gentoo.org

     Error loading https://bugs.gentoo.org/: 
     This version of Links does not contain SSL/TLS support

Actual Results:

   The binary package has been installed although it's USE flags
   do not match the flags set for that package.

Expected Results:

   emerge -k should regularly compile the package with the correct USE
   flags, thus ignoring the binary package.
   emerge -K should refuse to do any merges.

Build Date & Platform

   Tested with portage-2.1 and portage-2.0.54-r2 on Gentoo Linux x86
   (2006.0 profile), gcc-3.4.6-r1 and gcc-3.3.6

Comment 1 Zac Medico gentoo-dev

2006-07-07 00:18:32 UTC

While working on some nearby code I noticed that --newuse should give you the behavior that you want.