odino ~ # emerge -uDvNpt world These are the packages that would be merged, in reverse order: Calculating world dependencies... done! Total size of downloads: 0 kB odino ~ # emerge -uDvNpt pygtk These are the packages that would be merged, in reverse order: Calculating dependencies... done! [ebuild U ] dev-python/pygtk-2.10.1 [2.8.6] USE="-doc -opengl" 1,840 kB [ebuild N ] dev-python/pygobject-2.12.1 USE="-debug -doc" 328 kB Total size of downloads: 2,168 kB the only package depending on pygtk in my sistem is xfce-extra/exo-0.3.1.8_beta2 pygtk and pygobject have been both package.unmask'd emerge --info: Gentoo Base System version 1.12.5 Portage 2.1.2_pre2-r4 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4.90.20060915-r0, 2.6.18-ag i686) ================================================================= System uname: 2.6.18-ag i686 Intel(R) Pentium(R) M processor 1.86GHz Last Sync: Fri, 06 Oct 2006 06:00:08 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: 2.0.30 dev-lang/python: 2.5-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.17.50.0.3 sys-devel/gcc-config: 1.3.13-r4 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-pipe -O2 -march=pentium-m -mfpmath=sse -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-pipe -O2 -march=pentium-m -mfpmath=sse -fomit-frame-pointer -fvisibility-inlines-hidden -fvisibility=hidden" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer nodoc noinfo parallel-fetch sandbox sfperms strict tmpfs" GENTOO_MIRRORS="http://www.die.unipd.it/pub/Linux/distributions/gentoo-sources/ ftp://pandemonium.tiscali.de/pub/gentoo/" LANG="it_IT" LC_ALL="it_IT" LDFLAGS="-Wl,--hash-style=gnu -Wl,--as-needed" LINGUAS="it" MAKEOPTS="-j2 --quiet" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/my-overlay" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X acpi alsa apache2 bzip2 cairo dbus elibc_glibc firefox gif gstreamer hal input_devices_keyboard input_devices_mouse input_devices_synaptics ipv6 jpeg kernel_linux libnotify linguas_it mmx nls nptl pdf png readline sse sse2 startup-notification svg threads truetype unicode userland_GNU video_cards_none video_cards_nvidia xml xv zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_RSYNC_EXTRA_OPTS my world file: xfce-extra/xfce4-clipman x11-misc/xclip dev-util/quilt net-wireless/ipw2200-firmware net-print/foomatic app-editors/gedit sys-apps/netplug sys-fs/reiserfsprogs dev-util/subversion xfce-extra/terminal app-emulation/wine net-irc/xchat x11-themes/gtk-engines sys-apps/baselayout xfce-extra/xfce4-battery media-sound/alsa-utils x11-drivers/synaptics media-fonts/font-bh-ttf app-admin/sudo www-client/mozilla-firefox games-fps/enemy-territory media-video/totem xfce-extra/mousepad media-sound/audacious net-print/hpijs xfce-extra/xarchiver dev-lang/php mail-client/sylpheed app-text/evince media-fonts/dejavu net-wireless/wpa_supplicant sys-power/acpid xfce-base/xfwm4 xfce-extra/xfce4-mixer app-admin/localepurge app-cdr/dvd+rw-tools net-analyzer/netcat net-ftp/gftp app-arch/p7zip sys-fs/udftools media-gfx/gimp sys-kernel/ag-sources xfce-base/xfce4-session media-gfx/gthumb app-arch/unrar net-misc/dhcpcd net-wireless/wireless-tools net-www/netscape-flash app-shells/bash-completion net-fs/samba sys-process/lsof xfce-base/thunar x11-proto/glproto xfce-base/xfce-mcs-plugins app-admin/syslog-ng app-editors/nano sys-boot/grub app-cdr/cdrtools net-misc/openssh xfce-extra/verve gnome-extra/gcalctool app-dicts/myspell-it net-im/gaim app-laptop/laptop-mode-tools app-office/openoffice-bin virtual/jdk x11-drivers/xf86-input-mouse app-portage/gentoolkit games-emulation/visualboyadvance xfce-extra/xfce4-netload x11-plugins/gaim-libnotify xfce-base/xfdesktop xfce-base/xfce4-panel x11-drivers/xf86-input-keyboard media-video/mplayer app-misc/screen
Reopen with 'equery d xfce-extra/exo' output.
(In reply to comment #1) > Reopen with 'equery d xfce-extra/exo' output. > xfce-extra/terminal-0.2.5.4_beta2 xfce-extra/verve-0.3.4 xfce-base/xfdesktop-4.3.90.2 xfce-base/thunar-0.3.2_beta2
Please attach --debug output for the command that produces unexpected results (`emerge -uDvNpt --debug world` in this case).
It's not listed in RDEPEND, that's why. See the --with-bdeps option in `man emerge`. RDEPEND=>=dev-libs/glib-2.6.4 >=x11-libs/gtk+-2.6 media-libs/libpng x11-libs/pango dev-perl/URI >=xfce-base/libxfce4mcs-4.2.2 >=xfce-base/libxfce4util-4.2.2 >=xfce-base/libxfcegui4-4.2.2 SLOT=0 DEPEND=>=dev-libs/glib-2.6.4 >=x11-libs/gtk+-2.6 media-libs/libpng x11-libs/pango dev-perl/URI >=xfce-base/libxfce4mcs-4.2.2 >=xfce-base/libxfce4util-4.2.2 >=xfce-base/libxfcegui4-4.2.2 dev-python/pygtk >=xfce-base/xfce-mcs-manager-4.2.2 dev-util/pkgconfig
Created attachment 98925 [details] output of emerge -uDvNpt --debug world
Yeah, that's correct behavior. Since exo is marked "nomerge", it's build time deps aren't pulled in. Exiting... ebuild / xfce-extra/exo-0.3.1.8_beta2 nomerge Parent: ebuild / xfce-extra/exo-0.3.1.8_beta2 nomerge Depstring: >=dev-libs/glib-2.6.4 >=x11-libs/gtk+-2.6 media-libs/libpng x11-libs/pango dev-perl/URI >=xfce-base/libxfce4mcs-4.2.2 >=xfce-base/libxfce4util-4.2.2 >=xfce-base/libxfcegui4-4.2.2 Priority: 1 Candidates: ['>=xfce-base/libxfcegui4-4.2.2', 'media-libs/libpng', '>=dev-libs/glib-2.6.4', 'x11-libs/pango', 'dev-perl/URI', '>=xfce-base/libxfce4util-4.2.2', '>=x11-libs/gtk+-2.6', '>=xfce-base/libxfce4mcs-4.2.2']
(In reply to comment #6) > Yeah, that's correct behavior. Since exo is marked "nomerge", it's build time > deps aren't pulled in. > > > Exiting... ebuild / xfce-extra/exo-0.3.1.8_beta2 nomerge > > Parent: ebuild / xfce-extra/exo-0.3.1.8_beta2 nomerge > Depstring: >=dev-libs/glib-2.6.4 >=x11-libs/gtk+-2.6 media-libs/libpng > x11-libs/pango dev-perl/URI >=xfce-base/libxfce4mcs-4.2.2 > >=xfce-base/libxfce4util-4.2.2 >=xfce-base/libxfcegui4-4.2.2 > Priority: 1 > Candidates: ['>=xfce-base/libxfcegui4-4.2.2', 'media-libs/libpng', > '>=dev-libs/glib-2.6.4', 'x11-libs/pango', 'dev-perl/URI', > '>=xfce-base/libxfce4util-4.2.2', '>=x11-libs/gtk+-2.6', > '>=xfce-base/libxfce4mcs-4.2.2'] > I understand it is the intended behaviour, but is it a _correct_ behaviour? I mean, is it right to not update a package on the system that has a newer version available? However, thank you very much.
(In reply to comment #7) > (In reply to comment #6) > > Yeah, that's correct behavior. Since exo is marked "nomerge", it's build time > > deps aren't pulled in. > > I understand it is the intended behaviour, but is it a _correct_ behaviour? I > mean, is it right to not update a package on the system that has a newer > version available? > However, thank you very much. Once when I was seeking opinions of what emerge should do in various situations, I was given the answer "it should do as little as possible to wholly achieve the user's request". Simple statement, but very accurate I think. In this case, your request is to update world (aka the packages you've specifically asked to install). The dependency above, as a build time dependency, doesn't appear to have any affect on the how the packages in your world file will run. Therefore, it's unnecessary work for you to update the packages.
*** Bug 167323 has been marked as a duplicate of this bug. ***
*** Bug 169730 has been marked as a duplicate of this bug. ***
*** Bug 174459 has been marked as a duplicate of this bug. ***
I'm not very satisfied by the closure of this bug as invalid, the current behavior is too risky IMHO. I noticed the problem because I run periodic "glsa-check -d affected" exactly to catch if if emerge fails to update the packages. My php was insecure, glsa-check found it but emerge -uDN refused to update it. But since php is installed and runnable by _others_, somebody will eventually run it thinking that it was update and he will be exploited. I suggest either: 1) update all packages 2) make --depclean remove all the build time dependency (or make the unrunnable, remove -x bits from all executables or other anti-execution measures, which clearly sounds too complicated... but still it would avoid risks) btw, an unrelated note: zoneminder ebuild is broken if it thinks that php is a build time dependency (and that won't affect how it runs at runtime). zoneminder GUI is written in php, so php most certainly is running at runtime, but that's irrelevant as far as this bug is concerned. Let's keep assuming it's only build time dependencies we're dealing with. Especially in a multiuser system, if folks find php available in apache, they may decide to run php scripts in their homepages, despite php was there just because zoneminder though it needed it at build time. they're not the admins, it's not up to them to check why php was installed there. If you like the strict behavior, --depclean will resolve this nicely too, rather than upgrading unnecessary packages: nuke them to avoid leaving unsecure stuff there. ccache/distcc will take care of the rest ;) If you want to leave a "--depclean --keep-build-deps" flag, that's fine too, but I definitely think the default should prevent leaving insecure binaries installed and runnable by _others_. (not everyone runs glsa-check which last time I checked was considered still the experimental one) Thanks!
(In reply to comment #12) > 1) update all packages I'm planning to add an "all" set (part of bug 144480) that upgrades everything that's installed. At the moment the closest thing is to use --with-bdeps=y (you can add it to EMERGE_DEFAULT_OPTS) together with the world set and then use --depclean to prune any cruft. > 2) make --depclean remove all the build time dependency (or make the > unrunnable, remove -x bits from all executables or other anti-execution > measures, which clearly sounds too complicated... but still it would avoid > risks) --depclean together with explicit --with-bdeps=n will remove all build-time only dependencies. > If you want to leave a "--depclean --keep-build-deps" flag, that's fine too, > but I definitely think the default should prevent leaving insecure binaries > installed and runnable by _others_. (not everyone runs glsa-check which last > time I checked was considered still the experimental one) In addition to the "all" set we'll also be getting a "security" set to cover the glsa advisories. I'm in the process of designing a new dependency resolver now and it should be able to handle all of the things tracked by bug 144480 and bug 155723.
*** Bug 184210 has been marked as a duplicate of this bug. ***
*** Bug 185397 has been marked as a duplicate of this bug. ***
I encounter the same problem. emerge -auDNv world --> "No package to update" eix -uc --> 34 packages to be updated When I take one package of the "eix -uc" list, and I try to make "emerge -pv <pakage>", portage shows me it as an updatable package. But "emerge -auDNv world" doesn't see it as is... Best Regards Sébastien BAUDRU
(In reply to comment #17) > When I take one package of the "eix -uc" list, and I try to make "emerge -pv > <pakage>", portage shows me it as an updatable package. But "emerge -auDNv > world" doesn't see it as is... This is not a bug. Please see the --with-bdeps documentation in `man emerge`. You may also need to use --depclean to remove packages that aren't part of you dependency tree.
*** Bug 231391 has been marked as a duplicate of this bug. ***
*** Bug 236367 has been marked as a duplicate of this bug. ***
*** Bug 345647 has been marked as a duplicate of this bug. ***
*** Bug 377959 has been marked as a duplicate of this bug. ***
*** Bug 625314 has been marked as a duplicate of this bug. ***