The installcd-stage1 is failing to build because there is no ebuild to satisfy dev-libs/libgcrypt[static-libs]. Therefore, please add static-libs to IUSE defaults so that we can build new stages. emerge --quiet --usepkg --buildpkg --newuse app-accessibility/brltty app-admin/hddtemp app-admin/passook app-admin/pwgen app-admin/syslog-ng app-arch/unzip app-arch/xz-utils app-crypt/gnupg app-editors/zile app-misc/screen app-misc/vlock app-portage/mirrorselect app-text/wgetpaste media-gfx/fbgrab net-analyzer/traceroute net-dialup/mingetty net-dialup/pptpclient net-dialup/rp-pppoe net-fs/mount-cifs net-fs/nfs-utils net-irc/irssi net-misc/dhcpcd net-misc/iputils net-misc/ntp net-misc/rdate net-misc/vconfig net-proxy/dante net-proxy/ntlmaps net-proxy/tsocks net-wireless/b43-fwcutter net-wireless/ipw2100-firmware net-wireless/ipw2200-firmware net-wireless/iwl3945-ucode net-wireless/iwl4965-ucode net-wireless/iwl5000-ucode net-wireless/prism54-firmware net-wireless/wireless-tools net-wireless/wpa_supplicant net-wireless/zd1201-firmware net-wireless/zd1211-firmware sys-apps/apmd sys-apps/eject sys-apps/ethtool sys-apps/fxload sys-apps/hdparm sys-apps/hwsetup sys-apps/iproute2 sys -apps/memtester sys-apps/netplug sys-block/parted sys-apps/sdparm sys-block/partimage sys-block/qla-fc-firmware sys-fs/cryptsetup sys-fs/dmraid sys-fs/dosfstools sys-fs/e2fsprogs sys-fs/evms sys-fs/hfsutils sys-fs/jfsutils sys-fs/lsscsi sys-fs/lvm2 sys-fs/mac-fdisk sys-fs/mdadm sys-fs/multipath-tools sys-fs/ntfsprogs sys-fs/reiserfsprogs sys-fs/xfsprogs sys-libs/gpm sys-power/acpid www-client/links app-misc/livecd-tools * IMPORTANT: 3 news items need reading for repository 'gentoo'. * Use eselect news to read news items. emerge: there are no ebuilds built with USE flags to satisfy "dev-libs/libgcrypt[static-libs]". !!! One of the following packages is required to complete your request: - dev-libs/libgcrypt-1.4.6 (Change USE: +static-libs) (dependency required by "sys-fs/cryptsetup-1.1.3-r3" [ebuild]) (dependency required by "sys-fs/cryptsetup" [argument])
InCVS.
@release team Is it possible to add 'dev-libs/libgcrypt static-libs' to /etc/portage/package.use of installcd-stage1 instead?
Reopening.
Please next time provide a reasoning before reopening a bug assigned to another team, when said team was okay with the original resolution, as well as the reporter.
Reasoning is obvious: said package configuration is required only for stage1 building and not for default end-user deployment. Enabling static libs for security library makes it possible for certain specific buildsystems to pick up static lib by default on emerge (when both static and shared are available), causing libgcrypt to be linked statically. Security fixes to libgrypt will not propagate to client software automatically in such case.
Given that no difference applies from what we had _before_ introducing static-libs, your reasoning is way too general. Do you have an example of one particular case of a package mistakenly linking to libgcrypt statically instead of dynamically? If not, I don't see any high risk in security. Also, I'd like to point out to you that this is not the first package with a default-enabled static-libs USE flag; beside the high-number of packages that simply don't give you a choice and force you to install both.
And number of those is gradually being reduced. Maybe it's better not to reintroduce static libs just in any case if there are simple means (provided there are that is, hence my question to release/catalyst team) to avoid requiring them.
We don't use a custom /etc/portage/* in stage building. In this case, we might instead just enable the static-libs use flag globally for the install-cd.
As requested by Arfrever, I'm adding a note here. I remove my request in this bug to add static-libs to IUSE defaults as it doesn't work for the ISO building. I forgot we have USE="-*" on installcd-stage1 specs, so IUSE defaults end up being override by the specs. To fix the issue caused by the dependency on dev-libs/libgcrypt[static-libs], I instead added static-libs to the list of USE flags in the installcd-stage1 specs. Sorry for the extra work and thanks for your quick reaction.
I have reverted that change due to comment #9.
But then, users cannot emerge cryptsetup again. We can add statics-libs to the package.use file for libgcrypt, but then why not add it by default. libgcrypt MUST be static until cryptsetup can be dynamic. $ emerge -vp cryptsetup These are the packages that would be merged, in order: Calculating dependencies... done! emerge: there are no ebuilds built with USE flags to satisfy "dev-libs/libgcrypt[static-libs]". !!! One of the following packages is required to complete your request: - dev-libs/libgcrypt-1.4.6 (Change USE: +static-libs) (dependency required by "sys-fs/cryptsetup-1.1.3-r3" [ebuild]) (dependency required by "cryptsetup" [argument])
(In reply to comment #11) > users cannot emerge cryptsetup again. Users should configure their systems in the way appropriate for them. Personally I use sys-fs/cryptsetup with USE="-static". Many users need dev-libs/libgcrypt not for sys-fs/cryptsetup, but for other packages (e.g. app-crypt/gnupg).
(In reply to comment #12) > (In reply to comment #11) > > users cannot emerge cryptsetup again. > > Users should configure their systems in the way appropriate for them. > Personally I use sys-fs/cryptsetup with USE="-static". Many users need > dev-libs/libgcrypt not for sys-fs/cryptsetup, but for other packages (e.g. > app-crypt/gnupg). cryptsetup doesn't have "static" in stable version (1.1.3-r3), but "dynamic", which is unset by default. With unstable version of cryptsetup (1.2.0-r1) is even worse, as it has "+static", so you cannot disable it and you MUST enable "static-libs" in libgcrypt. And almost everybody has cryptsetup installed, as it is needed by hal with the USE flag "crypt" (which is the default). I think that if cryptsetup have +static, libgcrypt should also have it.
(In reply to comment #13) > With unstable version of cryptsetup (1.2.0-r1) is even worse, as it has > "+static", so you cannot disable it # echo "sys-fs/cryptsetup -static" >> /etc/portage/package.use
(In reply to comment #14) > (In reply to comment #13) > > With unstable version of cryptsetup (1.2.0-r1) is even worse, as it has > > "+static", so you cannot disable it > > # echo "sys-fs/cryptsetup -static" >> /etc/portage/package.use > You're right. I though "+static" has precedence over the package.use file, but I was wrong. Anyway you cannot even do "emerge system" in an empty box without creating a package.use file. I think this is not good.
