Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 827974 - dev-lang/go: @golang-rebuild set is populated by eclass inherit
Summary: dev-lang/go: @golang-rebuild set is populated by eclass inherit
Status: CONFIRMED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core - Interface (emerge) (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-02 07:03 UTC by Joonas Niilola
Modified: 2022-08-13 23:03 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joonas Niilola gentoo-dev 2021-12-02 07:03:46 UTC
Hey, 

so I have a package that manually depends on go via:
  BDEPEND="dev-lang/go"

and it does not get rebuilt with @golang-rebuild. ionen dug up that this set is populated by ebuilds that inherit go-related eclasses. So it should rather check the DEPEND/BDEPEND on go either.

Also I have a feeling if a package conditionally depend on go, via USE flag, it does not get populated to this set either.
Comment 1 William Hubbs gentoo-dev 2021-12-10 22:52:39 UTC
I'll need to think about this, but all packages that use go to build
should inherit a go-related eclass. I can't think of a reason that a
package should depend on go without inheriting a go-related eclass.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-04 04:44:27 UTC
I think this is a Portage issue, the set was introduced in Portage for bug 752153:

commit 075c1951e1ac84e99a2219ff14be4a366d274f36
Author: Georgy Yakovlev <gyakovlev@gentoo.org>
Date:   Fri Oct 16 12:43:54 2020 -0700

    cnf/sets/portage.conf: add new sets for go rebuilding go packages

    go-built binaries may contain security
    vulnerabilities if a binary built with vulnerable compiler.
    go is known to embed vulnerable code to all binaries it builds, if
    vulnerability was present in the compiler or one of standard libraries.

    This commit adds `golang-rebuild` set, which allows easy
    rebuild of most go-compiled system packages.

    simple 'emerge @golang-rebuild' should rebuild everything affected.
    a prompt to run this command can be added to postinst message in
    dev-lang/go ebuild.

    Closes: https://github.com/gentoo/portage/pull/630
    Bug: https://bugs.gentoo.org/752153
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

diff --git a/cnf/sets/portage.conf b/cnf/sets/portage.conf
index 0d11d7891..22f0fa3a5 100644
--- a/cnf/sets/portage.conf
+++ b/cnf/sets/portage.conf
@@ -103,3 +103,9 @@ class = portage.sets.dbapi.UnavailableBinaries
 # to the matching portdb entry.
 [changed-deps]
 class = portage.sets.dbapi.ChangedDepsSet
+
+# Installed packages that inherit from known go related eclasses.
+[golang-rebuild]
+class = portage.sets.dbapi.VariableSet
+variable = INHERITED
+includes = golang-base golang-build golang-vcs golang-vcs-snapshot go-module
Comment 3 J. Paul Reed 2022-08-13 23:02:32 UTC
See bug 865114 for some additional fun related to this bug...
Comment 4 J. Paul Reed 2022-08-13 23:03:01 UTC
(In reply to J. Paul Reed from comment #3)
> See bug 865114 for some additional fun related to this bug...

Grr, I meant bug 865115.