827974 – dev-lang/go: @golang-rebuild set is populated by eclass inherit

Bug 827974 - dev-lang/go: @golang-rebuild set is populated by eclass inherit

Summary: dev-lang/go: @golang-rebuild set is populated by eclass inherit

Status:	CONFIRMED

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Core - Interface (emerge) (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-02 07:03 UTC by Joonas Niilola
Modified:	2022-08-13 23:03 UTC (History)
CC List:	2 users (show)

See Also:	752153
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Joonas Niilola gentoo-dev

2021-12-02 07:03:46 UTC

Hey, 

so I have a package that manually depends on go via:
  BDEPEND="dev-lang/go"

and it does not get rebuilt with @golang-rebuild. ionen dug up that this set is populated by ebuilds that inherit go-related eclasses. So it should rather check the DEPEND/BDEPEND on go either.

Also I have a feeling if a package conditionally depend on go, via USE flag, it does not get populated to this set either.

Comment 1 William Hubbs gentoo-dev

2021-12-10 22:52:39 UTC

I'll need to think about this, but all packages that use go to build
should inherit a go-related eclass. I can't think of a reason that a
package should depend on go without inheriting a go-related eclass.

Comment 2 John Helmert III archtester

2022-08-04 04:44:27 UTC

I think this is a Portage issue, the set was introduced in Portage for bug 752153:

commit 075c1951e1ac84e99a2219ff14be4a366d274f36
Author: Georgy Yakovlev <gyakovlev@gentoo.org>
Date:   Fri Oct 16 12:43:54 2020 -0700

    cnf/sets/portage.conf: add new sets for go rebuilding go packages

    go-built binaries may contain security
    vulnerabilities if a binary built with vulnerable compiler.
    go is known to embed vulnerable code to all binaries it builds, if
    vulnerability was present in the compiler or one of standard libraries.

    This commit adds `golang-rebuild` set, which allows easy
    rebuild of most go-compiled system packages.

    simple 'emerge @golang-rebuild' should rebuild everything affected.
    a prompt to run this command can be added to postinst message in
    dev-lang/go ebuild.

    Closes: https://github.com/gentoo/portage/pull/630
    Bug: https://bugs.gentoo.org/752153
    Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

diff --git a/cnf/sets/portage.conf b/cnf/sets/portage.conf
index 0d11d7891..22f0fa3a5 100644
--- a/cnf/sets/portage.conf
+++ b/cnf/sets/portage.conf
@@ -103,3 +103,9 @@ class = portage.sets.dbapi.UnavailableBinaries
 # to the matching portdb entry.
 [changed-deps]
 class = portage.sets.dbapi.ChangedDepsSet
+
+# Installed packages that inherit from known go related eclasses.
+[golang-rebuild]
+class = portage.sets.dbapi.VariableSet
+variable = INHERITED
+includes = golang-base golang-build golang-vcs golang-vcs-snapshot go-module

Comment 3 J. Paul Reed 2022-08-13 23:02:32 UTC

See bug 865114 for some additional fun related to this bug...

Comment 4 J. Paul Reed 2022-08-13 23:03:01 UTC

(In reply to J. Paul Reed from comment #3)
> See bug 865114 for some additional fun related to this bug...

Grr, I meant bug 865115.