Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 937260 - USE verify-sig creates circular dependency for dev-libs/libsodium and app-crypt/minisign (when trying to emerge app-editors/vim-9.1.0366)
Summary: USE verify-sig creates circular dependency for dev-libs/libsodium and app-cry...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Sam James
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-08-03 22:57 UTC by Matteo Modesti
Modified: 2024-10-31 22:06 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matteo Modesti 2024-08-03 22:57:30 UTC
I need the xxd command for a certain application and I currently don't have app-editors/vim installed, so I tried to emerge it but - as per title - there's a circular dependency on dev-libs/libsodium and app-crypt/minisign because of the verify-sig USE flag (that I set globally).

The proposed solution is to simply remove verify-sig from libsodium:
dev-libs/libsodium-1.0.19_p20240117 (Change USE: -verify-sig)

I know I can just follow that solution as a workaround, but it's always better to solve a problem at its roots if possible, so here's this bug report.

I copy-pasted the entire Portage output in the section "Actual Results".
If you need more info, just ask and I'll provide it.

Reproducible: Always

Actual Results:  
# emerge app-editors/vim -DNupv

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 14.29 s (backtrack: 1/50).



[nomerge       ] app-editors/vim-9.1.0366::gentoo  USE="X acl crypt gpm nls sound -cscope -debug -lua -minimal -perl -python -racket -ruby (-selinux) -tcl -terminal -vim-pager" LUA_SINGLE_TARGET="lua5-1 -lua5-3 -lua5-4 -luajit" PYTHON_SINGLE_TARGET="python3_12 -python3_10 -python3_11" 
[ebuild  N     ]  app-vim/gentoo-syntax-14::gentoo  USE="-ignore-glep31" 21 KiB
[ebuild  N     ]   app-editors/vim-9.1.0366::gentoo  USE="X acl crypt gpm nls sound -cscope -debug -lua -minimal -perl -python -racket -ruby (-selinux) -tcl -terminal -vim-pager" LUA_SINGLE_TARGET="lua5-1 -lua5-3 -lua5-4 -luajit" PYTHON_SINGLE_TARGET="python3_12 -python3_10 -python3_11" 17,446 KiB
[nomerge       ] app-editors/vim-9.1.0366::gentoo  USE="X acl crypt gpm nls sound -cscope -debug -lua -minimal -perl -python -racket -ruby (-selinux) -tcl -terminal -vim-pager" LUA_SINGLE_TARGET="lua5-1 -lua5-3 -lua5-4 -luajit" PYTHON_SINGLE_TARGET="python3_12 -python3_10 -python3_11" 
[nomerge       ]  dev-libs/libsodium-1.0.19_p20240117:0/26::gentoo  USE="asm urandom verify-sig -static-libs" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="aes sse4_1" 
[ebuild  N     ]   app-crypt/minisign-0.11-r1::gentoo  18 KiB
[ebuild  N     ]    dev-libs/libsodium-1.0.19_p20240117:0/26::gentoo  USE="asm urandom verify-sig -static-libs" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="aes sse4_1" 1,902 KiB

Total: 4 packages (4 new), Size of downloads: 19,385 KiB

 * Error: circular dependencies:

(app-crypt/minisign-0.11-r1:0/0::gentoo, ebuild scheduled for merge) depends on
 (dev-libs/libsodium-1.0.19_p20240117:0/26::gentoo, ebuild scheduled for merge) (buildtime_slot_op)
  (app-crypt/minisign-0.11-r1:0/0::gentoo, ebuild scheduled for merge) (buildtime)

It might be possible to break this cycle
by applying the following change:
- dev-libs/libsodium-1.0.19_p20240117 (Change USE: -verify-sig)

Note that this change can be reverted, once the package has been installed.
Comment 1 Jernej Jakob 2024-10-31 22:01:20 UTC
I ran into this when installing net-dns/unbound, also with global +verify-sig, causes the same circular dependency between minisign and libsodium.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-10-31 22:06:54 UTC
Yes, it definitely still exists. It's not clear how to prevent it happening. Working around it is easy though.