Due to multiple vulnerabilities in p7zip (see https://bugs.gentoo.org/914736 ) it would be great to fully switch to 7zip. Even the Gentoo wiki says to use 7zip instead (see header in https://wiki.gentoo.org/index.php?title=P7zip&oldid=1306559 (link to current version as of time of the writing)). Some packages however have a hard dependency on p7zip (for example on my machine: Winetricks, Lutris, and slade). One option would be to update those packages to require 7zip. This has the downside tho that as of writing 7zip only supports amd64, arm64, and riscv. If this is not wanted however it would be of benefit to at least add virtual/7zip so ebuilds could require a single version of 7zip. This would also help with 7zip currently having to use 7zz as it's binary name just to be able to have both versions installed. (This is obviously not a real issue and can wait indefinitely; but it does lead to p7zip having preferred/accidental usage) Reproducible: Always
Rather than a virtual it's a app-alternatives/7zip that'd be used to create the /usr/bin/7z choice without eselect based on USE (and it could default to 7zip). That aside, I'd argue that straight up dropping p7zip and swapping it for 7zip can also make sense. p7zip only feels like a dead end to me.
> This would also help with 7zip currently having to use 7zz as it's binary name just to be able to have both versions installed. 7zz is simply the default name of the "full version" which supports all formats. This name wasn't chosen to avoid collision with p7zip - though that was a bonus. This is from the official 7zip readme: Alone 7za.exe: Standalone version of 7-Zip console that supports only 7z/xz/cab/zip/gzip/bzip2/tar. Alone2 7zz.exe: Standalone version of 7-Zip console that supports all formats. Alone7z 7zr.exe: Standalone version of 7-Zip console that supports only 7z (reduced version) 7za and 7zr are just "reduced" versions with less format support. So we can just make these symlinks to 7zz and everything should work fine (I think). > I'd argue that straight up dropping p7zip and swapping it for 7zip can also make sense This was my initial goal but I haven't gotten to it yet. There's 2 major things (and probably some other minor things) that need to happen for it to work: 1) Build and install the libraries similar to p7zip 2) Create symlinks to 7z, 7za, 7zr The 2nd one can probably be done easily by just adding a "symlink" useflag to 7zip which also blocks p7zip. The first one, I'm not sure, I haven't looked at the library build process yet. > Some packages however have a hard dependency on p7zip (for example on my machine: Winetricks, Lutris, and slade) Do they depend on the p7zip provided libraries or are they using a hardcoded binary name? If it's the latter then it can be solved easily by the "symlink" useflag I mentioned above.
> 7zz is simply the default name of the "full version" which supports all formats. I did not know this but it seems that 7zip can also be build 7z. Linking to 7zz seems like an easier way tho as I am not sure why 7za and 7zr exist (except for historic reasons or to safe bytes of space). Anyway, the executable being 7zz was just an aside. > Do they depend on the p7zip provided libraries or are they using a hardcoded binary name? If it's the latter then it can be solved easily by the "symlink" useflag I mentioned above. I did another search with `equery depends --all-packages p7zip` * app-arch/lzma - Build dependency (source as 7z) * app-arch/patool - Runtime dependency (python app) * app-emulation/winetricks - Runtime dependency (shell script) * app-misc/unfoo - Runtime dependency (shell script) * dev-java/lzma - Build dependency (source as 7z) * dev-lang/julia - Runtime dependency * dev-lang/julia-bin - Runtime dependency * dev-qt/qt-docs - Build Dependency (examples, unpacker/source as 7z) * dev-tcltk/tcl3d-0.9.5 - Build dependency (source as 7z) * dev-util/diffoscope - Build dependency (test, python app) * games-arcade/rocksndiamonds - Build dependency (unpacker/source as 7z) * games-emulation/m64py - Build dependency (python app) * games-fps/ut2004 - Build dependency (source as 7z) * games-roguelike/tomenet - Depdendency (external 7z files) * games-server/ut2004-ded - Build dependency (source as 7z) * games-util/lutris - Runtime dependency (python app) * games-util/slade - Build dependency * kde-apps/kdeutils-meta - Optional runtime dependency * mail-filter/amavisd-new - Runtime dependency * net-nntp/sabnzbd - Build dependency (test, python app) * sys-boot/unetbootin -Runtime dependency dev-lang/julia and dev-lang/julia-bin do some stuff with p7zip; Including some stuff in it's stdlib (see /usr/share/julia/stdlib/v1.8/p7zip_jll/src/p7zip_jll.jl). For some reason julia also creates a link from /usr/bin/7z (owned by p7zip) to /usr/libexec/7z. I don't know anything about Julia tho. I have no idea why games-util/slade requires p7zip as it doesn't even support 7zip archives. Maybe the thought was thatt some DOOM maps are distributed as 7z. sys-boot/unetbootin is equally mysterious to me why it requires p7zip. Some files for games-roguelike/tomenet are not available for direct install (sound and music) and have to be separately downloaded as a 7z. I have not looked into mail-filter/amavisd-new but since it's a Perl based mail filter I assume it uses 7z as an external tool to check attachments. The unpacker eclass also uses p7zip to unpack 7z files. Guru ebuilds that depends on p7zip (For completion, I won't list other overlays and I haven't looked into why they require p7zip): * app-benchmarks/phoronix-test-suite * sys-boot/woeusb-ng tl;dr: Only dev-lang/julia might be difficult from what I can tell. Take that with a grain of salt tho.
https://github.com/gentoo/gentoo/pull/41079 should remove unconditional p7zip dependency on some of the packages. These are the remaining ones: app-arch/patool app-emulation/winetricks dev-lang/julia dev-lang/julia-bin dev-util/diffoscope games-emulation/m64py games-roguelike/tomenet games-util/lutris games-util/slade kde-apps/kdeutils-meta mail-filter/amavisd-new media-video/bashnapi net-nntp/sabnzbd sys-boot/unetbootin sys-boot/woeusb-ng
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dc57a07f0cc2d8df95d63ce7c6244f68efada64 commit 4dc57a07f0cc2d8df95d63ce7c6244f68efada64 Author: NRK <nrk@disroot.org> AuthorDate: 2025-03-14 17:05:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-03-24 06:52:55 +0000 app-arch/7zip: add symlink useflag goal is to allow packages which only use the 7z/7zr/7za binaries to be able to depend on 7zip[symlink] rather than p7zip. this is a step towards replacing the unmaintained p7zip. Bug: https://bugs.gentoo.org/942397 Signed-off-by: NRK <nrk@disroot.org> Signed-off-by: Sam James <sam@gentoo.org> app-arch/7zip/7zip-24.09.ebuild | 11 +++++++++-- app-arch/7zip/metadata.xml | 1 + 2 files changed, 10 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0d848e9ff18dff2ec1a47d4c4487e010edd80c8 commit b0d848e9ff18dff2ec1a47d4c4487e010edd80c8 Author: Sam James <sam@gentoo.org> AuthorDate: 2025-03-25 08:14:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-03-25 08:14:22 +0000 unpacker.eclass: fix 7zip dep We have to depend on the right minimum version (and USE=symlink) to get '7z'. Bug: https://bugs.gentoo.org/942397 Closes: https://bugs.gentoo.org/952020 Fixes: 0dbde702f43e075d88332b42c93287b200028691 Signed-off-by: Sam James <sam@gentoo.org> eclass/unpacker.eclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52698ae760c428b367d4fd926e3f46242afe964f commit 52698ae760c428b367d4fd926e3f46242afe964f Author: NRK <nrk@disroot.org> AuthorDate: 2025-03-25 12:54:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-03-26 22:53:38 +0000 app-arch/lzma: upgrade to EAPI 8 needed so that unpacker can unpack the 7z files. [sam: Add more trailers.] Fixes: eed97d7edf59677017edc7feebb75b9a6056eebd Bug: https://bugs.gentoo.org/942397 Closes: https://bugs.gentoo.org/952020 Signed-off-by: NRK <nrk@disroot.org> Closes: https://github.com/gentoo/gentoo/pull/41280 Signed-off-by: Sam James <sam@gentoo.org> app-arch/lzma/lzma-19.00.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d33762e29e5a768a25abd7ca895d7b55e6f5951d commit d33762e29e5a768a25abd7ca895d7b55e6f5951d Author: NRK <nrk@disroot.org> AuthorDate: 2025-03-25 12:51:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2025-03-26 22:53:29 +0000 Revert "unpacker.eclass: fix 7zip dep" unpacker already checks for 7zz (always provided by app-arch/7zip) and uses it if available and thus 7z symlink was not necessary. the problem was in app-arch/lzma using EAPI=7, unpacker doesn't handle 7z files when below EAPI=8 This reverts commit b0d848e9ff18dff2ec1a47d4c4487e010edd80c8. [sam: Add more Bug: trailers.] Bug: https://bugs.gentoo.org/942397 Bug: https://bugs.gentoo.org/952020 Signed-off-by: NRK <nrk@disroot.org> Signed-off-by: Sam James <sam@gentoo.org> eclass/unpacker.eclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
