Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] emerge bind fails (openssl with or without bindist)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
Vieri
Guru
Guru


Joined: 18 Dec 2005
Posts: 373

PostPosted: Tue Feb 25, 2014 6:17 pm    Post subject: [SOLVED] emerge bind fails (openssl with or without bindist) Reply with quote

When I try to emerge bind I get the following message:

Code:

[ebuild   R   ] dev-libs/openssl-1.0.1f
[binary  N    ] net-dns/bind-9.9.4_p2

!!! Multiple package instances within a single package slot have been pulled
!!! into the dependency graph, resulting in a slot conflict:

dev-libs/openssl:0

  (dev-libs/openssl-1.0.1f::gentoo, ebuild scheduled for merge) pulled in by
    dev-libs/openssl:0[-bindist] required by (net-dns/bind-9.9.4_p2::gentoo, binary scheduled for merge)

  (dev-libs/openssl-1.0.1f::gentoo, installed) pulled in by
    >=dev-libs/openssl-0.9.6d:0[bindist=] required by (net-misc/openssh-6.4_p1-r1::gentoo, installed)


Does this mean that bind requires openssl without the bindist flag and openssh requires openssl with the bindist flag?
How can I solve this?
(bindist isn't in USE)

Thanks

[EDIT] could it be that openssh was provided by the stage3 installation and that by default it's built with bindist USE flag enabled? So if I remove the bindist flag from USE (why would one need to keep bindist there?) would I need to do something like emerge --newuse system or world?

[EDIT2] what's the real use of 'bindist' now that the "binary" medium/CD isn't distributed by Gentoo anymore? When is it still useful?


Last edited by Vieri on Wed Feb 26, 2014 8:58 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8908

PostPosted: Wed Feb 26, 2014 1:16 am    Post subject: Reply with quote

USE=bindist is useful if you build packages that conditionally enable features that you are permitted to use, but not to distribute. Setting USE=bindist requests that the result be something which you are permitted to distribute, such as by removing trademark-protected marks or patent-encumbered code. Usually, you want the setting of bindist to be the same everywhere. Setting it on some packages and not others can lead to the USE conflicts you showed.
Back to top
View user's profile Send private message
Vieri
Guru
Guru


Joined: 18 Dec 2005
Posts: 373

PostPosted: Wed Feb 26, 2014 7:20 am    Post subject: Reply with quote

Thanks.

So stage3 provides USE="bindist" and all its packages have been built with that flag.
Thus, by default Gentoo is suggesting that everyone set the bindist flag.
If I wanted to remove it, I'd need to re-emerge all the installed packages with --newuse (or at least openssl in my specific case). Am I correct?

I understand that enabling the bindist flag for openssl should remove the following:

Code:

        # Clean out patent-or-otherwise-encumbered code
        # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
        # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
        # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
        # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
        # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5


although /usr/portage/dev-libs/openssl/openssl-1.0.1f.ebuild suggests that only two of the above will be removed (EC and RC5):

Code:

[...]
                $(use_ssl !bindist ec) \
                enable-idea \
                enable-mdc2 \
                $(use_ssl !bindist rc5) \
[...]


But what does the following DEPEND condition mean?

in /usr/portage/net-dns/bind/bind-9.9.4_p2.ebuild:

Code:
DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )


Does it mean that in order to emerge bind I *must* remove the bindist flag? If so, is it because BIND uses "patent-or-otherwise-encumbered code" (ie. RC5 and/or EC)?
Or can I safely recompile openssl AND bind without the bindist flag?

[EDIT] By the way, trying to emerge bind with 'bindist' makes portage want to recompile openssl without bindist. Now that's really confusing!

Code:

# USE="bindist" emerge -pv bind

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R    ] dev-libs/openssl-1.0.1f  USE="kerberos* tls-heartbeat zlib -bindist* -gmp -rfc3779 -sse2 -static-libs {-test} -vanilla" 4,408 kB
[ebuild  N     ] net-dns/bind-9.9.4_p2  USE="berkdb dlz ipv6 ldap odbc ssl urandom -caps -doc -filter-aaaa -fixed-rrset -geoip -gost -gssapi -idn -mysql -postgres -python -rpz -rrl -sdb-ldap (-selinux) -static-libs -threads -xml" 7,337 kB

Total: 2 packages (1 new, 1 reinstall), Size of downloads: 11,745 kB

The following USE changes are necessary to proceed:
 (see "package.use" in the portage(5) man page for more details)
# required by net-dns/bind-9.9.4_p2[ssl]
# required by bind (argument)
>=dev-libs/openssl-1.0.1f -bindist


So does this mean that BIND *requires* that openssl be compiled/recompiled WITHOUT bindist, even if 'bindist' is by default in Gentoo's stage3 USE variable?
Back to top
View user's profile Send private message
Vieri
Guru
Guru


Joined: 18 Dec 2005
Posts: 373

PostPosted: Wed Feb 26, 2014 8:58 am    Post subject: Reply with quote

Since I won't be distributing packages outside my organization, my fix was to remove 'bindist' from default USE right after a stage3 install. Then, before emerging anything else, performed an emerge --deep --newuse world. That rebuilt both openssl and openssh. After that, I could emerge BIND without any extra fuss.

Thanks
Back to top
View user's profile Send private message
Hu
Watchman
Watchman


Joined: 06 Mar 2007
Posts: 8908

PostPosted: Wed Feb 26, 2014 11:56 pm    Post subject: Reply with quote

Vieri wrote:
So stage3 provides USE="bindist" and all its packages have been built with that flag.
Thus, by default Gentoo is suggesting that everyone set the bindist flag.
Gentoo engages in binary distribution of the stage3, so for the protection of the people distributing it, everything in the stage3 is USE=bindist. This is also a safer legal default for users who do not bother to learn what it is.
Vieri wrote:
If I wanted to remove it, I'd need to re-emerge all the installed packages with --newuse (or at least openssl in my specific case). Am I correct?
Yes. Not all packages understand USE=bindist. For those that do not understand it, rebuilding them should have no effect.
Vieri wrote:
I understand that enabling the bindist flag for openssl should remove the following:
Code:

        # Clean out patent-or-otherwise-encumbered code
        # Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
        # IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
        # EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
        # MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
        # RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5


although /usr/portage/dev-libs/openssl/openssl-1.0.1f.ebuild suggests that only two of the above will be removed (EC and RC5):

Code:

[...]
                $(use_ssl !bindist ec) \
                enable-idea \
                enable-mdc2 \
                $(use_ssl !bindist rc5) \
[...]
I will take your word for what it should clean. Based on the table you pasted, the section of the ebuild you cited seems to be correct. If code was excluded because it was patent encumbered, but the patent has now expired in the relevant jurisdictions, then the patent would no longer apply and could not encumber the code. If there is no other reason to exclude the code, then enabling it seems correct. For Camellia, it may be offered under terms that are free enough that USE=bindist does not need to restrict it.

Vieri wrote:
But what does the following DEPEND condition mean?

in /usr/portage/net-dns/bind/bind-9.9.4_p2.ebuild:

Code:
DEPEND="ssl? ( dev-libs/openssl:0[-bindist] )


Does it mean that in order to emerge bind I *must* remove the bindist flag? If so, is it because BIND uses "patent-or-otherwise-encumbered code" (ie. RC5 and/or EC)?
Or can I safely recompile openssl AND bind without the bindist flag?
Yes. I do not know. Yes. Bind will ignore USE=bindist, so you can set it to whatever you want for the net-dns/bind.

Vieri wrote:
[EDIT] By the way, trying to emerge bind with 'bindist' makes portage want to recompile openssl without bindist. Now that's really confusing!
Why is this confusing? That is exactly consistent with the ebuild.

Vieri wrote:
So does this mean that BIND *requires* that openssl be compiled/recompiled WITHOUT bindist, even if 'bindist' is by default in Gentoo's stage3 USE variable?
That seems to be what the output says, yes.
Back to top
View user's profile Send private message
Vieri
Guru
Guru


Joined: 18 Dec 2005
Posts: 373

PostPosted: Thu Feb 27, 2014 6:57 pm    Post subject: Reply with quote

Thanks very much for your help Hu.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum