View previous topic :: View next topic |
Author |
Message |
Vieri l33t
Joined: 18 Dec 2005 Posts: 901
|
Posted: Tue Feb 25, 2014 6:17 pm Post subject: [SOLVED] emerge bind fails (openssl with or without bindist) |
|
|
When I try to emerge bind I get the following message:
Code: |
[ebuild R ] dev-libs/openssl-1.0.1f
[binary N ] net-dns/bind-9.9.4_p2
!!! Multiple package instances within a single package slot have been pulled
!!! into the dependency graph, resulting in a slot conflict:
dev-libs/openssl:0
(dev-libs/openssl-1.0.1f::gentoo, ebuild scheduled for merge) pulled in by
dev-libs/openssl:0[-bindist] required by (net-dns/bind-9.9.4_p2::gentoo, binary scheduled for merge)
(dev-libs/openssl-1.0.1f::gentoo, installed) pulled in by
>=dev-libs/openssl-0.9.6d:0[bindist=] required by (net-misc/openssh-6.4_p1-r1::gentoo, installed)
|
Does this mean that bind requires openssl without the bindist flag and openssh requires openssl with the bindist flag?
How can I solve this?
(bindist isn't in USE)
Thanks
[EDIT] could it be that openssh was provided by the stage3 installation and that by default it's built with bindist USE flag enabled? So if I remove the bindist flag from USE (why would one need to keep bindist there?) would I need to do something like emerge --newuse system or world?
[EDIT2] what's the real use of 'bindist' now that the "binary" medium/CD isn't distributed by Gentoo anymore? When is it still useful?
Last edited by Vieri on Wed Feb 26, 2014 8:58 am; edited 1 time in total |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22778
|
Posted: Wed Feb 26, 2014 1:16 am Post subject: |
|
|
USE=bindist is useful if you build packages that conditionally enable features that you are permitted to use, but not to distribute. Setting USE=bindist requests that the result be something which you are permitted to distribute, such as by removing trademark-protected marks or patent-encumbered code. Usually, you want the setting of bindist to be the same everywhere. Setting it on some packages and not others can lead to the USE conflicts you showed. |
|
Back to top |
|
|
Vieri l33t
Joined: 18 Dec 2005 Posts: 901
|
Posted: Wed Feb 26, 2014 7:20 am Post subject: |
|
|
Thanks.
So stage3 provides USE="bindist" and all its packages have been built with that flag.
Thus, by default Gentoo is suggesting that everyone set the bindist flag.
If I wanted to remove it, I'd need to re-emerge all the installed packages with --newuse (or at least openssl in my specific case). Am I correct?
I understand that enabling the bindist flag for openssl should remove the following:
Code: |
# Clean out patent-or-otherwise-encumbered code
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
# IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
|
although /usr/portage/dev-libs/openssl/openssl-1.0.1f.ebuild suggests that only two of the above will be removed (EC and RC5):
Code: |
[...]
$(use_ssl !bindist ec) \
enable-idea \
enable-mdc2 \
$(use_ssl !bindist rc5) \
[...]
|
But what does the following DEPEND condition mean?
in /usr/portage/net-dns/bind/bind-9.9.4_p2.ebuild:
Code: | DEPEND="ssl? ( dev-libs/openssl:0[-bindist] ) |
Does it mean that in order to emerge bind I *must* remove the bindist flag? If so, is it because BIND uses "patent-or-otherwise-encumbered code" (ie. RC5 and/or EC)?
Or can I safely recompile openssl AND bind without the bindist flag?
[EDIT] By the way, trying to emerge bind with 'bindist' makes portage want to recompile openssl without bindist. Now that's really confusing!
Code: |
# USE="bindist" emerge -pv bind
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] dev-libs/openssl-1.0.1f USE="kerberos* tls-heartbeat zlib -bindist* -gmp -rfc3779 -sse2 -static-libs {-test} -vanilla" 4,408 kB
[ebuild N ] net-dns/bind-9.9.4_p2 USE="berkdb dlz ipv6 ldap odbc ssl urandom -caps -doc -filter-aaaa -fixed-rrset -geoip -gost -gssapi -idn -mysql -postgres -python -rpz -rrl -sdb-ldap (-selinux) -static-libs -threads -xml" 7,337 kB
Total: 2 packages (1 new, 1 reinstall), Size of downloads: 11,745 kB
The following USE changes are necessary to proceed:
(see "package.use" in the portage(5) man page for more details)
# required by net-dns/bind-9.9.4_p2[ssl]
# required by bind (argument)
>=dev-libs/openssl-1.0.1f -bindist
|
So does this mean that BIND *requires* that openssl be compiled/recompiled WITHOUT bindist, even if 'bindist' is by default in Gentoo's stage3 USE variable? |
|
Back to top |
|
|
Vieri l33t
Joined: 18 Dec 2005 Posts: 901
|
Posted: Wed Feb 26, 2014 8:58 am Post subject: |
|
|
Since I won't be distributing packages outside my organization, my fix was to remove 'bindist' from default USE right after a stage3 install. Then, before emerging anything else, performed an emerge --deep --newuse world. That rebuilt both openssl and openssh. After that, I could emerge BIND without any extra fuss.
Thanks |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 22778
|
Posted: Wed Feb 26, 2014 11:56 pm Post subject: |
|
|
Vieri wrote: | So stage3 provides USE="bindist" and all its packages have been built with that flag.
Thus, by default Gentoo is suggesting that everyone set the bindist flag. | Gentoo engages in binary distribution of the stage3, so for the protection of the people distributing it, everything in the stage3 is USE=bindist. This is also a safer legal default for users who do not bother to learn what it is.
Vieri wrote: | If I wanted to remove it, I'd need to re-emerge all the installed packages with --newuse (or at least openssl in my specific case). Am I correct? | Yes. Not all packages understand USE=bindist. For those that do not understand it, rebuilding them should have no effect.
Vieri wrote: | I understand that enabling the bindist flag for openssl should remove the following: Code: |
# Clean out patent-or-otherwise-encumbered code
# Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher)
# IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
# EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
# MDC2: Expired http://en.wikipedia.org/wiki/MDC-2
# RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5
|
although /usr/portage/dev-libs/openssl/openssl-1.0.1f.ebuild suggests that only two of the above will be removed (EC and RC5):
Code: |
[...]
$(use_ssl !bindist ec) \
enable-idea \
enable-mdc2 \
$(use_ssl !bindist rc5) \
[...]
|
| I will take your word for what it should clean. Based on the table you pasted, the section of the ebuild you cited seems to be correct. If code was excluded because it was patent encumbered, but the patent has now expired in the relevant jurisdictions, then the patent would no longer apply and could not encumber the code. If there is no other reason to exclude the code, then enabling it seems correct. For Camellia, it may be offered under terms that are free enough that USE=bindist does not need to restrict it.
Vieri wrote: | But what does the following DEPEND condition mean?
in /usr/portage/net-dns/bind/bind-9.9.4_p2.ebuild:
Code: | DEPEND="ssl? ( dev-libs/openssl:0[-bindist] ) |
Does it mean that in order to emerge bind I *must* remove the bindist flag? If so, is it because BIND uses "patent-or-otherwise-encumbered code" (ie. RC5 and/or EC)?
Or can I safely recompile openssl AND bind without the bindist flag? | Yes. I do not know. Yes. Bind will ignore USE=bindist, so you can set it to whatever you want for the net-dns/bind.
Vieri wrote: | [EDIT] By the way, trying to emerge bind with 'bindist' makes portage want to recompile openssl without bindist. Now that's really confusing! | Why is this confusing? That is exactly consistent with the ebuild.
Vieri wrote: | So does this mean that BIND *requires* that openssl be compiled/recompiled WITHOUT bindist, even if 'bindist' is by default in Gentoo's stage3 USE variable? | That seems to be what the output says, yes. |
|
Back to top |
|
|
Vieri l33t
Joined: 18 Dec 2005 Posts: 901
|
Posted: Thu Feb 27, 2014 6:57 pm Post subject: |
|
|
Thanks very much for your help Hu. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|