1 |
On Friday 20 February 2009, Robin H. Johnson wrote: |
2 |
> Remember that Portage will only verify hashes that exist in the file. |
3 |
> If they aren't in the file, they don't get verified. The fix you |
4 |
> describe is unneeded. |
5 |
|
6 |
If you use FEATURES=-digest, Portage refuses to build when there are |
7 |
files missing in the Manifest: |
8 |
|
9 |
# cat /usr/portage/media-libs/libpng/Manifest |
10 |
DIST libpng-1.2.33.tar.lzma 513430 RMD160 |
11 |
698d164edf37e5aab729dfe64b226ddcacf709dd SHA1 |
12 |
a57e150ecc0746225b3aead1a2e1bc89be021584 SHA256 |
13 |
4393786a311435012bde31f99177303d6caa83b0ee2847f8eb24ddc3fdd93888 |
14 |
DIST libpng-1.2.34.tar.lzma 514210 RMD160 |
15 |
e30f07c97130f53b7a9f13f10c03c6667750c407 SHA1 |
16 |
ac4cc4f136c08fdaa627391ea4d54ff192adfeb0 SHA256 |
17 |
199052e53ee03c529db106c4f72ffeb741e6a539e6d969d33ba1543a2396792d |
18 |
# emerge libpng |
19 |
Calculating dependencies... done! |
20 |
|
21 |
>>> Verifying ebuild manifests |
22 |
!!! A file is not listed in the |
23 |
Manifest: '/usr/portage/media-libs/libpng/libpng-1.2.33.ebuild' |
24 |
|
25 |
|
26 |
If you use FEATURES=digest, Portage ignores missing lines or errors in |
27 |
the Manifest completely. So either overlays must ship full Manifests or |
28 |
Portage would need a feature to fix slim Manifests. |
29 |
|
30 |
However, this opens a bit of a conflict: |
31 |
On the one hand, you want to recreate broken Manifests on as few file |
32 |
trees as possible, since this will shadow errors or manipulation[1], on |
33 |
the other hand you need to recreate it for overlays that are missing |
34 |
the entries. |
35 |
|
36 |
This could be solved by adding a file to each tree that states whether |
37 |
it comes with slim or full Manifests and whether regeneration is needed |
38 |
or not. In case of signed trees, this file must be signed as well. |
39 |
Repoman could even check the existence of that file and add or remove |
40 |
Manifest entries based on that so you could use this tool to work on |
41 |
new-style Manifest git repositories and old-style Manifest svn |
42 |
repositories. |
43 |
|
44 |
|
45 |
Robert |
46 |
|
47 |
[1] Just think you have a signed tree, but someone managed to sneak in a |
48 |
bash-4.0.ebuild and Portage just ignores the missing signed Manifest. |