| 1 |
On Friday 20 February 2009, Robin H. Johnson wrote: |
| 2 |
> Remember that Portage will only verify hashes that exist in the file. |
| 3 |
> If they aren't in the file, they don't get verified. The fix you |
| 4 |
> describe is unneeded. |
| 5 |
|
| 6 |
If you use FEATURES=-digest, Portage refuses to build when there are |
| 7 |
files missing in the Manifest: |
| 8 |
|
| 9 |
# cat /usr/portage/media-libs/libpng/Manifest |
| 10 |
DIST libpng-1.2.33.tar.lzma 513430 RMD160 |
| 11 |
698d164edf37e5aab729dfe64b226ddcacf709dd SHA1 |
| 12 |
a57e150ecc0746225b3aead1a2e1bc89be021584 SHA256 |
| 13 |
4393786a311435012bde31f99177303d6caa83b0ee2847f8eb24ddc3fdd93888 |
| 14 |
DIST libpng-1.2.34.tar.lzma 514210 RMD160 |
| 15 |
e30f07c97130f53b7a9f13f10c03c6667750c407 SHA1 |
| 16 |
ac4cc4f136c08fdaa627391ea4d54ff192adfeb0 SHA256 |
| 17 |
199052e53ee03c529db106c4f72ffeb741e6a539e6d969d33ba1543a2396792d |
| 18 |
# emerge libpng |
| 19 |
Calculating dependencies... done! |
| 20 |
|
| 21 |
>>> Verifying ebuild manifests |
| 22 |
!!! A file is not listed in the |
| 23 |
Manifest: '/usr/portage/media-libs/libpng/libpng-1.2.33.ebuild' |
| 24 |
|
| 25 |
|
| 26 |
If you use FEATURES=digest, Portage ignores missing lines or errors in |
| 27 |
the Manifest completely. So either overlays must ship full Manifests or |
| 28 |
Portage would need a feature to fix slim Manifests. |
| 29 |
|
| 30 |
However, this opens a bit of a conflict: |
| 31 |
On the one hand, you want to recreate broken Manifests on as few file |
| 32 |
trees as possible, since this will shadow errors or manipulation[1], on |
| 33 |
the other hand you need to recreate it for overlays that are missing |
| 34 |
the entries. |
| 35 |
|
| 36 |
This could be solved by adding a file to each tree that states whether |
| 37 |
it comes with slim or full Manifests and whether regeneration is needed |
| 38 |
or not. In case of signed trees, this file must be signed as well. |
| 39 |
Repoman could even check the existence of that file and add or remove |
| 40 |
Manifest entries based on that so you could use this tool to work on |
| 41 |
new-style Manifest git repositories and old-style Manifest svn |
| 42 |
repositories. |
| 43 |
|
| 44 |
|
| 45 |
Robert |
| 46 |
|
| 47 |
[1] Just think you have a signed tree, but someone managed to sneak in a |
| 48 |
bash-4.0.ebuild and Portage just ignores the missing signed Manifest. |
Archives