1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
Dependencies
============
.. index:: dependency; optional runtime
.. index:: USE flags; for optional RDEPEND
Optional runtime dependencies
-----------------------------
:Source: QA
:Reference: https://wiki.gentoo.org/index.php?title=Project:Quality_Assurance/Policies&oldid=104017#USE-Controlled_Optional_RDEPENDS
:Reported: no
Using USE flags to control optional runtime dependencies is not
acceptable except under very specific circumstances, such as a package
being nonfunctional unless at least one of a set of optional runtime
dependencies is installed.
There is no specific preference as to how user should be informed
of optional runtime dependencies. The two possible options include
using ``elog`` messages and ``readme.gentoo-r1`` eclass.
*Rationale*: toggling USE flags in order to enable or disable optional
runtime dependencies causes needless rebuilds of packages in question.
This is especially important for packages that take long time to build.
.. Note::
`GLEP 62`_ proposes a solution permitting flipping USE flags without
rebuilding package in question. It has been tentatively approved
by the Council but no reference implementation has been written.
.. index:: dependency; = with no revision
=-dependencies with no revision
-------------------------------
:Source: QA
:Reported: by repoman and pkgcheck
Whenever a non-wildcard ``=`` (equals) dependency is used on a package,
the requested revision must be specified explicitly. When the zeroth
revision is requested, ``-r0`` must be used. When no specific revision
is necessary, the ``~`` (tilde) operator must be used instead.
*Example*::
# BAD:
=dev-libs/libfrobnicate-1.2.3
# GOOD:
=dev-libs/libfrobnicate-1.2.3-r0
=dev-libs/libfrobnicate-1.2.3-r3
~dev-libs/libfrobnicate-1.2.3
*Rationale*: using ``=`` operator in place of ``~`` to mean a specific
version has been a common mistake. This policy uses the fact that
no revision and explicit ``-r0`` are equivalent. By explicitly
requesting the latter, it warns developers to reconsider whether they
used the correct operator.
.. index::
pair: slot/subslot; dependency
Slot and subslot dependencies
-----------------------------
on (sub-)slotted packages
~~~~~~~~~~~~~~~~~~~~~~~~~
:Source: QA
:Reference: https://archives.gentoo.org/gentoo-portage-dev/message/9cae3a92412a007febe7ac0612d50f5f
:Reported: by repoman and pkgcheck
Whenever a package dependency specification matches a range of versions
that span different slots or subslots, the package must explicitly
include slot specification. If the ``:=`` operator is not applicable
and any slot is acceptable, explicit ``:*`` operator must be used.
If the ``:<slot>=`` operator is not applicable and only a specific slot
can be used, ``:<slot>`` value must be explicitly specified.
Package dependency specification without explicit slot specifier can
be used on packages that are not slotted nor subslotted at the moment.
*Rationale*: this policy aims to help detecting missing slot operators
when dependencies start using slots or subslots. It uses the fact that
the explicit ``:*`` operator is equivalent to no slot specification,
and therefore can be used interchangeably. In this case, we assume
that the latter means 'dependency not verified yet', while the former
means 'verified that any slot is acceptable'.
.. Note::
The Paludis_ package manager applies different logic when no slot
is specified on the dependency. It pulls in the slot corresponding
to the newest package version available.
.. index::
pair: slot/subslot; Qt
special case: Qt packages
~~~~~~~~~~~~~~~~~~~~~~~~~
:Source: Qt project
:Reference: https://wiki.gentoo.org/wiki/Project:Qt/Policies#Dependencies
:Reported: no
The Qt packages use subslots in an uncommon way. The public ABI of Qt
libraries is stable within each slot, and the subslot is used to refer
to private ABI. Therefore, the ``:=`` operator must only be used
if your package uses one of the private API parts, and plain ``:5``
or likewise dependency must be used otherwise.
proactive use of slot operators
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There is an open debate on whether developers should be proactively
adding ``:=`` slot operators on packages that do not define subslots
yet.
Proponents of the idea point out that adding slot operators to reverse
dependencies after the package becomes slotted is cumbersome and usually
results in losing the subslot rebuild opportunity at least once. They
argue that in many cases the future use of subslots is reasonably
predictable.
Opponents claim that the future use of subslots is not 100% predictable.
They point out the case of Qt packages as an example.
.. index::
single: dependency; dynamic
pair: dependency; revision bump
Revision bumps on runtime dependency changes
--------------------------------------------
:Source: Council
:Reference: https://projects.gentoo.org/council/meeting-logs/20151011-summary.txt
:Reported: no
It must not be assumed that changes to package's dependencies will
be implicitly propagated to users who have installed the package
already. Whenever the change needs to be propagated (e.g. to prevent
a missing runtime dependency from being cleaned), the package revision
must be increased.
This does not apply to build-time dependencies.
*Rationale*: developers were historically relying on Portage's behavior
called *dynamic dependencies* which caused Portage to implicitly use
dependencies specified in matching ebuilds for installed packages. This
is non-portable and unreliable. Users using different package managers,
disabling the feature or simply missing the timeframe during which
the old ebuild version existed had experienced dependency graph breakage
and other problems due to it.
The policy requires developers to explicitly account for that
possibility. Revision bumps ensure that users who installed the package
from the previous ebuild version rebuild it and get the updated
dependencies as a result.
.. Note::
The dynamic dependency usage problem has a flip side. You can't rely
on in-place dependency changes *not* being propagated either. For
example, if you notice that a package linked to libfoo unnecessarily,
and decide to remove the dependency and code responsible for linking
to it in place, Portage may apply the former immediately even
if the package installed by the user still links to libfoo.
.. _GLEP 62: https://www.gentoo.org/glep/glep-0062.html
.. _Paludis: https://paludis.exherbo.org/
|