[gentoo-user] Security Updates and Portage Trees
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I don't know if this would be considered a newbie question or not. I haven't really seen it asked, and I haven't been able to find any documentation that clearly states this, so I thought I would ask here. Why is the "--oneshot" option specified in the GLSA advisories? And how does that affect the different package groups (trees) in portage? If I update firefox with the --oneshot option, I know that it won't update the "world" tree, but why? Why is that the recommended procedure? Does that give me any benefit? Also, why would a package be available as a "--oneshot" and NOT through a normal "emerge -Dupv world"? I love how portage unifies the packaging system, and I feel like if I run all of these "--oneshot" updates for security fixes, that I'll have all of these "stray" programs running around on my system, that won't get updated next time I emerge "world". Can someone maybe shed a little light for me? Thanks. - -- gentux echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A 6996 0993 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDLjurLYGSSmmWCZMRAqqxAJ9LjFKFggkmVgD9SkeTcIkJ1gRbxQCfYZTX A3jilZ2/0hkV2JLMZoTp1VI= =onDU -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security Updates and Portage Trees
On Monday 19 September 2005 13:16, gentuxx wrote: > If I update firefox with the --oneshot option, I know that it won't > update the "world" tree, but why? Why is that the recommended > procedure? Does that give me any benefit? Also, why would a package > be available as a "--oneshot" and NOT through a normal "emerge -Dupv > world"? The package would be available through -Dupv as well, but not everybody likes to update all packages (especially on servers). > I love how portage unifies the packaging system, and I feel like if I > run all of these "--oneshot" updates for security fixes, that I'll > have all of these "stray" programs running around on my system, that > won't get updated next time I emerge "world". --oneshot won't remove the package from world. It just prevents it from being added. If the package is installed but not in world, it is presumably there as a dependency from another package. Hence, updating world will still grab the package. Using --oneshot just keeps the world file clean. -- Jason Stubbs pgpJ1kBcYynH2.pgp Description: PGP signature
Re: [gentoo-user] Security Updates and Portage Trees
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Stubbs wrote: >On Monday 19 September 2005 13:16, gentuxx wrote: > >>If I update firefox with the --oneshot option, I know that it won't >>update the "world" tree, but why? Why is that the recommended >>procedure? Does that give me any benefit? Also, why would a package >>be available as a "--oneshot" and NOT through a normal "emerge -Dupv >>world"? > > >The package would be available through -Dupv as well, but not everybody >likes to update all packages (especially on servers). Granted. And while I run a server (a few actually), it's a home system, not a production one. And, since I run production gentoo systems, I understand the difference. For this, I'm asking from the perspective of a home user. So, that being said, does updating a package for a security fix using the "--oneshot" option update the same package that is "housed" in the "world" tree? If so, can I assume that the same package will be updated next time I update "world"? Meaning, if I run "--oneshot" for mozilla-firefox-1.0.6-r7 and mozilla-firefox-1.0.7-r1 comes out, will 1.0.6-r7 be upgraded to 1.0.7-r1? > >>I love how portage unifies the packaging system, and I feel like if I >>run all of these "--oneshot" updates for security fixes, that I'll >>have all of these "stray" programs running around on my system, that >>won't get updated next time I emerge "world". > > >--oneshot won't remove the package from world. It just prevents it from >being added. If the package is installed but not in world, it is presumably >there as a dependency from another package. Hence, updating world will >still grab the package. Using --oneshot just keeps the world file clean. > So what exactly does that mean if the package is already in "world"? If every security fix comes out with "--oneshot" being recommended, how do I know if it's a dependency of a package in world, or an entity in world? (This seems like an extension of the questioning above.) I'm just trying to set all this straight mentally, so I know what's going on with my system when I update it. I typically run the following to update my system 2 or 3 times a week (sometimes only once): emerge -Du(p)v world emerge -(p)v depclean revdep-rebuild -(p)v dispatch-conf I put the "p" for "--pretend" in parentheses because depending on the output of that step, I may skip it if there is nothing to do. Also, for the most recent firefox update, I would run the command as recommended with the "-p" flag, and it would see the package. If I run "emerge -Dupv mozilla-firefox" I only get a few of the (supposed) dependencies, and not the package itself, while the package installed (when I do "emerge search mozilla-firefox") is 1.0.6-r5. - -- gentux echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A 6996 0993 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDLlQLLYGSSmmWCZMRAiBYAJ9m6Pl/IkG/mXFX6iZ90epVCTkuWQCfcVH+ 25V6IF0g1dFHWCyLv1xlLIE= =tOYB -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security Updates and Portage Trees
On Monday 19 September 2005 15:00, gentuxx wrote: > does updating a package for a security fix using the "--oneshot" option > update the same package that is "housed" in the "world" tree? There is no world "tree". There is only a "list". --oneshot has no affect on this list. > If so, can I assume that the same package will be updated next time I > update "world"? Meaning, if I run "--oneshot" for > mozilla-firefox-1.0.6-r7 and mozilla-firefox-1.0.7-r1 comes out, will > 1.0.6-r7 be upgraded to 1.0.7-r1? If it was in the world list prior to you running --oneshot, it'll still be in the world list afterward. Hence, it will be updated with world. > If every security fix comes out with "--oneshot" being recommended, > how do I know if it's a dependency of a package in world, or an entity > in world? (This seems like an extension of the questioning above.) What does it matter in the context of a security update? > Also, for the most recent firefox update, I would run the command as > recommended with the "-p" flag, and it would see the package. If I > run "emerge -Dupv mozilla-firefox" I only get a few of the (supposed) > dependencies, and not the package itself, while the package installed > (when I do "emerge search mozilla-firefox") is 1.0.6-r5. If that is the case then 1.0.6-r5 is the latest version available for you with respect to your current snapshot of the tree. -- Jason Stubbs pgpgOHJHMeSrI.pgp Description: PGP signature
Re: [gentoo-user] Security Updates and Portage Trees
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Stubbs wrote: >On Monday 19 September 2005 15:00, gentuxx wrote: > >>does updating a package for a security fix using the "--oneshot" option >>update the same package that is "housed" in the "world" tree? > > >There is no world "tree". There is only a "list". --oneshot has no affect on >this list. > >>If so, can I assume that the same package will be updated next time I >>update "world"? Meaning, if I run "--oneshot" for >>mozilla-firefox-1.0.6-r7 and mozilla-firefox-1.0.7-r1 comes out, will >>1.0.6-r7 be upgraded to 1.0.7-r1? > > >If it was in the world list prior to you running --oneshot, it'll still be >in the world list afterward. Hence, it will be updated with world. > >>If every security fix comes out with "--oneshot" being recommended, >>how do I know if it's a dependency of a package in world, or an entity >>in world? (This seems like an extension of the questioning above.) > > >What does it matter in the context of a security update? Well, I'm trying to see if I can get a better understanding of how it all fits together. But, I want to make sure that I don't have 2 packages running around on the system (1 patched, and 1 NOT patched). > >>Also, for the most recent firefox update, I would run the command as >>recommended with the "-p" flag, and it would see the package. If I >>run "emerge -Dupv mozilla-firefox" I only get a few of the (supposed) >>dependencies, and not the package itself, while the package installed >>(when I do "emerge search mozilla-firefox") is 1.0.6-r5. > > >If that is the case then 1.0.6-r5 is the latest version available for you >with respect to your current snapshot of the tree. Well, I did an "emerge sync" right before issuing the command above. I would think that if the updated package is available for "--oneshot", it would be available when I run "emerge -Du(p)v world". But that didn't seem to be the case. Again, I'm just trying to understand how this all fits together. Thanks. - -- gentux echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A 6996 0993 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDLuNtLYGSSmmWCZMRArF+AJ9gFfQRgSb2ciNNreJ0lNSUbmkZiwCg0m9i 6bkDqhDyVSr4fT/X7GvuRTI= =K2Vt -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security Updates and Portage Trees
On Tuesday 20 September 2005 01:12, gentuxx wrote: > >>If every security fix comes out with "--oneshot" being recommended, > >>how do I know if it's a dependency of a package in world, or an entity > >>in world? (This seems like an extension of the questioning above.) > > > >What does it matter in the context of a security update? > > Well, I'm trying to see if I can get a better understanding of how it > all fits together. But, I want to make sure that I don't have 2 > packages running around on the system (1 patched, and 1 NOT patched). A version of a package can only be installed once. --oneshot does not change any behaviour in this regard. All it changes is whether the package is added to (or confirmed to be already in) the world list or not. > >>Also, for the most recent firefox update, I would run the command as > >>recommended with the "-p" flag, and it would see the package. If I > >>run "emerge -Dupv mozilla-firefox" I only get a few of the (supposed) > >>dependencies, and not the package itself, while the package installed > >>(when I do "emerge search mozilla-firefox") is 1.0.6-r5. > > > >If that is the case then 1.0.6-r5 is the latest version available for > > you with respect to your current snapshot of the tree. > > Well, I did an "emerge sync" right before issuing the command above. > I would think that if the updated package is available for > "--oneshot", it would be available when I run "emerge -Du(p)v world". > But that didn't seem to be the case. --oneshot does not prevent the installation of a package that has not been installed already. If --oneshot shows the package as new, there's no reason to install it. If it shows it as an upgrade, your world file must be incomplete. Take a look at /var/lib/portage/world and check the output of `emerge -p depclean` to be sure. -- Jason Stubbs pgpFXkvs3iOuU.pgp Description: PGP signature
Re: [gentoo-user] Security Updates and Portage Trees
One point I have never seen mentioned is *why* would you *not* want a package in the world file - especially if you want it to be managed by the system? BillK On Tue, 2005-09-20 at 09:07 +0900, Jason Stubbs wrote: > On Tuesday 20 September 2005 01:12, gentuxx wrote: > > >>If every security fix comes out with "--oneshot" being recommended, -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security Updates and Portage Trees
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 W.Kenworthy wrote: >One point I have never seen mentioned is *why* would you *not* want a >package in the world file - especially if you want it to be managed by >the system? > >BillK > I guess maybe that's part of what I'm getting at. ;-) > >On Tue, 2005-09-20 at 09:07 +0900, Jason Stubbs wrote: > >>On Tuesday 20 September 2005 01:12, gentuxx wrote: >> >If every security fix comes out with "--oneshot" being recommended, > > - -- gentux echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A 6996 0993 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDL2RwLYGSSmmWCZMRAuIrAJ47hkkiSoWVraFAkY/9tP0VdtcLcwCgomXn zI3pF31mlC0aUAlwC/2oaE0= =PnvW -END PGP SIGNATURE- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security Updates and Portage Trees
On Tue, 20 Sep 2005 09:04:02 +0800, W.Kenworthy wrote: > One point I have never seen mentioned is *why* would you *not* want a > package in the world file - especially if you want it to be managed by > the system? The world file is for packages you have explicitly installed for yourself, not their dependencies. If you put every package in world, emerge will no longer be able to clean out dependencies that are no longer needed. For example, I have a package installed that used to depend on id3lib, but the authors switched over to libid3tag for the latest version, so an upgrade pulled in that package and id3lib is no longer required. Because it is not in world, my next emerge depclean will remove it, provided nothing else needs it. If it had been in world, it would have stayed on my system forever, despite being totally unnecessary. -- Neil Bothwick Everything should be made as simple as possible, but no simpler. pgpvz2XZEKOLt.pgp Description: PGP signature
Re: [gentoo-user] Security Updates and Portage Trees
On 9/20/05, Neil Bothwick <[EMAIL PROTECTED]> wrote: On Tue, 20 Sep 2005 09:04:02 +0800, W.Kenworthy wrote:> One point I have never seen mentioned is *why* would you *not* want a> package in the world file - especially if you want it to be managed by> the system? The world file is for packages you have explicitly installed foryourself, not their dependencies. If you put every package in world,emerge will no longer be able to clean out dependencies that are nolonger needed. For example, I have a package installed that used to depend on id3lib, butthe authors switched over to libid3tag for the latest version, so anupgrade pulled in that package and id3lib is no longer required. Because it is not in world, my next emerge depclean will remove it, providednothing else needs it. If it had been in world, it would have stayed onmy system forever, despite being totally unnecessary. Since you've touched that detail, here is what I have: - I run emerge -pv depclean and I get a list where I find these: >>> These are the packages that I would unmerge: media-libs/libmpeg3 selected: 1.5.2 protected: none omitted: none x11-plugins/e_modules selected: protected: none omitted: none media-libs/win32codecs selected: 20050216 protected: none omitted: none x11-wm/e selected: protected: none omitted: none and so on.. So, I have two problems: 1) I'm using E(nlightenment) from cvs, and I don't have it (my option) in my world file. Therefore it's understandable why emerge wants to clean it. So, what can I do to be able to use depclean and not loose E. Adding all E-related packages to world would be a solution, but there's any other? 2) win32codecs was marked to be clean. why? # equery d win32codecs [ Searching for packages depending on win32codecs... ] media-libs/xine-lib-1.0.1-r3 media-video/avifile-0.7.41.20041001-r1 media-video/mplayer-1.0_pre7-r1 This shows me that 3 other apps depend on win32codecs (or am I getting it wrong?). So I assume I shouldn't clean this otherwise I'll have problems next time I run mplayer, right? Also, # equery d libmpeg3 [ Searching for packages depending on libmpeg3... ] app-misc/evidence- takes me back to 1). How can I ensure that dependencies of packages that are not in world file are not erased? Cheers, Fernando
Re: [gentoo-user] Security Updates and Portage Trees
On Tue, Sep 20, 2005 at 01:50:28PM +0200, Fernando Meira wrote: > 2) win32codecs was marked to be clean. why? > # equery d win32codecs > [ Searching for packages depending on win32codecs... ] > media-libs/xine-lib-1.0.1-r3 > media-video/avifile-0.7.41.20041001-r1 > media-video/mplayer-1.0_pre7-r1 Do you have set the win32codecs useflag? W -- TEN RULES OF MENDACIOUS HOUSEKEEPING 1. Vacuuming too often weakens the carpet fibers. Say this with a serious face, and shudder delicately whenever anyone mentions Carpet Fresh. 2. Dust bunnies cannot evolve into dust rhinos when disturbed. Rename the area under the couch "The Galapagos Islands" and claim an ecological exemption. 3. Layers of dirty film on windows and screens provide a helpful filter against harmful and aging rays from the sun. Call it an SPF factor of 5 and leave it alone. 4. Cobwebs artfully draped over lampshades reduce the glare from the bulb, thereby creating a romantic atmosphere. If your husband points out that the light fixtures need dusting, simply look affronted and exclaim, "What? And spoil the mood?" 5. In a pinch, you can always claim that the haphazard tower of unread magazines and newspapers next to your chair provides the valuable Feng Shui aspect of a tiger, thereby reducing your vulnerability. Roll your eyes when you say this. 6. Explain the mound of pet hair brushed up against the doorways by claiming you are collecting it there to use for stuffing handsewn play animals for underprivileged children. 7. If unexpected company is coming, pile everything unsightly into one room and close the door. As you show your guests through your tidy home, rattle the door knob vigorously, fake a growl and say, "I'd love you to see our den, but Fluffy hates to be disturbed and the shots are SO expensive." 8. If dusting is REALLY out of control, simply place a showy urn on the coffee table and insist that "THIS is where Grandma wanted us to scatter her ashes..." 9. Don't bother repainting. Simply scribble lightly over a dirty wall with an assortment of crayons, and try to muster a glint of tears as you say, "Johnny did this when he was two. I haven't had the heart to clean it..." 10. Mix one-quarter cup pine-scented household cleaner with four cups of water in a spray bottle. Mist the air lightly. Leave dampened rags in conspicuous locations. Develop an exhausted look, throw yourself onto the couch, and sigh, "I clean and I clean and I still don't get anywhere..." Sortir en Pantoufles: up 39 days, 16:33 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security Updates and Portage Trees
On Tue, 20 Sep 2005 13:50:28 +0200, Fernando Meira wrote: > - I run emerge -pv depclean and I get a list where I find these: > >>> These are the packages that I would unmerge: > > media-libs/libmpeg3 > selected: 1.5.2 > protected: none > omitted: none > > x11-plugins/e_modules > selected: > protected: none > omitted: none > > media-libs/win32codecs > selected: 20050216 > protected: none > omitted: none > > x11-wm/e > selected: > protected: none > omitted: none > So, I have two problems: > 1) I'm using E(nlightenment) from cvs, and I don't have it (my option) > in my world file. Therefore it's understandable why emerge wants to > clean it. So, what can I do to be able to use depclean and not loose E. > Adding all E-related packages to world would be a solution, but there's > any other? If you installed it with portage, you should have it in world. > 2) win32codecs was marked to be clean. why? > # equery d win32codecs > [ Searching for packages depending on win32codecs... ] > media-libs/xine-lib-1.0.1-r3 > media-video/avifile-0.7.41.20041001-r1 > media-video/mplayer-1.0_pre7-r1 Do you have the wind32codecs USE flag set? Have you changed it recently? Did you do "emerge -uavDN world" before depclean? If you didn't, your current USE flags may be out of sync with what the packages were actually merged with. > # equery d libmpeg3 > [ Searching for packages depending on libmpeg3... ] > app-misc/evidence- What are these versions? Are they CVS installs, or packages installed outside of portage and injected, or added to /etc/portage/profile/package.provided? -- Neil Bothwick I only shoot IBM's to put them out of their misery. pgpXBOn2tb1ji.pgp Description: PGP signature
Re: [gentoo-user] Security Updates and Portage Trees
Neil Bothwick schreef: > On Tue, 20 Sep 2005 13:50:28 +0200, Fernando Meira wrote: > >> # equery d libmpeg3 [ Searching for packages depending on >> libmpeg3... ] app-misc/evidence- > > > What are these versions? Are they CVS installs, or packages > installed outside of portage and injected, or added to > /etc/portage/profile/package.provided? > > Oooh, ooh, I know!!! The versions are Enlightement 17 installs, from Portage, but utilizing E17 CVS. It's very complex; the packages have to be installed in a specific order for the whole thing to work (but E17 is pretty cool). I tried E17 recently. I don't remember the name of the media player that perhaps has libmpeg3 as a dependency, but E17 has so much stuff Holly -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Security Updates and Portage Trees
On 9/20/05, Neil Bothwick <[EMAIL PROTECTED]> wrote: On Tue, 20 Sep 2005 13:50:28 +0200, Fernando Meira wrote:> - I run emerge -pv depclean and I get a list where I find these:> >>> These are the packages that I would unmerge:>> media-libs/libmpeg3 > selected: 1.5.2> protected: none> omitted: none>> x11-plugins/e_modules> selected: > protected: none> omitted: none>> media-libs/win32codecs> selected: 20050216 > protected: none> omitted: none>> x11-wm/e> selected: > protected: none> omitted: none> So, I have two problems:> 1) I'm using E(nlightenment) from cvs, and I don't have it (my option) > in my world file. Therefore it's understandable why emerge wants to> clean it. So, what can I do to be able to use depclean and not loose E.> Adding all E-related packages to world would be a solution, but there's > any other?If you installed it with portage, you should have it in world. I've installed with portage, but with --oneshop option. This is because (as Holly said) E17 packages need to be installed in proper order. So I use a script to update E-related packages. I think if I would let portage update them something would get messed up... So, in the end, can't I use depclean without adding these packages to world file? > 2) win32codecs was marked to be clean. why?> # equery d win32codecs > [ Searching for packages depending on win32codecs... ]> media-libs/xine-lib-1.0.1-r3> media-video/avifile-0.7.41.20041001-r1> media-video/mplayer-1.0_pre7-r1Do you have the wind32codecs USE flag set? Have you changed it recently? Did you do "emerge -uavDN world" before depclean? If you didn't, yourcurrent USE flags may be out of sync with what the packages were actuallymerged with. I don't have that flag set.. never had. Should I? And, first of all, why do I have win32codecs without having the flag? Was it a dependence of a prior version of mplayer?
Re: [gentoo-user] Security Updates and Portage Trees
On Wed, 21 Sep 2005 16:36:59 +0200, Fernando Meira wrote: > > If you installed it with portage, you should have it in world. > > > I've installed with portage, but with --oneshop option. This is because > (as Holly said) E17 packages need to be installed in proper order. So I > use a script to update E-related packages. I think if I would let > portage update them something would get messed up... So you lied to portage and now it's acting on the incorrect information you have given it :) > So, in the end, can't I use depclean without adding these packages to > world file? Add them to world. As long as you don't do an automatic emerge -uD world you shouldn't have a problem. When updates come out, yopu'll see them in the output of emerge -pvD world (which you won't with your current setup) then you can merge them manually in the correct order before letting portage handle the rest of world. > > Do you have the wind32codecs USE flag set? Have you changed it > > recently? Did you do "emerge -uavDN world" before depclean? If you > > didn't, your current USE flags may be out of sync with what the > > packages were actually merged with. > I don't have that flag set.. never had. Should I? And, first of all, > why do I have win32codecs without having the flag? Was it a dependence > of a prior version of mplayer? That's a possible explanation. the easy way to find out is to run quickpkg win32codecs emerge -C win32codecs emerge world -uavDk If it really is needed, the last command will re-emerge it. I take it you have run "emerge -uavD --newuse world" before depclean? -- Neil Bothwick Top Oxymorons Number 22: Childproof pgpNHhXJpwrOd.pgp Description: PGP signature
Re: [gentoo-user] Security Updates and Portage Trees
On 9/21/05, Neil Bothwick <[EMAIL PROTECTED]> wrote: On Wed, 21 Sep 2005 16:36:59 +0200, Fernando Meira wrote:> > If you installed it with portage, you should have it in world.>>> I've installed with portage, but with --oneshop option. This is because > (as Holly said) E17 packages need to be installed in proper order. So I> use a script to update E-related packages. I think if I would let> portage update them something would get messed up... So you lied to portage and now it's acting on the incorrect informationyou have given it :) Basically, yeah! > So, in the end, can't I use depclean without adding these packages to> world file? Add them to world. As long as you don't do an automatic emerge -uDworld you shouldn't have a problem. When updates come out, yopu'll seethem in the output of emerge -pvD world (which you won't with your current setup) then you can merge them manually in the correct orderbefore letting portage handle the rest of world. I might be wrong, but I have the idea that E-cvs packages are always updated during an emerge world. Therefore I can't control it by updating (manually) E-packages and then run emerge world. However, I'll check this next update. With all that said, I assume that there's no way to manage my packages for update and depclean while keeping some of them out of world file... damn.. > > Do you have the wind32codecs USE flag set? Have you changed it> > recently? Did you do "emerge -uavDN world" before depclean? If you > > didn't, your current USE flags may be out of sync with what the> > packages were actually merged with.> I don't have that flag set.. never had. Should I? And, first of all,> why do I have win32codecs without having the flag? Was it a dependence > of a prior version of mplayer?That's a possible explanation. the easy way to find out is to runquickpkg win32codecsemerge -C win32codecsemerge world -uavDkIf it really is needed, the last command will re-emerge it. I take it you have run "emerge -uavD --newuse world" before depclean? I think I'll just add the flag and add --newuse flag for next emerge world! Thanks.
Re: [gentoo-user] Security Updates and Portage Trees
On Wed, 21 Sep 2005 23:03:53 +0200, Fernando Meira wrote: > > Add them to world. As long as you don't do an automatic emerge -uD > > world you shouldn't have a problem. When updates come out, you'll see > > them in the output of emerge -pvD world (which you won't with your > > current setup) then you can merge them manually in the correct order > > before letting portage handle the rest of world. > I might be wrong, but I have the idea that E-cvs packages are always > updated during an emerge world. Only if you run it without -p or -a. I never run emerge world without fiorst checking exactly what it is going to do. > Therefore I can't control it by > updating (manually) E-packages and then run emerge world. You can, just don't let emerge world run until you are happy with what it is going to do. -- Neil Bothwick Compatible: Gracefully accepts erroneous data from any source. pgp4RsXhsWKFd.pgp Description: PGP signature
Re: [gentoo-user] Security Updates and Portage Trees
On 9/22/05, Neil Bothwick <[EMAIL PROTECTED]> wrote: On Wed, 21 Sep 2005 23:03:53 +0200, Fernando Meira wrote:> I might be wrong, but I have the idea that E-cvs packages are always> updated during an emerge world.Only if you run it without -p or -a. I never run emerge world without fiorst checking exactly what it is going to do. I was not meaning that, but instead that CVS packages were always updated in a emerge -u world. If I would update my world, a re-run would re-update those packages. I added the whole list of packages to the world file and it seems that my idea was wrong. None of the E-CVS packages are getting updated. Which also means that I can "clean" my "depclean" functionality. :)