Package testing

From Gentoo Wiki
Jump to:navigation Jump to:search

Like all healthy software projects, developing Gentoo requires lots of testing. This article provides information for ebuild developers on testing ebuilds.

It is preferred that arch-specific ebuild testing takes place on a real system, inside a chroot, or within another type of non-virtualized container. Virtualization may be acceptable in situations where it is not possible or practical to test on real hardware.

Testing can be separated to generic "version bump" tests, stabilization work and keywording work. For stabilization it's important that the test environment only has stable packages installed, with no unstable ebuilds present (keyworded or unmasked). In any case, the test environment should be up-to-date, and it is recommended to have as few packages installed as possible. This will aid in finding missing dependencies. You should always aim to test each version bump as thoroughly as possible.


make.conf and test.conf files

This setup has a basic /etc/portage/make.conf with a more sophisticated /etc/portage/env/test.conf for use with packages that need testing. The make.conf file should have settings similar to the following:

This is easily achievable with some arch-testing tools, such as app-portage/pkg-testing-tools, but even by editing /etc/portage/package.env manually with little effort.

FILE /etc/portage/make.conf
CFLAGS="-march=native -O2 -pipe -frecord-gcc-switches"
LDFLAGS="${LDFLAGS} -Wl,--defsym=__gentoo_check_ldflags__=0"




PORTAGE_ELOG_CLASSES="log warn error qa"

# Add settings specific to your environment

EMERGE_DEFAULT_OPTS="--nospinner --jobs=8"
FEATURES="parallel-fetch parallel-install"

# These checks are from app-portage/iwdevtools, enable per-package separately.

Then the env/test.conf file:

FILE /etc/portage/env/test.conf
# -frecord-gcc-switches (if present in all of CFLAGS, CXXFLAGS, FFLAGS, FCFLAGS) detects missing CFLAGS usage
COMMON_FLAGS="-march=native -O2 -pipe -frecord-gcc-switches"


# You can use ${COMMON_FLAGS} here, but please remember to include as-needed manually then.
# Enables a Portage QA check to report when LDFLAGS is not respected
LDFLAGS="${LDFLAGS} -Wl,--defsym=__gentoo_check_ldflags__=0"

# collision-protect - prevent a package from overwriting files it does not own
# ipc-sandbox - prevent host IPC access (requires Linux and namespace support in kernel)
# network-sandbox - prevent network access during merge (requires Linux and network namespace support in kernel)
# sandbox - ensure package does not write directly to live system
# split-log - store logs created by PORTAGE_ELOG_SYSTEM="save" in category subdirectories
# split-elog - store build logs in category subdirectories
# strict - have portage react strongly to conditions that have the potential to be dangerous
# test - run package tests, or alternatively test-fail-continue
# userfetch - drop privileges during fetching
# userpriv - drop privileges during merge
# usersandbox - enable sandbox when userpriv is enabled
FEATURES="collision-protect ipc-sandbox network-sandbox sandbox split-log split-elog strict test userfetch userpriv usersandbox"

# Note: FEATURES="parallel-install" may result in not seeing some QA warnings for e.g.
# xdg db/cache updates.
FEATURES="${FEATURES} -parallel-install"

# Display selected types of messages again when emerge exits, and save them to disk
PORTAGE_ELOG_CLASSES="log warn error qa"

# Attempts to detect correct setuptools usage with python packages.

# Disables network-sandboxing from test phase if PROPERTIES="test_network" is set in the ebuild.
# See

# Used to control what additional QA checks app-portage/iwdevtools provides for us. 
# Please refer to upstream for documentation. Still highly experimental!

The QA_* variable define checks included with the app-portage/iwdevtools package. All flags and features can be found on make.conf.5 (or man 5 make.conf) where they are explained.

If QA_* checks are enabled from iwdevtools, the /etc/portage/bashrc will need to include the following:
FILE /etc/portage/bashrc
# Import the whole set
source /usr/share/iwdevtools/bashrc
# Alternatively, source the files individually
#source /usr/share/iwdevtools/qa-cmp.bashrc
#source /usr/share/iwdevtools/qa-sed.bashrc
#source /usr/share/iwdevtools/qa-vdb.bashrc

#post_pkg_preinst() {
#	qa-cmp_post_pkg_preinst

#post_pkg_postinst() {
#	qa-vdb_post_pkg_postinst

Note that iwdevtools can be used separately with provided scripts, it doesn't need to be integrated with Portage hooks to be effective.


Each ebuild in Gentoo is different and therefore requires a slightly different approach to stabilization. Consider the following guidelines for each class of package. Use common sense when in doubt.


USE flags

While it is preferable to test every USE flag combination, this is not always possible or appropriate. The ebuild may have a large number of USE flags, a long compile time, or the stabilization in question may just not call for it.

In cases where all USE flags combinations are not being tested, it is still recommended to test:

  • With all USE flags enabled.
  • With all USE flags disabled.
  • The default USE flag settings.

Note that arch-testing tools, such as tatt and pkg-testing-tools, provide functionality to test random combinations of USE flags.

Runtime testing

Consider the level of runtime testing that is required for the target package. Remember, the focus of stabilization is to integrate a testing ebuild into stable and not to identify routine upstream bugs or regressions - that is the purpose of the ebuild's 30 day wait time in while it's marked as unstable (~ARCH).

The level of runtime testing required will vary wildly based on a variety of factors. Consider the following examples:

  • Multiple days of "normal use" testing may be appropriate for a new version of sys-libs/glibc.
  • Basic functionality testing, such as browsing some web pages, may make sense for a new version of www-client/firefox.
  • Passing tests might be enough for dev-python/yenc.
  • A leaf package such as kde-apps/kcalc may not require any runtime testing at all.


A new library version may introduce incompatibles with reverse dependencies. Where there is a risk of such breakage, each stable reverse dependency must be rebuilt. Beware of reverse dependencies that only use the library conditionally (eg. USE="png").


Kernel ebuilds referenced in the Handbook have certain exemptions from the usual stabilization policy, so stabilization requests are normally only filed for the first version in a long term stable branch (subsequent versions can be stabilized at the discretion of the maintainer).

First, test all available kernel options:

user $cd /usr/src/example-sources-1.2.3
user $make allyesconfig
user $make # add '-j' as appropriate for the hardware

If that succeeds, build with a normal kernel configuration:

user $make distclean
user $make menuconfig
user $make
user $make modules_install # if you use modules

After reboot, check dmesg for anything strange and use the system as normal, trying to get a bit of uptime.

If stabilizing a special feature variant such as sys-kernel/hardened-sources, try to test relevant features.


New versions of toolchain packages can often introduce major changes and widespread breakage into the Gentoo ebuild repository. The purpose of a stabilization request for a toolchain package is to test the package itself on each architecture - not to detect build failures in miscellaneous packages. It is expected that such failures are managed and resolved by the maintainer (normally through tracker bugs and tinderboxing) prior to filing a stabilization request.

See the Toolchain Project's notes for more.

Once the normal testing is successful, rebuild @system (or @world if the hardware permits) and once successful, observe the system in normal operation for abnormalities.



Install the tool.

root #emerge --ask app-portage/pkg-testing-tools

app-portage/pkg-testing-tools is an alternative to tatt. Its strengths are ease-of-use and JSON format reports. Please refer to upstream for documentation, or use pkg-testing-tool --help.

pkg-testing-tools doesn't require any configuration to be usable. It's very simple and therefore has a shallow learning curve. Integrating it to daily ebuild dev work is strongly encouraged.

At minimum you should have a /etc/portage/env/test.conf file with some test-specific settings defined. Please see #make.conf_.26_test.conf.

By default pkg-testing-tools disables some USE flags. Such as debug, doc, etc, that aren't too important when making sure the source code compiles. However when using the tool on version bumps, to make sure everything in the ebuild works, it may be a good idea to expand the USE flag pool that is being tested. It is easy to edit the source afterwards, but there are also example patches available, that can be dropped into /etc/portage/patches. By default the tool also disables --autounmask feature, which makes sense on stabilizing work since it can accidentally autounmask ~unstable packages, but when the tool is used along with version bumps, you may want autounmasking feature to solve different USE flag combinations automatically.

One downside compared to tatt is that pkg-testing-tools does not have a way to test reverse dependencies. tatt has a built-in feature for that. You can always find reverse dependencies of a package from or simply from There is a simple script to pair pkg-testing-tools with but it is not suitable for stabilization workflow. eix can be further paired with the two to find stable reverse dependencies of an atom.

Tool argument Description
-p Specify the package atom we're testing via -p '=cat/pn-ver'
--append-emerge Give extra emerge arguments (EMERGE_DEFAULT_OPTS).
--append-required-use Enable/disable certain USE flags. Can also be used by exporting USE flag before calling the tool.
--binpkg Append --usepkg to emerge command and add buildpkg to FEATURES. Also controllable via make.conf.
--max-use-combinations Specify the amount runs per package.
--test-feature-scope When to enable FEATURES="test": never, once per whole run, or always.
--report Specify optional report path, and filename.
--extra-env-file Specify optional env/* file to be used.

Example commands:

user $pkg-testing-tool --append-emerge '--autounmask=y' --extra-env-file 'test.conf' --test-feature-scope once --max-use-combinations 6 -p '=app-emulation/lxd-4.0.7'

Uses env/test.conf specific settings only for the testable atom, does a run with FEATURES="test" once, and does 6 different use-combination runs at max while also enabling autounmask features.

user $pkg-testing-tool --append-emerge '--autounmask=y' --extra-env-file 'test.conf' --test-feature-scope never --max-use-combinations 12 --append-required-use '!profile' --report /var/tmp/portage/logs/efl-1.25.1-r11-report.json -p '=dev-libs/efl-1.25.1-r11'

Uses env/test.conf specific settings only for the testable atom, never does a run with FEATURES="test, does 12 runs with different USE flag combinations, enables autounmasking features, appends USE="-profile" globally and writes a report into /var/tmp/portage/logs/.


app-portage/tatt is a tool designed to automate some of the repetitive tasks involved in arch testing. Currently only version 9999 supports working with a git ebuild repository and the Bugzilla atom field.

For each job, tatt produces a series of scripts allowing the user to control exactly what is performed:

Script name Function
cleanup Removes generated scripts and atoms from the keyword file
commit Commits the keyword changes to the repository
rdeps Compiles a selection of stable reverse dependencies
success Reports a successful stabilization to the bug, removing the arch from CC and closing if appropriate
useflags Builds the atoms with various USE flag combinations


tatt has a variety of configuration options (see man 5 tatt), but there is a few that must be set to ensure useful operation of all functions.

FILE ~/.tatt
# architecture to use for keyword changes and bug updates

# success message to print on bugs
successmessage=@@ARCH@@ stable

# repository to work in when committing keyword changes

# API key to authenticate with bugzilla for updating/closing bugs
# generate at

Sample workflow

First, start a new job:

user $tatt -b 590118
Bugnumber:  590118
Stabilization bug detected.
Jobname: writerperfect
Found the following package atom : =app-text/writerperfect-0.9.5
=app-text/writerperfect-0.9.5 already in /etc/portage/package.keywords/archtest
No stable rdeps for writerperfect
Success Report script written to writerperfect-success.s
Commit script written to

Now the various scripts are available for use:

user $ls

Next, build the package and perform whatever testing is necessary:

root #./
user $writerperfect

A report is also produced summarizing the build status of each USE flag combination:

user $cat
USE='-abiword -cdr -ebook -freehand -gsf -keynote -mspub -mwaw -pagemaker -visio -wpd -wpg -wps' : REQUIRED_USE not satisfied (probably)                                                                           
USE='abiword cdr ebook -freehand gsf -keynote mspub mwaw pagemaker visio -wpd -wpg -wps'  succeeded for =app-text/writerperfect-0.9.5                                                                              
USE='abiword cdr ebook freehand gsf keynote mspub mwaw pagemaker visio wpd wpg wps'  succeeded for =app-text/writerperfect-0.9.5                                                                                   
 FEATURES= test succeeded for =app-text/writerperfect-0.9.5

Once everything looks good, commit the keyword change:

user $./
writerperfect-0.9.5: amd64 ~x86 ~x86-linux ~x86-solaris

RepoMan scours the neighborhood...
RepoMan sez: "If everyone were like you, I'd be out of business!"

RepoMan scours the neighborhood...
>>> Creating Manifest for /home/michael/dev/gentoo/gentoo/app-text/writerperfect

Note: use --include-dev (-d) to check dependencies for 'dev' profiles

* 1 files being committed... 
[master fe834f9] app-text/writerperfect: amd64 stable
 1 file changed, 1 insertion(+), 1 deletion(-)

Commit complete.
RepoMan sez: "If everyone were like you, I'd be out of business!"

Finally, update the bug and cleanup the job:

user $./
user $./

QA violations

Most of these violations will be detected automatically using the testing tool, but are also described here for completeness.

Architecture-specific notes

A number of items described in earlier sections, such as checking of reverse dependencies and miscellaneous QA checks, are architecture-neutral. At a stabilization level, the primary responsibility for carrying out these checks rests on the first architecture to stabilize an ebuild. Subsequent architectures may assume that these checks have been completed and skip them if they wish.

The devmanual also covers this topic.


  • Any developer may perform amd64 stabilization - it is not necessary to be on the arch team.
  • multilib-strict must be added to the FEATURES variable in the make.conf file.


The ARM project supports four arm variants - armv4, armv5, armv6, and armv7. Where possible for fragile packages, trying CFLAGS="-march=$arch" for each variant is encouraged.


  • Any developer may perform x86 stabilization - it is not necessary to be on the arch team.
  • It is acceptable to stabilize in an x86 chroot on amd64.
  • It is generally acceptable to stabilize a package with only a build test on x86 if it is already stable on amd64.

See also

  • Stable request — the procedure for moving an ebuild from testing to stable.

This page is based on a document formerly found on our main website
The following people contributed to the original document: Agostino Sarubbo (ago) , various arch testing teams
They are listed here because wiki history does not allow for any external attribution. If you edit the wiki article, please do not add yourself here; your contributions are recorded on each article's associated history page.