Talk:Binary package guide

From Gentoo Wiki
Jump to:navigation Jump to:search
This is a Talk page - please see the documentation about using talk pages. Add newer comments below older ones, sign comments using four tildes (~~~~), and indent successive comments with colons (:). Add new sections at the bottom of the page, under a heading (== ==). Please remember to mark sections as "open for discussion" using {{talk|open}}, so they will show up in the list of open discussions.

My Server and Client(s) Setup

Talk status
This discussion is done as of 06 August 2020.

When I get more time, I'll try studying the article. In the meantime, for the past few years, I've used two of my own scripts called "$HOME/bin/" & "$HOME/bin/" with HOSTNAME checking to make sure they're host or client as well as incorporating some of the commands from "Binary Package Guide". I used well structured Bash Scripting techniques with Functions. Again, I'll try posting them sometime (or I can EMail them upon request), but they're pretty basic. The only trivial part is checking for updating the kernel if it's needed, if so then cp the .config file over and build/install the kernel. Then re-run emerge world as some packages break if there's no .config file immediately following a kernel upgrade. The client scripts finally EMail the server to notify emerge completion. The only rsync'ing I do these days, are /etc/portage files and /usr/local/portage containing my custom ebuilds. No NFS utilization as it complicates things greatly. Everything depends on emerge & layman for syncing. Signed: Roger 18:33, 15 November 2011 (UTC)

I'm so glad you like your scripts, Roger. Since you have left the wiki editors with no easy way to reach you, I am closing this discussion. --Davidbryant (talk) 14:41, 6 August 2020 (UTC)

32 bit and 64 bit Package Binary Server

Talk status
This discussion is done.

I've just upgrade to a 64 bit platform (i7 8x3.5Ghz CPU, w/ 32G RAM) and seem quite capable of building both 32 and 64 bit entire system packages within minutes or an hour or so, and distributing to my older 32 bit platforms versus building them specifically for each arch, on each arch. Would be nice to see some Wiki info on making Gentoo build 32 and 64 bit binary packages. From what I'm guessing, the 32 bit builds performed on a 64 bit platform need to be performed within a chrooted build environment?

After figuring or documenting this, making sure the USE flags are compatible across the 32 & 64 bit binaries need to be addressed. ... shrugs ... I'd love to push the older 32 bit platforms into a binary distro, but nothing seems reasonably stable on any distro except Gentoo, including having Gentoo's flexibility with having newer packages/ebuilds easily available. Roger 10:18, 13 December 2012 (UTC)

I guess nobody else really cares. It's been eight years since Roger wrote this, and he's not readily accessible. --Davidbryant (talk) 14:38, 6 August 2020 (UTC)
I care. And currently I'm unable to setup crossdev environment with i686-pc-linux-gnu-emerge and all the necessary layout under /usr/i686-pc-linux-gnu
Cause all I get is this:
root #crossdev -t i686-pc-linux-gnu --init-target
  * Refusing to create a cross-compiler using the same * target name as your host utils. * Consider using sys-devel/multilib-gcc-wrapper package.
-- Anon (talk) 19:50, 2 July 2023 (UTC)
With the addition of the chroot guide being added to the article this can now be closed as it's the most suitable way to create a x86 binhost on x86_64.
Immolo (talk) 10:58, 14 August 2023 (UTC)

Is the support for multiple binary package servers still incomplete ?

Talk status
This discussion is done as of 6 August 2020.
The support for multiple binary package servers is somewhat incomplete. If several servers serve a binary package for the same package version, then only the first one will be considered. This can be problematic when these binary packages differ in their USE variable configuration and the USE variable configuration of a later binary package would match the systems configuration.

In my own testing I've not been able to reproduce any of the caveats described. Shouldn't we remove this note ? Sdrik (talk) 15:25, 27 March 2018 (UTC)

I'm pretty sure the caveat is still important. You won't run into this unless you're maintaining your own private repositories, and compile two different versions of the same program. --Davidbryant (talk) 14:24, 6 August 2020 (UTC)

What about compiler flags when -march=native is used?

Talk status
This discussion is done as of 6 August 2020.

Am I missing something? building a package and control USE flags is one thing. However, given I have on my hots, i.e. builder machine, -march=native in CFLAGS, it will invoke gcc for its own processor, including processor flags at the stage of compilation. And such a code may be useless on another machine. This should be somehow reflected in the document especially given that the handbook suggests -march=native as the most standard approach. --Alex-kas (talk) 19:41, 2 February 2020 (UTC)

Good point. But it's already addressed in "Using Binary Packages":

For binary packages to be usable on other systems they must fulfill some requirements:

* The client and server architecture and CHOST must match.

Doesn't that answer your question? --Davidbryant (talk) 14:33, 6 August 2020 (UTC)

We should list available bin package compression formats

Talk status
This discussion is done.

Portage supports BINPKG_COMPRESS variable which allows for different compression formats to be used, such as lz4. We should list them all here.

Juippis (talk) 13:49, 15 December 2021 (UTC)

Thanks for the heads up! Sounds like a very good idea, but I don't use this, so I wouldn't know what to add off the top of my head. I have a project that builds packages though, so I may get a chance to come to this with a bit of knowledge some time.
Comments like this are great, because they focus attention on particular changes that need to be made, so someone will surely get around to this eventually. Feel free to make any changes to fix this yourself however, if you know what needs doing, and don't mind: this seems like the sort of change that users will benefit from :).
Boilerplate: Remember that no matter if changes aren't perfect, or if the formatting is a bit off, as long as edits make things a bit better, it's a step in the right direction ;). The contributor's guide gives a few tips on how to easily make contributions ;).
I will close this discussion soon, if nothing more is added, as this seems like a pretty complete informational comment in and of itself (see closing discussions).
-- Kyoreln (talk) 14:48, 15 December 2021 (UTC)
Done now, I was hoping to get the formats listed here, but they could be found from portage's man page easily after all.
Juippis (talk) 08:38, 17 December 2021 (UTC)
Fantastic, thanks !! -- Ris (talk) 09:30, 20 February 2022 (UTC)

Clarifying the information in the "Understanding the binary package format" section

Talk status
This discussion is still ongoing.

i came to the "Understanding the binary package format" section of this page due to trying to understand the format of the xpak that gets downloaded by the gentoo-kernel-bin ebuild. In that particular case, the compression format is xz, not bz2; but qtbz2 can nevertheless be used to split that file into its .tar.xz and the xpak archive components, despite the command name, and despite this not being documented in the man page for qtbz2. Should this section be changed to reflect all this? Flexibeast (talk) 12:52, 9 March 2022 (UTC)

Excellent observation. Perhaps the developer of the sys-kernel/gentoo-kernel-bin package has set custom compression formats on the build machine that is assembling the package... which was discovered by you as you manually disassembled the package step-by-step. binpkg compression can be changed to support various compression algorithms such as bzip2, gzip, lz4, lzip, lzop, xz, and zstd (search for BINPKG_COMPRESS on the man make.conf) for more information... --Maffblaster (talk) 00:28, 10 March 2022 (UTC)

Mixing the formats XPAK and GPKG

Talk status
This discussion is still ongoing.

Are there any implications when switching an existing build server to GPKG? Is it enough to configure the format in make.conf? Do clients using the binary packages get along with some as XPAK and others as GPKG? According to this page it does not seem necessary to rebuild all packages to GPKG nor clean XPAK from the packages dir? Is that correct?--Onkobu (talk) 15:48, 2 January 2023 (UTC)

I don't think there are any implications, as long as all clients support all used formats (GPKG is a newer addition). You should be able to just set the format in make.conf on the server, doing so on the client is not necessary. Clients will use whatever the build server sets in $PKGDIR/Packages. Portage saves the binary package filename separately for each package in $PKGDIR/Packages so it will know which file to use. Rebuilding all packages to the same format is not necessary. After switching file format, the old binary package file will remain until cleaned with eclean packages. Jjakob (talk) 15:31, 22 May 2023 (UTC)

Binary package OpenPGP signing

Talk status
This discussion is still ongoing.

I tried to enable this on my machine. I symlinked root's gpg-agent socket to my user's agent extra socket so that root can use my user's gpg smartcard. Imported my gpg public key into root's truststore and set it to ultimate trust. I tried signing some git commits as root and it worked so I know this part works. Enabled signing by setting

FILE "/etc/portage/make.conf"
FEATURES="buildpkg binpkg-signing"
BINPKG_GPG_SIGNING_KEY="my key fingerprint"

When I run emerge the package is successfully built and signed (I am requested to press the UIF touch button on my key 3 times after the package is built) but then it fails to verify its signature:

root #"emerge -1 dev-libs/tree-sitter"
... cut ...
>>> Completed installing dev-libs/tree-sitter-0.20.8 into /var/tmp/portage/dev-libs/tree-sitter-0.20.8/image
... cut ...
>>> Done.
gpg: keyblock resource '/etc/portage/gnupg/pubring.kbx': No such file or directory
[GNUPG:] ERROR add_keyblock_resource 33587281
gpg: Signature made Mon 22 May 2023 04:51:16 PM CEST
gpg:                using EDDSA key FE4A3C99DCC974A683D406031E936484FFE8BA69
[GNUPG:] ERROR keydb_search 33554445
[GNUPG:] ERROR keydb_search 33554445
[GNUPG:] ERRSIG 1E936484FFE8BA69 22 10 01 1684767076 9 FE4A3C99DCC974A683D406031E936484FFE8BA69
gpg: Can't check signature: No public key
gpg: can't create `/etc/portage/gnupg/random_seed': No such file or directory
!!! Invalid binary package: '/var/cache/binpkgs/dev-libs/tree-sitter-0.20.8.gpkg.tar.3271', GPG verify failed
Exception in callback AsynchronousTask._exit_listener_cb(<bound method...7f26fed69c40>>)
handle: <Handle AsynchronousTask._exit_listener_cb(<bound method...7f26fed69c40>>)>
Traceback (most recent call last):
  File "/usr/lib/python3.11/asyncio/", line 80, in _run, *self._args)
  File "/usr/lib/python3.11/site-packages/_emerge/", line 210, in _exit_listener_cb
  File "/usr/lib/python3.11/site-packages/_emerge/", line 49, in _task_exit_handler
  File "/usr/lib/python3.11/site-packages/_emerge/", line 43, in _start_next_task
    self._start_task(task, self._task_exit_handler)
  File "/usr/lib/python3.11/site-packages/_emerge/", line 112, in _start_task
  File "/usr/lib/python3.11/site-packages/_emerge/", line 34, in start
  File "/usr/lib/python3.11/site-packages/_emerge/", line 518, in _start
  File "/usr/lib/python3.11/site-packages/_emerge/", line 560, in _record_binpkg_info
    "BINPKGMD5": f"{pkg._metadata['MD5']}\n",
AttributeError: 'NoneType' object has no attribute '_metadata'

Is the section missing an instruction to also follow the Binary_package_guide#Verify_binary_package.27s_OpenPGP_signature section? Or is my global "USE=verify-sig" causing this?

Jjakob (talk) 15:16, 22 May 2023 (UTC)

I am having the same issue, emerge --info | grep -i home yields : PORTAGE_GPG_SIGNING_COMMAND="gpg --sign --digest-algo SHA256 --clearsign --yes --default-key "${PORTAGE_GPG_KEY}" --homedir "${PORTAGE_GPG_DIR}" "${FILE}""

I didn't see either PORTAGE_GPG_DIR or PORTAGE_GPG_KEY in the environmental variables. so I created them in the make.conf (this could be a version issue/oversight)

Also, I moved the homedir to portage (/var/lib/portage/home), as I use the portage user. After setting the read permissions on 'other' I was able for the process to read trusted.db, and I was able to successfully build a gpkg package. Also, depending on the situation, the .gnupg directory appears to need 'other' accesss, even though emerge uses root. which is weird. anyways.

I am happy to allow portage to have it's own gpg home directory/key. And I am avoiding using the root directory for now Also, if I opt not to have all four (BINPKG or PORTAGE prefixed) variables set, i get errors. during binpkg creation.

    • ALSO I ADDED :

BINPKG_GPG_VERIFY_GPG_HOME=".../.gnupg" ... I have to say, its quite convoluted, perhaps simplifying the gpg variables if its possible, or perhaps just a rewrite in the docs.


pcxmac (talk) 08:32, 13 Oct 2023 (PST)

gpg-keepalive feature

Talk status
This discussion is still ongoing.

I have tried to gpg-keepalive feature, and it does not seem to work. If the compilation last too long, the GPG passphrase is again asked at the end. If I type it, it appears in clear text. Then if I type enter, it hangs, the binary package is not created and the package is not installed. Any idea on this ?-- FrancoisVal (talk) 13:34, 5 January 2024 (CET)