Subject: Re: CVS commit: pkgsrc/pkgtools/pkg_rolling-replace
To: Tobias Nygren <>
From: Greg Troxel <>
List: tech-pkg
Date: 08/06/2007 15:22:09

Tobias Nygren <> writes:

> One possible concern is that while pkg_rr enforces the "safe" order in
> which to update packages, some random make replace here and there does
> not.

Sure - random make replace is not safe.  The point of unsafe_depends is
to record this so that someting like pkg_rolling-replace can fix things
up and take an unsafe situation to a safe one sensibly.
(I think 'make update' is *really* not safe, in a different way...)

> In other words, it is possible to build a package that does
> not have unsafe_depends=YES, but where some of the dependencies used to
> build it had unsafe_depends=YES. I think as a safety measure we should
> make unsafe_depends=YES propagate to the package being built if any of
> the dependencies were unsafe.

I don't follow this.  When a package is 'make replace'd, all packages
that are recorded as depending on it are marked unsafe.  So if A is
replaced and B and C depend on A, B and C are marked unsafe_depends.  If
D depends on C, D is not marked.  I think this is right - if D actually
depends on A's ABI, then it's mislabeled and the direct dependency on A
should have been expresed.

Right now, this will lead to pkg_rolling-replace rebuilding B and C,
which will get D marked unsafe, and hence D will get rebuilt.  But in
the future when unsafe_depends is only set for ABI changes, it's
possible that C will get rebuilt, but not D (because rebuilding C
doesn't change C's ABI).

> If that is done we can remove the unsafe_depends in the replace
> target iff all of the dependencies are safe.

So you are wanting to mark a package unsafe_depends when it is built
(not replaced) if anything it depends on is marked unsafe?  I don't
agree - the package that was just built is still linked against what was
there when it was built, so there's no issue.  Certainly, in a pkg_rr
world, those unsafe dependencies are likely to be replaced, but it's
only then that any unsafeness arises, and then it's marked.

So, my view of the meaning of unsafe_depends is

  A package foo has unsafe_depends set iff there exists a package bar,
  s.t. bar is a direct dependency of foo, and bar has been 'make
  replace'd since foo was built.

Later, this will change to also have

  and the new and old bar versions break ABI compatibility.

with unsafe_depends_strict having the old meaning.

This should all go for binary packages, too - so 'pkg_install -u' should
set/clear the tags in the same way.


Content-Type: application/pgp-signature

Version: GnuPG v1.4.7 (NetBSD)