Gentoolkit

Introduction

 * What is Gentoolkit?


 * Gentoo is a unique distribution and presents some complexities that simply don't exist for other distributions. As Gentoo developers and contributors discovered some of these complexities, they also wrote tools to help users and administrators work around them. Many of these tools have been contributed to the Gentoo project and are included in the package app-portage/gentoolkit.
 * There are two versions of gentoolkit: and . While the former contains administration scripts, the latter contains scripts specific to help development on Gentoo. If you are a developer, you can have your scripts included into gentoolkit-dev by contacting the Gentoolkit maintainer. The packages are not conflicting. You can have installed both at the same time. This document discusses gentoolkit only though.

Gentoolkit contains a whole bunch of useful tools to help you manage your packages and keep track of what is going on in your system. Most users -- particularly those who update systems often -- will benefit from having gentoolkit installed. Documentation

Any documentation that a program might have (other than man pages) is stored in.

Installation
Just as with any Gentoo package, installation is just a simple emerge.

equery
equery is a tool that supports some features of epm (and the deprecated qpkg) together with its own set of features that make it really useful. gives you the full set of options. equery will eventually replace etcat in a future release of gentoolkit.

Finding the Package That a File Came From
equery provides the functionality of finding the package that a file came from, using belongs (or just b) parameter. Code: Finding the ebuild that installed a given file

[ Searching for file(s) /usr/bin/xmms in *... ] media-sound/xmms-1.2.10-r9 (/usr/bin/xmms)

By using the -f option, you may search for packages with files matching any regular expression. The -e option is useful for terminating your search immediately when a match is found.

Verifying Package Integrity
Sometimes it is useful to check a package's integrity. equery can verify md5 sums as well as timestamps to indicate when a package might have been corrupted, replaced, or removed. [ Checking app-portage/gentoolkit-0.2.0 ] * 54 out of 54 files good

Dependencies
equery is able to list all direct dependencies matching a package. The function we should use to do this is depends and it's very easy. To look for packages depending on pygtk: [ Searching for packages depending on pygtk... ] app-office/dia-0.93 dev-python/gnome-python-2.0.0-r1 gnome-extra/gdesklets-core-0.26.2 media-gfx/gimp-2.0.4 x11-libs/vte-0.11.11-r1

equery is capable of giving us a dependency graph for a specified package. The dependency graph gives a listing of all the packages that have direct or indirect dependencies on the package in question. Displaying dependencies for app-cdr/cdrtools-2.01_alpha37 `-- app-cdr/cdrtools-2.01_alpha37 `-- sys-libs/glibc-2.3.4.20040808 (virtual/libc) `-- sys-kernel/linux-headers-2.4.22 (virtual/os-headers) `-- sys-apps/baselayout-1.10.4 `-- sys-apps/sysvinit-2.85-r1 `-- sys-apps/gawk-3.1.3-r1 `-- sys-apps/util-linux-2.12-r4 `-- sys-apps/sed-4.0.9 `-- sys-libs/ncurses-5.4-r4 `-- sys-apps/pam-login-3.14 `-- sys-libs/pam-0.77-r1 `-- sys-libs/cracklib-2.7-r10 `-- sys-apps/miscfiles-1.3-r1 `-- app-arch/gzip-1.3.5-r1 `-- sys-apps/portage-2.0.50-r10

For example, while glibc is a direct dependency for cdrtools, linux-headers are an indirect dependency. Note that the output also includes information about virtual packages. In the example above, is actually written to require, not , but on the given system in the example sys-libs/glibc provides virtual/libc.

Listing Files belonging to an Ebuild
equery can list the files that belong to an installed ebuild. If you don't know the files that gentoolkit has installed on the system, use equery to show them: [ Searching for packages matching gentoolkit... ] app-portage/gentoolkit-0.2.0 /usr /usr/bin /usr/bin/equery /usr/bin/etcat /usr/bin/euse /usr/bin/glsa-check /usr/bin/qpkg /usr/bin/revdep-rebuild /usr/lib /usr/lib/gentoolkit /usr/lib/gentoolkit/pym /usr/lib/gentoolkit/pym/gentoolkit /usr/lib/gentoolkit/pym/gentoolkit/__init__.py /usr/lib/gentoolkit/pym/gentoolkit/gentoolkit.py /usr/lib/gentoolkit/pym/gentoolkit/pprinter.py /usr/lib/gentoolkit/pym/glsa.py /usr/sbin /usr/share /usr/share/doc /usr/share/doc/gentoolkit-0.2.0_pre10
 * Contents of app-portage/gentoolkit-0.2.0:

[...]

The command files of equery provide some options to modify the output. You can look them all up in the equery man page.

Looking for packages that use a specific USE flag
If you want to find which packages on your system make use of a specific USE flag, you want equery's hasuse feature: Code: Searching packages which use mozilla USE flag

[ Searching for USE flag mozilla in all categories among: ] * installed packages [I--] [ ] dev-java/blackdown-jre-1.4.2.01 (1.4.2) [I--] [ ] mail-client/evolution-2.0.2 (2.0)

Listing Packages
equery has a powerful feature to list packages belonging to your system, portage or even an overlay. Let's try this: Code: Listing packages with equery

[ Searching for package 'gentoolkit' in all categories among: ] * installed packages [I--] [ ] app-portage/gentoolkit-0.2.0 (0)

The standard query will search our installed packages for the name given. If found, the following info will be displayed:


 * the package location between the first square brackets (I for Installed packages, P for Portage, O for Overlay)
 * the possibles masks between the second (~ by keyword, - by arch or M hard masked)
 * the category and complete name
 * the slot in which the package is stored

Another example, this time we are going to use the local options in order to look for packages in our portage tree and overlay. [ Searching for package 'vim' in all categories among: ] * installed packages [I--] [ ] app-editors/vim-6.3-r4 (0) * Portage tree (/usr/portage) [-P-] [M~] app-editors/vim-7.0_alpha20050126 (0) [-P-] [M~] app-editors/vim-7.0_alpha20050201 (0) [-P-] [ ] app-editors/vim-6.3-r2 (0) [-P-] [M~] app-editors/vim-7.0_alpha20050122 (0) [-P-] [M~] app-editors/vim-core-7.0_alpha20050126 (0) [-P-] [ ] app-editors/vim-core-6.3-r3 (0) [-P-] [M~] app-editors/vim-core-7.0_alpha20050122 (0) [-P-] [M~] app-editors/vim-core-7.0_alpha20050201 (0) [-P-] [ ] app-editors/vim-core-6.3-r4 (0) * overlay tree (/opt/ebuilds)

Calculate package sizes
Ever been curious to find out how much space a specific package is occupying? Since a package could have its files over a number of directories, the usual du -hc might not give you the correct figure. Do not worry, equery solves that problem! Code: Package Size

Total Files : 2908 Total Size : 223353.31 KiB
 * app-office/openoffice-bin-1.1.2

As you can see, equery prints the total space used in kilobytes (or another convenient unit) and also lists the total number of files the package has.

Package-wise list of USE Flags
equery can be used to give us information about what USE flags are being used by a specific package. It also tells us what our current USE flags are for a package and also what USE flags are available for the package. Code: Set and Unset USE Flags

[ Colour Code : set unset ] [ Legend   : (U) Col 1 - Current USE flags        ] [          : (I) Col 2 - Installed With USE flags ]

U I [ Found these USE variables in : net-analyzer/ethereal-0.10.6 ] - - adns : Adds support for the adns DNS client library + + gtk  : Adds support for x11-libs/gtk+ (The GIMP Toolkit) - - ipv6 : Adds support for IP version 6 - - snmp : Adds support for the Simple Network Management Protocol if available + + ssl  : Adds support for Secure Socket Layer connections + + gtk2 : Use gtk+-2.0.0 over gtk+-1.2 in cases where a program supports both. - - debug : Tells configure and the makefiles to build for debugging. Effects vary across packages, but generally it will at least add -g to CFLAGS. Remember to set FEATURES=nostrip too

As you can see, here ethereal has been installed with only the gtk, ssl and gtk2 flags set, but the other USE flags for are adns, ipv6, snmp and debug.

Where's the ebuild?
We can also find out which ebuild is being used for a specific package using equery. This is done by using the equery which command which displays the full path to the ebuild. Code: Displaying the ebuild path

/usr/portage/app-cdr/cdrtools/cdrtools-2.01_alpha37.ebuild

euse
euse is a tool to see, set and unset USE flags at various places. For more information on USE flags, please refer to the USE Flags. Please see euse -h for complete help and all options. Viewing, setting and unsetting USE Flags

Retrieving current active USE flags
The euse -a command reads the current active USE flags and displays them.

There are 5 "columns" that euse uses to show whether a flag is set/unset and where all the flag has been set. The columns are as follows: +/-, set in the Environment, set in make.Conf, set in make.Defaults, and set in make.Globals. The output looks like [+ECDG]. Code: Viewing all active USE flags

X                  [+ CD ] aalib              [+    ] acpi               [+ C  ] alsa               [+ C  ] [...] xosd               [+ C  ] xv                 [+ CD ] xvid               [+ C  ] zlib               [+ CD ]

Similarly you can use the euse -a -g to only view active global USE flags. euse -a -l does the same for active local USE flags, -g and -l are suboptions for euse and need an option before them (like -a) to function correctly. Code: Viewing active local USE flags

bitmap-fonts       [+  D ] font-server        [+  D ] fortran            [+  D ] gimpprint          [+ C  ] imlib2             [+    ] md5sum             [+ C  ] mpeg4              [+ C  ] nvidia             [+ C  ] offensive          [+    ] truetype           [+ CD ] truetype-fonts     [+  D ] type1-fonts        [+  D ]

We can also use euse to set or unset use flags. The commands used for this are euse -E flagname (enable a flag) and euse -D flagname (disable a flag).

Enabling use flags
/etc/make.conf was modified, a backup copy has been placed at /etc/make.conf.euse_backup

(/etc/make.conf after the command) USE="alsa acpi apache2 -arts cups cdr crypt cscope -doc ethereal fbcon gd \    gif gimpprint gnome gpm gstreamer gtk2 gtkhtml imlib imlib2 \     innodb -java javascript jpeg libg++ libwww mad mbox md5sum \     mikmod mmx motif mozilla mpeg mpeg4 mysql ncurses nvidia \     oggvorbis odbc offensive opengl pam pdflib perl png python \     quicktime readline sdl spell sse ssl svga tcltk tiff truetype usb \     vanilla X xml2 xmms xosd xv xvid x86 zlib 3dfx"

Disabling use flags
/etc/make.conf was modified, a backup copy has been placed at /etc/make.conf.euse_backup

(/etc/make.conf after the command) USE="alsa acpi apache2 -arts cups cdr crypt cscope -doc ethereal fbcon gd \    gif gimpprint gnome gpm gstreamer gtk2 gtkhtml imlib imlib2 \     innodb -java javascript jpeg libg++ libwww mad mbox md5sum \     mikmod mmx motif mozilla mpeg mpeg4 mysql ncurses nvidia \     oggvorbis odbc offensive opengl pam pdflib perl png python \     quicktime readline sdl spell sse ssl svga tcltk tiff truetype usb \     vanilla X xml2 xmms xosd xv xvid x86 zlib -3dfx"

glsa-check
glsa-check is mainly a test tool that keeps track of the various GLSA's (Gentoo Linux Security Advisory) and will eventually be integrated into emerge and equery. See GLSA.

Listing unapplied GLSAs
[A] means this GLSA was already applied, [U] means the system is not affected and [N] indicates that the system might be affected.

200901-15 [U] Net-SNMP: Denial of Service ( net-analyzer/net-snmp ) 200901-14 [U] Scilab: Insecure temporary file usage ( sci-mathematics/scilab ) 200310-03 [U] Apache: multiple buffer overflows ( www-servers/apache ) 200310-04 [U] Apache: buffer overflows and a possible information disclosure ( www-servers/apache ) 200311-01 [U] kdebase: KDM vulnerabilities ( kde-base/kdebase ) 200311-02 [U] Opera: buffer overflows in 7.11 and 7.20 ( www-client/opera ) 200311-03 [U] HylaFAX: Remote code exploit in hylafax ( net-misc/hylafax ) 200311-04 [U] FreeRADIUS: heap exploit and NULL pointer dereference vulnerability ( net-dialup/freeradius ) 200311-05 [U] Ethereal: security problems in ethereal 0.9.15 ( net-analyzer/ethereal ) 200311-06 [U] glibc: getgrouplist buffer overflow vulnerability ( sys-libs/glibc ) 200311-07 [U] phpSysInfo: arbitrary code execution and directory traversal ( www-apps/phpsysinfo ) 200311-08 [U] Libnids: remote code execution vulnerability ( net-libs/libnids ) 200312-01 [U] rsync.gentoo.org: rotation server compromised 200312-03 [U] rsync: exploitable heap overflow ( net-misc/rsync ) 200312-04 [U] CVS: malformed module request vulnerability ( dev-util/cvs ) 200312-05 [U] GnuPG: ElGamal signing keys compromised and format string vulnerability ( app-crypt/gnupg ) 200312-06 [U] XChat: malformed dcc send request denial of service ( net-irc/xchat ) 200312-07 [U] Two buffer overflows in lftp ( net-ftp/lftp ) 200312-08 [U] CVS: possible root compromise when using CVS pserver ( dev-util/cvs )

[...]

Dumping information about specific GLSAs
GLSA 200812-20: phpCollab: Multiple vulnerabilities

=
=============================================================== Synopsis:         Multiple vulnerabilities have been discovered in                   phpCollab allowing for remote injection of shell commands, PHP code and SQL statements. Announced on:     December 21, 2008 Last revised on:  December 21, 2008: 01

Affected package: www-apps/phpcollab Affected archs:   All Vulnerable:       <=2.5_rc3 Unaffected:

Related bugs:     235052

Background:       phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends.

Description:      Multiple vulnerabilities have been found in phpCollab: - rgod reported that data sent to                  general/sendpassword.php via the loginForm parameter is                   not properly sanitized before being used in an SQL statement (CVE-2006-1495). - Christian Hoffmann of Gentoo Security discovered multiple vulnerabilites where input is insufficiently sanitized before being used in an SQL statement, for instance in general/login.php via the loginForm parameter. (CVE-2008-4303). - Christian Hoffmann also found out that the variable $SSL_CLIENT_CERT in general/login.php is not properly sanitized before being used in a shell command. (CVE-2008-4304). - User-supplied data to installation/setup.php is not checked before being written to include/settings.php which is executed later. This issue was reported by                  Christian Hoffmann as well (CVE-2008-4305).

Impact:           These vulnerabilities enable remote attackers to execute arbitrary SQL statements and PHP code. NOTE: Some of the SQL injection vulnerabilities require the php.ini option "magic_quotes_gpc" to be disabled. Furthermore, an                  attacker might be able to execute arbitrary shell commands if "register_globals" is enabled, "magic_quotes_gpc" is disabled, the PHP OpenSSL extension is not installed or loaded and the file "installation/setup.php" has not been deleted after installation.

Workaround:       There is no known workaround at this time.

Resolution:       phpCollab has been removed from the Portage tree. We                  recommend that users unmerge phpCollab:

# emerge --unmerge "www-apps/phpcollab"

References: CVE-2006-1495: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1495

CVE-2008-4303: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4303

CVE-2008-4304: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4304

CVE-2008-4305: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4305

Testing vulnerability for specific GLSAs
This system is not affected by any of the listed GLSAs

Auto applying GLSAs
fixing 200901-15 >>> merging net-analyzer/net-snmp-5.4.2.1 Calculating dependencies... done!

>>> Verifying ebuild manifests

>>> Starting parallel fetch

>>> Emerging (1 of 2) dev-python/setuptools-0.6_rc8-r1 [...]

revdep-rebuild
This tool is Gentoo's Reverse Dependency rebuilder. It will scan your installed ebuilds to find packages that have become broken as a result of an upgrade of a package they depend on. It can emerge those packages for you but it can also happen that a given package does not work anymore with the currently installed dependencies, in which case you should upgrade the broken package to a more recent version. revdep-rebuild will pass flags to emerge which lets you use the --pretend flag to see what is going to be emerged again before you go any further.
 * Running revdep-rebuild in pretend mode

Checking reverse dependencies... Packages containing binaries and libraries broken by any package update, will be recompiled.

Collecting system binaries and libraries... done. (/root/.revdep-rebuild.1_files)

Collecting complete LD_LIBRARY_PATH... done. (/root/.revdep-rebuild.2_ldpath)

Checking dynamic linking consistency... broken /usr/lib/ao/plugins-2/libarts.so (requires libartsc.so.0) broken /usr/lib/kde3/libkpresenterpart.so (requires libartskde.so.1 libqtmcop.so.1        libsoundserver_idl.so.1 libkmedia2_idl.so.1 libartsflow.so.1 libartsflow_idl.so.1 libmcop.so.1) broken /usr/lib/ruby/site_ruby/1.8/i686-linux/fox.so (requires libFOX-1.0.so.0) broken /usr/lib/xine/plugins/1.0.0/xineplug_ao_out_arts.so (requires libartsc.so.0) broken /usr/lib/perl5/vendor_perl/5.8.0/i686-linux/auto/SDL_perl/SDL_perl.so (requires libSDL_gfx.so.0) broken /usr/lib/libloudmouth-1.so.0.0.0 (requires libgnutls.so.10) broken /usr/bin/k3b (requires libartskde.so.1 libqtmcop.so.1 libsoundserver_idl.so.1 libkmedia2_idl.so.1        libartsflow.so.1 libartsflow_idl.so.1 libmcop.so.1) broken /usr/bin/lua (requires libhistory.so.4) broken /usr/bin/lyx (requires libAiksaurus-1.0.so.0) broken /usr/bin/luac (requires libhistory.so.4) broken /usr/bin/avidemux2 (requires libartsc.so.0) broken /usr/bin/pptout (requires libxml++-0.1.so.11) broken /usr/bin/xml2ps (requires libxml++-0.1.so.11) done. (/root/.revdep-rebuild.3_rebuild)

Assigning files to ebuilds... done. (/root/.revdep-rebuild.4_ebuilds)

Evaluating package order... done. (/root/.revdep-rebuild.5_order)

All prepared. Starting rebuild... emerge --oneshot --nodeps -p =app-cdr/k3b-0.11.14 =app-office/koffice-1.3.2 =app-office/lyx-1.3.4 \ =app-office/passepartout-0.2 =dev-lang/lua-5.0.2 =dev-ruby/fxruby-1.0.29 =media-libs/libao-0.8.5 \ =media-libs/xine-lib-1_rc5-r3 =media-video/avidemux-2.0.26 =net-libs/loudmouth-0.16

These are the packages that I would merge, in order:

Calculating dependencies ...done! [ebuild  R   ] app-cdr/k3b-0.11.14 [ebuild  R   ] app-office/koffice-1.3.2 [ebuild  R   ] app-office/lyx-1.3.4 [ebuild  R   ] app-office/passepartout-0.2 [ebuild  R   ] dev-lang/lua-5.0.2 [ebuild  R   ] dev-ruby/fxruby-1.0.29 [ebuild  R   ] media-libs/libao-0.8.5 [ebuild  R   ] media-libs/xine-lib-1_rc5-r3 [ebuild  R   ] media-video/avidemux-2.0.26 [ebuild  R   ] net-libs/loudmouth-0.16

If you need to rebuild some packages, you run revdep-rebuild without the -p flag, the listed packages will be emerged again.

eread
eread is a simple utility to display elog files produced by >=portage-2.1. You can set the saving of elog files by setting a couple of variables in yout makefile.

Once you've set up elog to your satisfaction, just run eread to view your log files.

This is a list of portage log items. Choose a number to view that file or type q to quit.

1) app-portage:gentoolkit-0.2.4_pre2:20070320-000256.log 2) app-portage:gentoolkit-0.2.4_pre2:20070320-000258.log 3) app-portage:gentoolkit-0.2.4_pre2:20070320-000319.log 4) app-portage:gentoolkit-0.2.3:20070320-000408.log Choice?

Select a number and the file will be displayed using the paging program specified in the PAGER environment variable. If PAGER is not set, it will use less.

After displaying the elog item, you will be prompted if you want to delete the file.

Credits

 * Gentoolkit Copyright 2001-2006 Gentoo Foundation, Inc Under the Creative Commons - Attribution / Share Alike license