On 10/02/2016 10:38 AM, Rich Freeman wrote: > That said, some distros have better > tools for finding missing dependencies, like blocking access to files > that aren't part of a declared dependency during the build process. > I've looked at the portage jail and that actually wouldn't be hard to > add to Gentoo. Right now portage configures the jail to give read > access to everything by default. If you disabled that you could > instead pass a configuration that explicitly gives read access to > every single file in the build dependencies (and @system I suppose), > and denied everything else. Implementation is left as an exercise to > the reader. >
This has to be harder than it looks. The benefit would be huge, so if it was easy, someone would have done it already, right? For developers, it would save a ton of time digging through READMEs, header files, and ldd output trying to figure out what each package needs. Afterwards, we would save time not fixing the inevitable "missing dependency" bugs. It would also let us get rid of @system, solving as a side effect the problem that nobody agrees what should go in there. For users, no more preventable build failures. And the ability to upstream the *actual* requirements (not just the ones the developer noticed) would help users and developers of other distributions. This would only help us sort out build-time dependencies -- common sense would still be needed to filter out those not needed at runtime -- but that's still a huge improvement since the build-only deps are pretty well-known. And having extra dependencies is better than having too few. There was a GSoC project in 2011 that attempted something like this: https://gitweb.gentoo.org/proj/autodep.git/ Maybe if its developer still feels that the foundation is sound, we could propose it again next year.
