Keywording and Stabilization

Most ebuilds specify a KEYWORDS variable. This variable is used to indicate the suitability and stability of both the package and the ebuild on each given arch (sparc, ppc, x86-obsd, ...).

A sample KEYWORDS entry might look like:

KEYWORDS="-ia64 ~mips ~ppc sparc x86 ~ppc-macos"

The different levels of keyword are:

arch (x86, ppc-macos)
Both the package version and the ebuild are widely tested, known to work and not have any serious issues on the indicated platform.
~arch (~x86, ~ppc-macos)
The package version and the ebuild are believed to work and do not have any known serious bugs, but more testing is required before the package version is considered suitable for arch.
No keyword
If a package has no keyword for a given arch, it means it is not known whether the package will work, or that insufficient testing has occurred for ~arch.
-arch (-x86, -ppc-macos)
The package version will not work on the arch. This could be caused by badly written code (for example, non-64-bit or endian clean code), relying upon particular hardware (for example, a BIOS querying tool would not work on non-BIOS architectures) or binary only packages.

The -* keyword is special. It is used to indicate package versions which are not worth trying to test on unlisted archs. For example, a binary-only package which is only supported upstream on ppc and x86 might use:

KEYWORDS="-* ppc x86"

This is different in implication from "ppc x86" — the former implies that it will not work on other archs, whereas the latter implies that it has not been tested.

Do not use the * or ~* special keywords in ebuilds.

Equal Visibility Requirement

An ebuild must not depend upon any package that is of a lower keyword level than itself. For example, if foo-1.2 depends upon bar-1.2, and bar-1.2 is ~x86, then foo-1.2 must not be marked stable on x86 unless bar-1.2 is also stabilised.

You may assume that if a user accepts ~arch for a given arch then they also accept arch.

For optional dependencies, all possible dependencies must satisfy the above. Note that certain USE flags can be forcibly disabled on a per-profile basis — talk to the arch teams if you require this. For either-or dependencies, at least one of the options must be of equal or better visibility than the package in question.

Hard Masks

The package.mask file can be used to 'hard mask' individual or groups of ebuilds. This should be used for testing ebuilds or beta releases of software, and may also be used if a package has serious compatibility problems. Packages which are not hard masked must not have a dependency upon hard masked packages.

The only time it is acceptable for a user to see the Possibly a DEPEND problem error message is if they have manually changed visibility levels for a package (for example, through /etc/portage/) and have missed a dependency. You should never commit a change which could cause this error to appear on a user system.

Keywording New Packages

Do not assume that your package works on all architectures. Do not assume that user submitted ebuilds will have correct KEYWORDS — chances are they just copied from somewhere else. Do not assume that upstream's 'supported architectures' list is correct. Do not assume that because your code is written in Perl / Python / Java / whatever that it will run on other archs (there is at least one case of a vim script which only worked on x86).

Note that most (non-x86) archs expect you to be on the arch team and bugzilla alias if you are committing packages with keywords for that arch, and may have additional requirements of which you should be aware (on mips, for example, there are multiple ABIs and byte orders to consider — a package working on your o32 box may not work on o64 or n32). Contact the individual arch teams for details.

It's important to note that alternative arches (like alpha, ia64, s390, sh, sparc, hppa, ppc*) are mainly undermanned arches, some of them are slow, they have more basic problems and have a small userbase. Just file bugs for these architectures when a package is going to be a dependency of a package already keyworded.

Do not commit straight to arch.

Keywording on Upgrades

When upgrading, drop all existing keywords from arch to ~arch, and leave any existing ~arch keywords intact. This must be done even if you think you're just making a trivial fix — there have been several examples of the stable tree getting broken this way.

This also applies to revision bumps, not just to upstream version changes.

If a new version introduces new dependencies which are not available on some architectures, then you should file a bug or ask on IRC before you upgrade the ebuild. If you really need to get the ebuild added in a hurry, for example, for a security fix, then you should drop any KEYWORDS which are causing problems and CC the relevant architectures on the bug — you must file a new bug to the architecture in question regarding this if no bug is already available.

If there are no new dependencies, do not remove keywords if your commit fails with repoman — please try a full git pull and if you still have problems, then commit with repoman -I and file a bug to the broken architecture, noting it in your git commit message.

Moving from ~arch to arch

Stabilization, i.e., moving an ebuild from ~arch to arch, is done by the relevant architecture teams. If you have access to exotic hardware but are not on the arch teams, you may wish to make individual arrangements — the arch teams are happy for help, so long as they know what is going on.

In order to request stabilization of an ebuild, file a bug to the package's maintainer (which may be yourself), and list all secondary maintainers in the bug's CC. When the maintainers consider the ebuild to be ready for stabilization, they will add the relevant architecture teams to the CC list. That way teams can remove themselves from the list when they are done, giving a clear indication of which teams still have to stabilize a package.

For an ebuild to move to stable, the following guidelines must be met (see GLEP 40 for further details):

  • The ebuild has spent a reasonable amount of time in ~arch first. Thirty days is the usual figure, although this is clearly only a guideline. For critical packages, a much longer duration is expected. For small packages that have only minor changes between versions, a shorter period is sometimes appropriate.
  • The ebuild must not have any non-arch dependencies.
  • The package version (and the ebuild) must not have any severe outstanding bugs or issues.
  • The package version must be widely tested.
  • If the package is a library, it should be known not to break any package which depends upon it.

For security fixes, the "reasonable amount of time" guideline may be relaxed. See the Vulnerability Treatment Policy

Stabilization rules

AMD64, X86: If you are the maintainer of a package that currently has open bugs for amd64 or x86 stabilization and own the respectively amd64 or x86 hardware, you can do your own testing and keywording of your packages; as long as it is not a core system set dependency.

SPARC: You must have prior permission from the arch lead. Usually we expect you to be on the sparc alias for QA reasons, although other arrangements can be made if you will only be working with a small group of packages.

ALPHA: Maintainers may keyword their own packages but are reminded to inform the Alpha team if they can help out with testing and keywording packages so the team can keep an eye out for possible keywording mistakes.

Exotic architectures (like hppa, ia64, ppc*, sparc) are short on manpower, so it's best if you avoid opening bugs for stabilization of new packages for them, unless it is absolutely necessary (e.g., a reverse dependency for your package).

Some architectures (like mips, riscv) do not maintain a stable keyword. So packages are not to be marked stable for one of these architectures.

Simultaneous stabilization on all architectures

If you maintain an architecture-independent package (data files, icons, pure Perl,...) then you may request that your package be stabilized on all arches at once. To do this — when you are filing the stabilization bug — please add the keyword ALLARCHES in addition to STABLEREQ and CC the arches that you would like to stabilize.

The arch teams, when encountering the ALLARCHES keyword, should perform their usual set of tests on a single convenient architecture. Then, if everything works, stabilize not only the arch that was used during testing, but also all of the other arches in CC on the bug. Afterwards, the CC field can be cleared and the bug closed if appropriate.

Removing Package Versions

When removing ebuild, ensure that you do not remove the most recent version at any given keyword level on any profile. The aim here is:

  • Never to force a downgrade. (Exception: occasionally you really do want to force a downgrade, for example if the newly committed foo-1.3 turns out to be badly broken and that making everyone downgrade to foo-1.2 is the better option. This is rare.)
  • Do not break any existing dependencies.

If you would like a particular package version moved to stable on certain archs so that you can tidy up, file a bug.