ORC Owl Logo 2  

Owl River Company

  Your IP is:

Up More Tips

Just say 'No' to '--nodeps'

From herrold@owlriver.com Wed Jan 1 16:47:30 2003
Date: Wed, 1 Jan 2003 14:14:02 -0500 (EST)
From: R P Herrold <herrold@owlriver.com>
Reply-To: mdlug@mdlug.org
To: Metro Detroit LUG <mdlug@mdlug.org>
Subject: [MDLUG] Just say 'No' to '--nodeps' was: Re: [MDLUG] Updating KDE...

On 31 Dec 2002, jorge o. castro wrote:

> oops, misspoke, that should read "I've always preached that unless you > REALLY REALLY know what you are doing (been using linux for 5 years and > I don't consider myself in that category) then DON'T just --force > things."
'whew' -- I was wondering when I read your first post. Fortunately, 'no harm, no foul' applies -- A bare '--force' without the '--nodeps' would not have broken the install. RPM would still have refused to do the overwrite which the '--force' authorized, because there would still be conflicting dependencies.

As a capsule summary, here are a set of rules on RPM usage of '--force' or '--nodeps':

1. Unless you can articulate WHY you need to use '--force' or '--nodeps', you don't know and are guessing.

Voodoo sysadminning -- waving a rubber chicken at a problem -- is only entertaining to watch and NOT to experience, and is only effective to repair a problem if the sysadmin is extremely lucky.

2. '--force' is fairly non-intrusive as a lone rpm option -- it says: Reextract and overwrite existing binaries which are other protected against overwrite by RPM and run the pre- and post-install scripts. This might be done if you inadvertently corrupt a binary in a 'piping' accident.

example -- say it got broken thus:
cat /etc/resolv.conf > /bin/mail -s 'debug resolv.conf' \ someone@example.com
When run as root that command will happily destroy /bin/mail. We can still see that /bin/mail is part of the mailx package:
# rpm -qf /bin/mail mailx-8.1.1-26
and repair it:
# rpm -U --force mailx-8.1.1-26.i396.rpm
which will over-write the corrupted version with a pristine one. Assuming that the dependencies for mailx were already in place -- which will be true so long as no '--nodeps' were ever used, you are back in business.

3. '--nodeps' is extremely dangerous, especially when used with libraries. It removes the install tool protections which prevent mixing differing API levels on a system. Some may still work, others fail without diagnostics which permit lay persons to fathom what happened. This is familiar in the Windows 9x operating systems too, which lacked strong install tool protection of 'DLLs', causing "dll-hell".

Sometimes, space on a system is tight, and one has to run a series of RPM commands to squeeze into a too-small /var. /lib, or /usr/share -- by stopping and restarting processes which used (and held open library files, so as to prevent release of their inodes), one can get that former library space back, and keep a running system up.

A better approach, of course, is to fix the space problem. See the piece at:
but this is not always immediately possible.

4. When you think you need to use '--nodeps', consider solving the build tree dependencies instead, and building from source SRPMs. The GPL, and RPM makes this easy in the Open Source world.

... I just checked over 10000 lines of root and sudo-ed root command history on several hosts, and cannot find a _single_ time I have had to use '--nodeps' on any of those hosts. I am quite active in packaging, test the Red Hat RawHide and Beta's daily, and run all the latest KDE, Gnome, and lots more. In building and testing over 1000 RPMs from sources on one host,

[herrold@ftp RPMS]$ pwd ; find -name '*rpm' | wc -l /home/herrold/redhat/RPMS 1119
It was all done without '--nodeps'. The methodology used to attain this was to build from sources on a build host, relentlessly and to solve dependencies at build time -- SRPM packaged content makes this straightforward, and even automatable. And good .SPECfiles protect config files, and transition them when needed with post-install scripting so upgrading 'just works.' (unlike a 'ports' system
./configure ; make ; sudo make install' or pkgtool methods).

Note that .DEBs can attain the same results when well done -- but the released pace of Debian 'stable' (which is the 'well done' branch) is _so_ glacial that one sees much less of the leading edge stuff cleanly and safely installing.

so: Just say 'No' to '--nodeps'

-- Russ Herrold

We make this available for non-commercial and individual use. Please respect our copyright, and consider contacting us for all your Open Source and *nix design, architect / systems analysis, and administration needs.

- initial 030101 RPH

Up More Tips

Back to Top Page
[legal] [ no spam policy ] [ Copyright] © 2008 Owl River Company
All rights reserved.

Last modified: Wed, 01 Jan 2003 16:57:09 -0500