Maintaining an up-to-date Gentoo Linux system requires careful execution of several steps to ensure system stability while keeping packages current. Below I'll share the most reliable upgrade procedure I've developed through years of Gentoo administration.
Here's the fundamental upgrade workflow that has proven most effective:
# Synchronize portage tree
emerge --sync
# Perform a deep system upgrade
emerge -uDav --tree world
# Clean obsolete dependencies
emerge -av --depclean
# Rebuild broken reverse dependencies
revdep-rebuild -v -- --ask
# Handle configuration files
dispatch-conf
# Check for security advisories
glsa-check -t all
glsa-check -f allWhen executing emerge -uDav --tree world, pay attention to:
- USE flag changes that might affect dependencies
- Blocked packages that require manual intervention
- Compiler flags consistency across the system
Case 1: When encountering masked packages:
# Check package masking
emerge -pv package_name
# Temporarily unmask if appropriate
echo "=category/package-version" >> /etc/portage/package.accept_keywordsCase 2: When dealing with configuration file changes:
# Alternative to dispatch-conf for batch processing
etc-update --automode -3For complex systems, consider these additional steps:
# Preserve builds to avoid recompilation
emerge @preserved-rebuild
# Check for obsolete libraries
emerge -av --depclean --with-bdeps=y
# Verify package integrity
emaint checksFor regular maintenance, create a cron job:
0 3 * * * root /usr/bin/emerge --sync && \
/usr/bin/emerge -uDav --tree world && \
/usr/bin/emerge -av --depclean && \
/usr/bin/revdep-rebuildCommon solutions to frequent problems:
# Resolve file collisions
emerge --ask --verbose --oneshot app-portage/portage-utils
qcheck --verify
# Fix broken dependencies
emerge -av --oneshot --nodeps conflicting_packageThe standard Gentoo upgrade procedure you've been using is fundamentally sound, but let's examine each step in detail and explore potential optimizations:
# Basic sync and upgrade commands
emerge --sync
emerge -uDav --tree world
emerge -av --depclean
revdep-rebuild -v -- --ask
dispatch-conf
glsa-check -t all
glsa-check -f all
Consider using emaint sync --auto instead of emerge --sync as it provides better feedback and handles multiple repos:
# More robust sync command
emaint sync --auto
# Alternative for git-based repos
emerge --sync --quiet
The -uDav flags are excellent, but consider adding --keep-going for complex systems:
# More resilient world update
emerge -uDav --keep-going --tree --with-bdeps=y @world
Add --with-bdeps=y to ensure build dependencies are properly considered:
# Thorough depclean
emerge -av --depclean --with-bdeps=y
For modern systems, revdep-rebuild has been largely superseded by emerge @preserved-rebuild:
# Newer method for reverse dependencies
emerge @preserved-rebuild
dispatch-conf remains solid, but consider etc-update for batch processing:
# Alternative config management
etc-update --automode -5
Your GLSA checks are thorough. For automation, you might combine them:
# Combined security check
glsa-check -t all && glsa-check -f all
Consider adding these post-upgrade checks:
# Check for obsolete packages
emerge --depclean --pretend
# Verify system integrity
emerge -e @system
# Clean distfiles
eclean-dist --deep
Here's a complete upgrade script with error handling:
#!/bin/bash
set -e
echo "Starting Gentoo system upgrade..."
emaint sync --auto || emerge --sync
echo "Upgrading world packages..."
emerge -uDav --keep-going --tree --with-bdeps=y @world || {
echo "World upgrade failed - attempting to resolve..."
emerge --resume --skipfirst
}
echo "Cleaning dependencies..."
emerge -av --depclean --with-bdeps=y
echo "Rebuilding preserved packages..."
emerge @preserved-rebuild
echo "Checking for security updates..."
glsa-check -t all && glsa-check -f all
echo "System upgrade completed successfully!"
If you encounter problems:
# Check for blockers
emerge -pv @world
# Rebuild potentially broken packages
emerge -1v $(qfile -C /usr/lib64/libstdc++.so.6)
# Check for file collisions
emerge -pv --verbose-conflicts @world