[gentoo-dev] Re: [PATCH v2 01/12] dev-util/shadowman: New package
Michał Górny posted on Sun, 20 Aug 2017 12:26:48 +0200 as excerpted: > --- /dev/null > +++ b/dev-util/shadowman/shadowman-.ebuild > @@ -0,0 +1,27 @@ [snip...] > +# note: only for testing > +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 > ~s390 ~sh ~sparc ~x86" OK, I know you said this was only for testing, but a question I had the first time around and didn't ask... It seems to me just as easy... and less chance of potential problems should a tester accidentally commit it, to handle it the way gentoo/kde does with live and not-yet-ready ebuilds in their overlay: Blank keywords in the ebuild and add it to package.accept_keywords (or simply package.keywords if you prefer the old name) with a ** entry if you're testing. Example from my package.accept_keywords (this entry might be in the symlinkable files in the overlay now, but it wasn't when I created it): # 2017.0611 kirigami needed for kde systemsettings # might as well do it live- too =kde-frameworks/kirigami- ** Not that it matters particularly, but is there a reason you chose to put the keywords in the ebuild instead of having people do the ** thing as above? A blank keywords, thereby forcing people who actually want to test to do the ** thing, would seem less of an invitation to problems should someone accidentally commit it during testing (tho admittedly this is a new package so problems are less likely, but I'm just used to seeing it require the ** accept_keyword thing). So I'm just wondering what reason you might have had to do it this way instead. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
[gentoo-dev] Automated Package Removal and Addition Tracker, for the week ending 2017-08-20 23:59 UTC
The attached list notes all of the packages that were added or removed from the tree, for the week ending 2017-08-20 23:59 UTC. Removals: app-admin/kedpm20170814-07:53 mgorny17e2376d023 app-backup/snapback2 20170814-06:59 mgorny34a365c9725 app-crypt/yubikey-neo-manager 20170814-07:24 mgorny79079d2910e app-editors/mp 20170814-08:02 mgorny87d05b9a884 app-editors/XML-XSH2 20170814-06:58 mgorny0dd346dcfb1 app-i18n/ibus-table-code 20170816-14:25 hattyaebb1999c31b app-i18n/ibus-table-cyrillic 20170816-14:28 hattya64100a6f01b app-i18n/ibus-table-tv 20170816-14:29 hattya2648aa2608f app-misc/flasm 20170814-07:59 mgornye03f84f37a6 app-misc/gnomecatalog 20170814-07:00 mgornydefe97bc4a1 app-misc/relevation20170814-07:52 mgornya9a5121b609 app-mobilephone/esms 20170814-21:36 mgorny61d868a9ab5 app-pda/fusepod20170814-19:54 mgorny5f49eb43896 app-text/mbtpdfasm 20170814-19:56 mgornyf82193ea414 dev-db/lib_mysqludf_xql20170814-07:35 mgorny56b75e08706 dev-db/recutils20170814-19:53 mgornyee12e968b20 dev-embedded/pikdev20170814-07:27 mgorny8d646d9d4fb dev-libs/djb 20170814-06:59 mgorny74035b3f9e3 dev-libs/mozldap 20170814-19:57 mgornyecb066d0fd2 dev-libs/qcodeedit 20170814-07:59 mgornye24e17099fd dev-python/colout 20170814-07:40 mgornybffe41d7128 dev-python/python-sipsimple20170814-21:19 mgorny471c712ae14 dev-python/pywebkitgtk 20170814-07:24 mgorny12c0b57839e dev-python/south 20170814-21:23 mgorny3200b8c5587 dev-util/a820170814-07:18 mgorny0f939bc0cc5 dev-util/febootstrap 20170814-21:20 mgornyeacc69bdbad dev-util/lorax 20170814-19:53 mgorny7a40ba1d43b dev-util/ninja-ide 20170814-07:25 mgorny0618f2996ad dev-util/pida 20170814-07:38 mgorny983401b132c media-gfx/autotrace20170816-10:11 mgornyaf14a984581 media-libs/embree 20170814-19:55 mgorny228561ab0d3 media-libs/hal-flash 20170814-07:54 mgorny43690db200c media-plugins/vdr-tvguide 20170814-07:34 mgorny0f809a1fc75 media-video/gnome-subtitles20170814-08:01 mgornyc8892bb29d9 net-analyzer/nepenthes 20170814-19:56 mgorny256286b39c1 net-im/psimedia20170814-07:23 mgornyfe998e1422e net-irc/bobotpp20170814-07:37 mgorny15db0163a34 net-irc/loqui 20170814-21:17 mgornyde3d68a01ac net-libs/dhcpcd-dbus 20170814-06:55 mgorny6d24898bfc7 net-libs/txtorcon 20170814-07:39 mgorny49470e4bb06 net-misc/clipgrab 20170814-07:26 mgornyda958b93a3a net-misc/jumpgate 20170814-21:22 mgorny2645f3bad96 net-misc/leapcast 20170814-07:34 mgorny443533cc40f net-p2p/bitcoinxtd 20170814-21:22 mgornyd1fe4dd9178 net-p2p/bitcoinxt-qt 20170814-21:21 mgorny9a9d98505ff net-p2p/dclib 20170814-07:36 mgorny02852d00c62 net-p2p/litecoin-qt20170814-19:54 mgorny6bbd55da608 net-p2p/valknut20170814-07:35 mgorny6d0a86d8d71 net-voip/blink 20170814-21:18 mgorny33b4ec45a9d net-wireless/adm8211 20170814-07:20 mgorny6e8250c0e14 net-wireless/orinoco-usb 20170814-07:19 mgorny0accaeb8219 sci-astronomy/skychart 20170814-07:51 mgorny38919af969d sci-chemistry/icm 20170814-21:31 mgorny668ec1f0924 sci-mathematics/cado-nfs 20170814-21:10 mgorny1b66f1b36e6 sys-apps/v86d 20170814-07:56 mgorny30c31bfe86f sys-libs/libacpi 20170814-21:11 mgornyf3beca22602 sys-power/yacpi20170814-21:11 mgornyfa06c7ec4eb www-client/w3mir 20170814-07:39 mgornyee2e99314b6 x11-proto/evieext 20170816-10:12 mgornyecd4f9c61ad x11-terms/evilvte 20170814-08:00 mgornyf9817ef6dd0 x11-themes/psi-themes 20170814-07:23 mgorny74da1973941 Additions: app-i18n/ibus-table-others 20170816-14:20 hattyaacd85b0fc4a app-vim/vimcdoc20170818-10:03 monsieurp 7aeabc06ff3 app-vim/vim-hoogle 20170817-21:25 monsieurp 29070e3f3ee dev-python/diskcache 20170814-21:55 bicatali 589f90b27ca dev-python/girder-client 20170814-20:57 bicatali aed9fcf718b dev-python/metakernel 20170819-22:37 bicatali e37492a8aa8 dev-python/octave_kernel
Re: [gentoo-dev] [PATCH 1/2] git-r3.eclass: Update docs to discourage unsafe protocols
W dniu nie, 20.08.2017 o godzinie 13∶05 -0500, użytkownik William Hubbs napisał: > On Sat, Aug 19, 2017 at 10:25:01AM +0200, Michał Górny wrote: > > --- > > eclass/git-r3.eclass | 14 +- > > 1 file changed, 9 insertions(+), 5 deletions(-) > > > > diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass > > index bc7d4d920299..42b586811368 100644 > > --- a/eclass/git-r3.eclass > > +++ b/eclass/git-r3.eclass > > @@ -105,10 +105,14 @@ fi > > # @ECLASS-VARIABLE: EGIT_REPO_URI > > # @REQUIRED > > # @DESCRIPTION: > > -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs > > -# are provided, the eclass will consider them as fallback URIs to try > > -# if the first URI does not work. For supported URI syntaxes, read up > > -# the manpage for git-clone(1). > > +# URIs to the repository, e.g. https://foo. If multiple URIs are > > +# provided, the eclass will consider the remaining URIs as fallbacks > > +# to try if the first URI does not work. For supported URI syntaxes, > > +# read up the manpage for git-clone(1). > > s/read up/read/ > > > +# URIs should be using https:// whenever possible. http:// and git:// > > +# URIs are unsafe and their use (even if only as a fallback) makes > > +# MITM attacks possible. > > # > > # It can be overriden via env using ${PN}_LIVE_REPO variable. > > s/overriden/overridden/ > Fixed, thanks. -- Best regards, Michał Górny
Re: [gentoo-dev] Re: New item for sys-kernel/hardened-sources removal
El 20/08/17 a las 00:44, Michał Górny escribió: > W dniu sob, 19.08.2017 o godzinie 22∶15 +, użytkownik Duncan > napisał: >> Aaron W. Swenson posted on Sat, 19 Aug 2017 07:18:20 -0400 as excerpted: >> >> [Proposed news item excerpt] >> >>> We'd like to note that all the userspace hardening and MAC support for >>> SELinux provided by Gentoo Hardened will still remain in the packages >>> found in portage. >> s/portage/the main gentoo tree/ >> > s/tree/repository/ > > Though I'd say it's even better to say 'the Gentoo repository'. > I have addressed this. Thanks for the input :) signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] [PATCH 1/2] git-r3.eclass: Update docs to discourage unsafe protocols
On Sat, Aug 19, 2017 at 10:25:01AM +0200, Michał Górny wrote: > --- > eclass/git-r3.eclass | 14 +- > 1 file changed, 9 insertions(+), 5 deletions(-) > > diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass > index bc7d4d920299..42b586811368 100644 > --- a/eclass/git-r3.eclass > +++ b/eclass/git-r3.eclass > @@ -105,10 +105,14 @@ fi > # @ECLASS-VARIABLE: EGIT_REPO_URI > # @REQUIRED > # @DESCRIPTION: > -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs > -# are provided, the eclass will consider them as fallback URIs to try > -# if the first URI does not work. For supported URI syntaxes, read up > -# the manpage for git-clone(1). > +# URIs to the repository, e.g. https://foo. If multiple URIs are > +# provided, the eclass will consider the remaining URIs as fallbacks > +# to try if the first URI does not work. For supported URI syntaxes, > +# read up the manpage for git-clone(1). s/read up/read/ > +# URIs should be using https:// whenever possible. http:// and git:// > +# URIs are unsafe and their use (even if only as a fallback) makes > +# MITM attacks possible. > # > # It can be overriden via env using ${PN}_LIVE_REPO variable. s/overriden/overridden/ Thanks, William signature.asc Description: Digital signature
[gentoo-dev] Last-rites: kde-misc/kio-mtp, kde-misc/kio-slp
# Andreas Sturmlechner (20 Aug 2017) # Masked for removal in 30 days. Use kde-apps/kio-extras[mtp,slp] instead. kde-misc/kio-mtp kde-misc/kio-slp
[gentoo-dev] Last-rites: kde-plasma/libkworkspace, kde-apps/pykde4
# Andreas Sturmlechner (19 Aug 2017) # Plasma-4 fragment, no more rdeps, masked for removal in 30 days. kde-plasma/libkworkspace # Andreas Sturmlechner (19 Aug 2017) # Constantly broken, dead upstream, no more rdeps. # Masked for removal in 30 days. (#485244, #577762) kde-apps/pykde4
[gentoo-dev] Last-rites: kde-apps/kdebase-runtime-meta +deps, kde-l10n and ksaneplugin
# Andreas Sturmlechner (17 Aug 2017) # Masked for removal in 30 days. No reverse dependencies left. kde-apps/kcmshell kde-apps/kde-l10n kde-apps/kdebase-runtime-meta kde-apps/kdontchangethehostname kde-apps/keditfiletype kde-apps/kfile kde-apps/kmimetypefinder kde-apps/knewstuff kde-apps/kreadconfig kde-apps/ksaneplugin kde-apps/ktraderclient
[gentoo-dev] Last-rites: kde-apps/{kwalletd,kommander,kdepim-common-libs,ktnef}
# Andreas Sturmlechner (17 Aug 2017) # Masked for removal in 30 days. Replaced by kde-frameworks/kwallet. kde-apps/kwalletd # Andreas Sturmlechner (17 Aug 2017) # Masked for removal in 30 days. Dead upstream, no replacement. kde-apps/kommander # Andreas Sturmlechner (17 Aug 2017) # KDE Applications 17.04.3 was stabilised, including KDE PIM # based on KDE Frameworks. kde-apps/ktnef merged into kmail. # Masked for removal in 30 days. kde-apps/kdepim-common-libs kde-apps/ktnef
[gentoo-dev] [PATCH v2 12/12] sys-devel/clang: Enable masquerades via dev-util/shadowman
--- sys-devel/clang/clang-4.0.1.ebuild| 12 sys-devel/clang/clang-5.0..ebuild | 12 sys-devel/clang/clang-.ebuild | 12 3 files changed, 36 insertions(+) changes in v2: do not apply magic when ROOT!=/ diff --git a/sys-devel/clang/clang-4.0.1.ebuild b/sys-devel/clang/clang-4.0.1.ebuild index 21a5adf2696c..821cae0ab5b8 100644 --- a/sys-devel/clang/clang-4.0.1.ebuild +++ b/sys-devel/clang/clang-4.0.1.ebuild @@ -276,3 +276,15 @@ multilib_src_install_all() { # +x for some reason; TODO: investigate use static-analyzer && fperms a-x "/usr/lib/llvm/${SLOT}/share/man/man1/scan-build.1" } + +pkg_postinst() { + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow update all + fi +} + +pkg_postrm() { + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow clean all + fi +} diff --git a/sys-devel/clang/clang-5.0..ebuild b/sys-devel/clang/clang-5.0..ebuild index 2ecd222748d1..54f8aaa20cf6 100644 --- a/sys-devel/clang/clang-5.0..ebuild +++ b/sys-devel/clang/clang-5.0..ebuild @@ -273,3 +273,15 @@ multilib_src_install_all() { # +x for some reason; TODO: investigate use static-analyzer && fperms a-x "/usr/lib/llvm/${SLOT}/share/man/man1/scan-build.1" } + +pkg_postinst() { + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow update all + fi +} + +pkg_postrm() { + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow clean all + fi +} diff --git a/sys-devel/clang/clang-.ebuild b/sys-devel/clang/clang-.ebuild index 8dd135d6aa25..010df120d1d5 100644 --- a/sys-devel/clang/clang-.ebuild +++ b/sys-devel/clang/clang-.ebuild @@ -277,3 +277,15 @@ multilib_src_install_all() { # +x for some reason; TODO: investigate use static-analyzer && fperms a-x "/usr/lib/llvm/${SLOT}/share/man/man1/scan-build.1" } + +pkg_postinst() { + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow update all + fi +} + +pkg_postrm() { + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow clean all + fi +} -- 2.14.1
[gentoo-dev] [PATCH v2 11/12] toolchain.eclass: Update masquerades via dev-util/shadowman postinst/rm
--- eclass/toolchain.eclass | 7 +++ 1 file changed, 7 insertions(+) changes in v2: do not apply magic when ROOT!=/ diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass index ae2db7f0a442..dad4ae3d1972 100644 --- a/eclass/toolchain.eclass +++ b/eclass/toolchain.eclass @@ -2067,6 +2067,9 @@ gcc_slot_java() { toolchain_pkg_postinst() { do_gcc_config + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow update all + fi if ! is_crosscompile ; then echo @@ -2105,6 +2108,10 @@ toolchain_pkg_postinst() { } toolchain_pkg_postrm() { + if [[ ${ROOT} == / && -f ${EPREFIX}/usr/share/eselect/modules/compiler-shadow.eselect ]] ; then + eselect compiler-shadow clean all + fi + # to make our lives easier (and saner), we do the fix_libtool stuff here. # rather than checking SLOT's and trying in upgrade paths, we just see if # the common libstdc++.la exists in the ${LIBPATH} of the gcc that we are -- 2.14.1
[gentoo-dev] [PATCH v2 10/12] sys-devel/icecream: Use dev-util/shadowman for postinst/prerm
--- sys-devel/icecream/icecream-1.0.0-r2.ebuild | 13 + 1 file changed, 13 insertions(+) changes in v2: do not apply magic when ROOT!=/ diff --git a/sys-devel/icecream/icecream-1.0.0-r2.ebuild b/sys-devel/icecream/icecream-1.0.0-r2.ebuild index 187928a2290d..96a3c171e8a0 100644 --- a/sys-devel/icecream/icecream-1.0.0-r2.ebuild +++ b/sys-devel/icecream/icecream-1.0.0-r2.ebuild @@ -17,6 +17,7 @@ KEYWORDS="~amd64 ~arm ~hppa ~ppc ~sparc ~x86" IUSE="" RDEPEND=" + dev-util/shadowman sys-libs/libcap-ng " DEPEND="${RDEPEND}" @@ -52,3 +53,15 @@ src_install() { insinto /usr/share/shadowman/tools newins - icecc <<<'/usr/libexec/icecc/bin' } + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} && ${ROOT} == / ]]; then + eselect compiler-shadow remove icecc + fi +} + +pkg_postinst() { + if [[ ${ROOT} == / ]]; then + eselect compiler-shadow update icecc + fi +} -- 2.14.1
[gentoo-dev] [PATCH v2 09/12] sys-devel/icecream: Install dev-util/shadowman data file
--- sys-devel/icecream/icecream-1.0.0-r2.ebuild | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys-devel/icecream/icecream-1.0.0-r2.ebuild b/sys-devel/icecream/icecream-1.0.0-r2.ebuild index ec2858a94ac8..187928a2290d 100644 --- a/sys-devel/icecream/icecream-1.0.0-r2.ebuild +++ b/sys-devel/icecream/icecream-1.0.0-r2.ebuild @@ -48,4 +48,7 @@ src_install() { insinto /etc/logrotate.d newins suse/logrotate icecream + + insinto /usr/share/shadowman/tools + newins - icecc <<<'/usr/libexec/icecc/bin' } -- 2.14.1
[gentoo-dev] [PATCH v2 08/12] sys-devel/icecream: Convert to EAPI=6
--- sys-devel/icecream/icecream-1.0.0-r2.ebuild | 51 + 1 file changed, 51 insertions(+) create mode 100644 sys-devel/icecream/icecream-1.0.0-r2.ebuild diff --git a/sys-devel/icecream/icecream-1.0.0-r2.ebuild b/sys-devel/icecream/icecream-1.0.0-r2.ebuild new file mode 100644 index ..ec2858a94ac8 --- /dev/null +++ b/sys-devel/icecream/icecream-1.0.0-r2.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +MY_P="${P/icecream/icecc}" + +inherit user + +DESCRIPTION="icecc is a program for distributed compiling of C(++) code across several machines; based on distcc" +HOMEPAGE="https://github.com/icecc/icecream"; +SRC_URI="ftp://ftp.suse.com/pub/projects/${PN}/${MY_P}.tar.bz2"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~ppc ~sparc ~x86" +IUSE="" + +RDEPEND=" + sys-libs/libcap-ng +" +DEPEND="${RDEPEND}" + +S="${WORKDIR}/${MY_P}" + +PATCHES=( + "${FILESDIR}/${P}-libcap-ng.patch" +) + +pkg_setup() { + enewgroup icecream + enewuser icecream -1 -1 /var/cache/icecream icecream +} + +src_configure() { + econf \ + --enable-shared --disable-static \ + --enable-clang-wrappers \ + --enable-clang-rewrite-includes +} + +src_install() { + default + find "${D}" -name '*.la' -delete || die + + newconfd suse/sysconfig.icecream icecream + newinitd "${FILESDIR}"/icecream-r2 icecream + + insinto /etc/logrotate.d + newins suse/logrotate icecream +} -- 2.14.1
[gentoo-dev] [PATCH v2 07/12] sys-devel/distcc: Use dev-util/shadowman for postinst/prerm
--- sys-devel/distcc/distcc-3.2_rc1-r5.ebuild | 22 +- 1 file changed, 9 insertions(+), 13 deletions(-) changes in v2: do not apply magic when ROOT!=/ diff --git a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild index c91826e107c4..b658eca32c27 100644 --- a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild +++ b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild @@ -15,7 +15,7 @@ SRC_URI="https://distcc.googlecode.com/files/${MY_P}.tar.bz2"; LICENSE="GPL-2" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" -IUSE="crossdev gnome gssapi gtk hardened ipv6 selinux xinetd zeroconf" +IUSE="gnome gssapi gtk hardened ipv6 selinux xinetd zeroconf" RESTRICT="test" @@ -35,6 +35,7 @@ DEPEND="${CDEPEND} virtual/pkgconfig" RDEPEND="${CDEPEND} !net-misc/pump + dev-util/shadowman >=sys-devel/gcc-config-1.4.1 selinux? ( sec-policy/selinux-distcc ) xinetd? ( sys-apps/xinetd )" @@ -155,12 +156,8 @@ src_install() { } pkg_postinst() { - if [ -x "${EPREFIX}/usr/bin/distcc-config" ] ; then - if use crossdev; then - "${EPREFIX}/usr/bin/distcc-config" --update-masquerade-with-crossdev - else - "${EPREFIX}/usr/bin/distcc-config" --update-masquerade - fi + if [[ ${ROOT} == / ]]; then + eselect compiler-shadow update distcc fi use gnome && xdg_desktop_database_update @@ -190,13 +187,12 @@ pkg_postinst() { elog } -pkg_postrm() { - # delete the masquerade directory - if [ ! -f "${EPREFIX}/usr/bin/distcc" ] ; then - einfo "Remove masquerade symbolic links." - rm "${EPREFIX}${DCCC_PATH}/"*{cc,c++,gcc,g++} - rmdir "${EPREFIX}${DCCC_PATH}" +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} && ${ROOT} == / ]]; then + eselect compiler-shadow remove distcc fi +} +pkg_postrm() { use gnome && xdg_desktop_database_update } -- 2.14.1
[gentoo-dev] [PATCH v2 06/12] sys-devel/distcc: Install dev-util/shadowman data file
--- sys-devel/distcc/distcc-3.2_rc1-r5.ebuild | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild index 741fa929f503..c91826e107c4 100644 --- a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild +++ b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild @@ -146,6 +146,9 @@ src_install() { newins "doc/example/xinetd" distcc || die fi + insinto /usr/share/shadowman/tools + newins - distcc <<<"${DCCC_PATH}" + rm -r "${ED}/etc/default" || die rm "${ED}/etc/distcc/clients.allow" || die rm "${ED}/etc/distcc/commands.allow.sh" || die -- 2.14.1
[gentoo-dev] [PATCH v2 04/12] dev-util/ccache: Use dev-util/shadowman for postinst/prerm
--- dev-util/ccache/ccache-3.3.4-r1.ebuild | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) changes in v2: do not apply magic when ROOT!=/ diff --git a/dev-util/ccache/ccache-3.3.4-r1.ebuild b/dev-util/ccache/ccache-3.3.4-r1.ebuild index 2fd005d88041..4b0d4dddc994 100644 --- a/dev-util/ccache/ccache-3.3.4-r1.ebuild +++ b/dev-util/ccache/ccache-3.3.4-r1.ebuild @@ -17,6 +17,7 @@ IUSE="" DEPEND="app-arch/xz-utils sys-libs/zlib" RDEPEND="${DEPEND} + dev-util/shadowman sys-apps/gentoo-functions" src_prepare() { @@ -52,18 +53,17 @@ ccache now supports sys-devel/clang and dev-lang/icc, too!" } pkg_prerm() { - if [[ -z ${REPLACED_BY_VERSION} ]] ; then - "${EROOT}"/usr/bin/ccache-config --remove-links - "${EROOT}"/usr/bin/ccache-config --remove-links ${CHOST} + if [[ -z ${REPLACED_BY_VERSION} && ${ROOT} == / ]] ; then + eselect compiler-shadow remove ccache fi } pkg_postinst() { - "${EROOT}"/usr/bin/ccache-config --install-links - "${EROOT}"/usr/bin/ccache-config --install-links ${CHOST} + if [[ ${ROOT} == / ]]; then + eselect compiler-shadow update ccache + fi # nuke broken symlinks from previous versions that shouldn't exist - rm -f "${EROOT}"/usr/lib/ccache/bin/${CHOST}-cc || die rm -rf "${EROOT}"/usr/lib/ccache.backup || die readme.gentoo_print_elog -- 2.14.1
[gentoo-dev] [PATCH v2 03/12] dev-util/ccache: Install dev-util/shadowman data file
--- dev-util/ccache/ccache-3.3.4-r1.ebuild | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev-util/ccache/ccache-3.3.4-r1.ebuild b/dev-util/ccache/ccache-3.3.4-r1.ebuild index 1ef1d45179d1..2fd005d88041 100644 --- a/dev-util/ccache/ccache-3.3.4-r1.ebuild +++ b/dev-util/ccache/ccache-3.3.4-r1.ebuild @@ -34,6 +34,8 @@ src_install() { default dobin ccache-config + insinto /usr/share/shadowman/tools + newins - ccache <<<'/usr/lib/ccache/bin' DOC_CONTENTS=" To use ccache with **non-Portage** C compiling, add -- 2.14.1
[gentoo-dev] [PATCH v2 05/12] sys-devel/distcc: Convert to EAPI=6
--- sys-devel/distcc/distcc-3.2_rc1-r5.ebuild | 199 ++ 1 file changed, 199 insertions(+) create mode 100644 sys-devel/distcc/distcc-3.2_rc1-r5.ebuild diff --git a/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild new file mode 100644 index ..741fa929f503 --- /dev/null +++ b/sys-devel/distcc/distcc-3.2_rc1-r5.ebuild @@ -0,0 +1,199 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python2_7 ) + +inherit autotools flag-o-matic python-single-r1 systemd toolchain-funcs user xdg-utils + +MY_P="${P/_}" +DESCRIPTION="Distribute compilation of C code across several machines on a network" +HOMEPAGE="http://distcc.org/"; +SRC_URI="https://distcc.googlecode.com/files/${MY_P}.tar.bz2"; + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="crossdev gnome gssapi gtk hardened ipv6 selinux xinetd zeroconf" + +RESTRICT="test" + +CDEPEND="${PYTHON_DEPS} + dev-libs/popt + gnome? ( + >=gnome-base/libgnome-2 + >=gnome-base/libgnomeui-2 + x11-libs/gtk+:2 + x11-libs/pango + ) + gssapi? ( net-libs/libgssglue ) + gtk? ( x11-libs/gtk+:2 ) + zeroconf? ( >=net-dns/avahi-0.6[dbus] ) +" +DEPEND="${CDEPEND} + virtual/pkgconfig" +RDEPEND="${CDEPEND} + !net-misc/pump + >=sys-devel/gcc-config-1.4.1 + selinux? ( sec-policy/selinux-distcc ) + xinetd? ( sys-apps/xinetd )" + +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +S="${WORKDIR}/${MY_P}" + +DCCC_PATH="/usr/$(get_libdir)/distcc/bin" +DISTCC_VERBOSE="0" + +pkg_setup() { + enewuser distcc 240 -1 -1 daemon + python-single-r1_pkg_setup +} + +src_prepare() { + eapply "${FILESDIR}/${PN}-3.0-xinetd.patch" + # bug #253786 + eapply "${FILESDIR}/${PN}-3.0-fix-fortify.patch" + # bug #255188 + eapply "${FILESDIR}/${PN}-3.2_rc1-freedesktop.patch" + # bug #258364 + eapply "${FILESDIR}/${PN}-3.2_rc1-python.patch" + # for net-libs/libgssglue + eapply "${FILESDIR}/${PN}-3.2_rc1-gssapi.patch" + # SOCKSv5 support needed for Portage, bug #537616 + eapply "${FILESDIR}/${PN}-3.2_rc1-socks5.patch" + eapply_user + + # Bugs #120001, #167844 and probably more. See patch for description. + use hardened && eapply "${FILESDIR}/distcc-hardened.patch" + + sed -i \ + -e "/PATH/s:\$distcc_location:${EPREFIX}${DCCC_PATH}:" \ + -e "s:@PYTHON@:${EPYTHON}:" \ + pump.in || die "sed failed" + + sed \ + -e "s:@EPREFIX@:${EPREFIX:-/}:" \ + -e "s:@libdir@:/usr/$(get_libdir):" \ + "${FILESDIR}/3.2/distcc-config" > "${T}/distcc-config" || die + + eaclocal -Im4 --output=aclocal.m4 + eautoconf +} + +src_configure() { + local myconf="--disable-Werror --with-docdir=\$(datadir)/doc/${PF}" + + # --disable-rfc2553 b0rked, bug #254176 + use ipv6 && myconf="${myconf} --enable-rfc2553" + + econf \ + $(use_with gtk) \ + $(use_with gnome) \ + $(use_with gssapi auth) \ + $(use_with zeroconf avahi) \ + ${myconf} +} + +src_install() { + default + python_optimize + + newinitd "${FILESDIR}/3.2/init" distccd + systemd_dounit "${FILESDIR}/distccd.service" + systemd_install_serviced "${FILESDIR}/distccd.service.conf" + + cp "${FILESDIR}/3.2/conf" "${T}/distccd" || die + if use zeroconf; then + cat >> "${T}/distccd" <<-EOF || die + + # Enable zeroconf support in distccd + DISTCCD_OPTS="\${DISTCCD_OPTS} --zeroconf" + EOF + + sed -i '/ExecStart/ s|$| --zeroconf|' "${D}$(systemd_get_systemunitdir)"/distccd.service || die + fi + doconfd "${T}/distccd" || die + + cat > "${T}/02distcc" <<-EOF || die + # This file is managed by distcc-config; use it to change these settings. + # DISTCC_LOG and DISTCC_DIR should not be set. + DISTCC_VERBOSE="${DISTCC_VERBOSE:-0}" + DISTCC_FALLBACK="${DISTCC_FALLBACK:-1}" + DISTCC_SAVE_TEMPS="${DISTCC_SAVE_TEMPS:-0}" + DISTCC_TCP_CORK="${DISTCC_TCP_CORK}" + DISTCC_SSH="${DISTCC_SSH}" + UNCACHED_ERR_FD="${UNCACHED_ERR_FD}" + DISTCC_ENABLE_DISCREPANCY_EMAIL="${DISTCC_ENABLE_DISCREPANCY_EMAIL}" + DCC_EMAILLOG_WHOM_TO_BLAME="${DCC_EMAILLOG_WHOM_TO_BLAME}" + EOF + doenvd "${T}/02distcc" || die + + keepdir "${DCCC_PATH}" || die + + dobin "${T}/distcc-config" || die + + if use gnome || use gtk; then + einfo "Renaming /usr/bin/distccmon-gnome to /usr/bin/distccmon-gui" + einfo "This is to have a little sensability
[gentoo-dev] [PATCH v2 02/12] dev-util/ccache: Convert to EAPI=6
--- dev-util/ccache/ccache-3.3.4-r1.ebuild | 68 ++ 1 file changed, 68 insertions(+) create mode 100644 dev-util/ccache/ccache-3.3.4-r1.ebuild diff --git a/dev-util/ccache/ccache-3.3.4-r1.ebuild b/dev-util/ccache/ccache-3.3.4-r1.ebuild new file mode 100644 index ..1ef1d45179d1 --- /dev/null +++ b/dev-util/ccache/ccache-3.3.4-r1.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit readme.gentoo-r1 + +DESCRIPTION="fast compiler cache" +HOMEPAGE="http://ccache.samba.org/"; +SRC_URI="https://samba.org/ftp/ccache/${P}.tar.xz"; + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="" + +DEPEND="app-arch/xz-utils + sys-libs/zlib" +RDEPEND="${DEPEND} + sys-apps/gentoo-functions" + +src_prepare() { + # make sure we always use system zlib + rm -rf zlib || die + eapply "${FILESDIR}"/${PN}-3.3-size-on-disk.patch #456178 + eapply_user + sed \ + -e "/^EPREFIX=/s:'':'${EPREFIX}':" \ + "${FILESDIR}"/ccache-config-3 > ccache-config || die +} + +src_install() { + DOCS=( AUTHORS.txt MANUAL.txt NEWS.txt README.md ) + default + + dobin ccache-config + + DOC_CONTENTS=" +To use ccache with **non-Portage** C compiling, add +${EPREFIX}/usr/lib/ccache/bin to the beginning of your path, before ${EPREFIX}/usr/bin. +Portage 2.0.46-r11+ will automatically take advantage of ccache with +no additional steps. If this is your first install of ccache, type +something like this to set a maximum cache size of 2GB:\\n +# ccache -M 2G\\n +If you are upgrading from an older version than 3.x you should clear all of your caches like so:\\n +# CCACHE_DIR='${CCACHE_DIR:-${PORTAGE_TMPDIR}/ccache}' ccache -C\\n +ccache now supports sys-devel/clang and dev-lang/icc, too!" + + readme.gentoo_create_doc +} + +pkg_prerm() { + if [[ -z ${REPLACED_BY_VERSION} ]] ; then + "${EROOT}"/usr/bin/ccache-config --remove-links + "${EROOT}"/usr/bin/ccache-config --remove-links ${CHOST} + fi +} + +pkg_postinst() { + "${EROOT}"/usr/bin/ccache-config --install-links + "${EROOT}"/usr/bin/ccache-config --install-links ${CHOST} + + # nuke broken symlinks from previous versions that shouldn't exist + rm -f "${EROOT}"/usr/lib/ccache/bin/${CHOST}-cc || die + rm -rf "${EROOT}"/usr/lib/ccache.backup || die + + readme.gentoo_print_elog +} -- 2.14.1
[gentoo-dev] [PATCH v2 01/12] dev-util/shadowman: New package
--- dev-util/shadowman/metadata.xml | 8 dev-util/shadowman/shadowman-.ebuild | 27 +++ 2 files changed, 35 insertions(+) create mode 100644 dev-util/shadowman/metadata.xml create mode 100644 dev-util/shadowman/shadowman-.ebuild diff --git a/dev-util/shadowman/metadata.xml b/dev-util/shadowman/metadata.xml new file mode 100644 index ..0319eec4c8be --- /dev/null +++ b/dev-util/shadowman/metadata.xml @@ -0,0 +1,8 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + + mgo...@gentoo.org + Michał Górny + + diff --git a/dev-util/shadowman/shadowman-.ebuild b/dev-util/shadowman/shadowman-.ebuild new file mode 100644 index ..990b92e51623 --- /dev/null +++ b/dev-util/shadowman/shadowman-.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +EGIT_REPO_URI="https://github.com/mgorny/shadowman"; +inherit git-r3 + +DESCRIPTION="Unified compiler shadow link directory updater" +HOMEPAGE="https://github.com/mgorny/shadowman"; +SRC_URI="" + +LICENSE="GPL-2" +SLOT="0" +# note: only for testing +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="" + +RDEPEND="app-admin/eselect" +DEPEND="${RDEPEND}" + +src_install() { + # tool modules are split into their respective packages + emake DESTDIR="${D}" install \ + INSTALL_MODULES_TOOL="" + keepdir /usr/share/shadowman/tools +} -- 2.14.1
[gentoo-dev] Re: New item for sys-kernel/hardened-sources removal
Michał Górny posted on Sun, 20 Aug 2017 09:53:54 +0200 as excerpted: > W dniu nie, 20.08.2017 o godzinie 00∶39 -0500, użytkownik R0b0t1 > napisał: >> >> The discussion is nice but no one has actually touched on the >> technical merits of removing the packages besides "they are old." >> So I ask again: On what basis are the hardened sources being removed >> from the tree? > > Old kernel versions are a natural vulnerability targets. Even if they > are not vulnerable at the moment, they surely will be soon enough. This. Hardened-sources isn't just some generic package, where perhaps masking it as vulnerable but leaving it in the tree for those wishing to use it for its primary purpose /despite/ vulns, might arguably be justified. In this case, that "primary purpose" *is* resistance to attack, and leaving old and now unsupported versions in the tree when they're guaranteed to be increasingly vulnerable to new attacks is simply irresponsible, with no logical argument that can be made otherwise, thus the removal. Were it any other package, with any other primary purpose... but it's not. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
Re: [gentoo-dev] New item for sys-kernel/hardened-sources removal
W dniu nie, 20.08.2017 o godzinie 00∶39 -0500, użytkownik R0b0t1 napisał: > On Sat, Aug 19, 2017 at 6:34 AM, Francisco Blas Izquierdo Riera > (klondike) wrote: > > El 19/08/17 a las 13:18, Aaron W. Swenson escribió: > > > On 2017-08-19 13:01, Francisco Blas Izquierdo Riera (klondike) wrote: > > > > El 19/08/17 a las 12:37, Aaron W. Swenson escribió: > > > > > On 2017-08-15 17:01, Francisco Blas Izquierdo Riera (klondike) wrote: > > > > > > Hi! > > > > > > > > > > > > I'd like to get this one up by Saturday so that we can proceed with > > > > > > masking and removing of the hardened-sources after upstream stopped > > > > > > releasing new patches. > > > > > > > > > > I hope I’m not too late. > > > > > > > > > > > We'd like to note that all the userspace hardening and MAC support > > > > > > for SELinux provided by Gentoo Hardened will still remain there and > > > > > > is unaffected by this removal. > > > > > > > > > > Where is there? I think you’re talking about the packages, but the > > > > > news > > > > > item is about the kernels. It would help to be more specific here. > > > > > > > > > > That’s all I had that the others hadn’t touched on. > > > > > > > > Do you think something like that is better then? > > > > > > > > We'd like to note that all the userspace hardening and MAC support > > > > for SELinux provided by Gentoo Hardened will still remain available > > > > on the portage. Keep in mind though that the security provided by > > > > these features will be weakened a bit when using > > > > sys-kernel/gentoo-sources. Also, all PaX related packages other than > > > > the hardened-sources will remain available for the time being. > > > > > > > > > > > > > > Much better. We should mention that we’re specifically discussing > > > packages and not portage itself. At least, that’s my understanding from > > > your edit. > > > > > > Here’s my take on it: > > > > > > We'd like to note that all the userspace hardening and MAC support for > > > SELinux provided by Gentoo Hardened will still remain in the packages > > > found in portage. Keep in mind, though, that the security provided by > > > these features will be weakened a bit when using > > > sys-kernel/gentoo-sources. Also, all PaX related packages, except > > > sys-kernel/hardened-sources, will remain available for the time being. > > > > I updated the news item with your propossal. Thanks a lot :) > > > > The discussion is nice but no one has actually touched on the > technical merits of removing the packages besides "they are old." > There's plenty of old software in portage. Why not remove it first? Please select some, and I'll be happy to treeclean it ASAP. > I had a similar issue with the GCC developer who removed GCJ support. > I asked him for any justification at all for the removal and he had > none but some vague statements about it creating work. I would have > taken any more specific example he gave at face value, but he didn't > want to give one. I was left to conclude he didn't have one to give. > > So I ask again: On what basis are the hardened sources being removed > from the tree? Old kernel versions are a natural vulnerability targets. Even if they are not vulnerable at the moment, they surely will be soon enough. > At this point I am far less interested in making sure the sources stay > in the tree than I am in forcing you to justify your actions, because > I suspect your attempt to do so will be entertaining. > This is called inappropriate behavior and in a civilized distribution it should result in disciplinary action. However, that's just my opinion and I'm free to express it just as you are free to express yours. -- Best regards, Michał Górny