Re: [gentoo-dev] SSL-Certificates and CAcert
* Robin H. Johnson [EMAIL PROTECTED] [07/09/27 15:11 -0700]: Go and read ALL of this bug: http://bugs.gentoo.org/show_bug.cgi?id=108944 Pylon and myself, as folk in favour of CA-Cert tried to get the ball rolling to get Organization-level certs from CACert. It seems to have long blocked on trustees and paperwork - both on our side, and on the side of CACert (Inclusion in Mozilla is blocking on the CACert internal audit). Funny thing, I just checked my CACert-account (as I had to assure some other people) and found out that I'm listed as Org Admin for gentoo.org, but with the comment to be completed. I filed a request to CACert in March, but it seems that I must have missed the response or they are waiting for the paperwork by the foundation. I'll look into the open issues and will keep you informed about the process (preferably in the named bug). Regards, Lars -- Lars Weiler [EMAIL PROTECTED] +49-171-1963258 Instant Messaging : [EMAIL PROTECTED] Gentoo Linux PowerPC : Developer Gentoo Infrastructure : CVS/SVN Administrator pgpMcaAEaeLMy.pgp Description: PGP signature
Re: [gentoo-dev] SSL-Certificates and CAcert
On Friday 28 September 2007 01:10:48 Robin H. Johnson wrote: Is there a reason that my Godaddy suggestion in the bug isn't being considered? Regardless of what you may think of them as a company, they offer the same free type of certificate to open source projects just like cacert, and with what looks to be considerable less overhead. I understand that cacert is more open sourcy than godaddy, but if they're as much of a roadblock as the Trustees are in this case, maybe going that route would enable us to move forward? See my comment #14, regarding regenerating the certs [1] each time the set of SSL vhosts on a box changes. For mail services, this isn't really an issue, but for web services it's a big one. Wildcards only work in Mozilla, and nowhere else [2]. [1] http://wiki.cacert.org/wiki/VhostTaskForce#head-7236c4e2c9932ef42056b3ff6d3 67053081887de [2] http://wiki.cacert.org/wiki/WildcardCertificates Wildcard certs work with all browsers, even wget and lynx, and one wildcard will cover anything *.gentoo.org, but not *.*.gentoo.org. No regeneration necessary. That wiki page I believe only talks about *'s in different places, which is not supported. I personally use the same wildcard cert for webmail via apache, imap/pop via courier, and SMTP. -- Mike Williams -- [EMAIL PROTECTED] mailing list
[gentoo-dev] Re: SSL-Certificates and CAcert
Robin H. Johnson [EMAIL PROTECTED] posted [EMAIL PROTECTED], excerpted below, on Thu, 27 Sep 2007 17:10:48 -0700: If there aren't too many AND we can get a dedicated IP for each of those services, I'd like to suggest the following, as an easily doable and low-overhead (in terms of Trustees/paperwork) solution: 1. On the services identified, get extra IPs, and use the free GoDaddy certs. 2. On other services use the Gentoo-CA approach. There's probably a reason this won't work, since I've yet to see it brought up here and it's not mentioned on the bug either, but hey, I don't know said reason, and it's worth the shot... Would it be possible to setup a gentoo-certs package, versioned like any other, with USE flags if necessary for installing where various browsers, etc can see them? The idea being, any time a certificate changes you create a new version of gentoo-certs. Security-clueless users can simply be told about this package, and should reasonably quickly get the idea of checking for an upgrade any time they get a security warning. Certs in this package would then be accepted by default, while allowing users the option of installing the package or not, plus the possible USE flags, as well as configuring their browser manually to reject the certs, if desired. That would be easier in some ways and harder in others, than setting up a full Gentoo-CA. However, Gentoo devs deal with packages every day, while I doubt many deal with CA signing every day (umm... from the bug it looks like a couple devs do... enough anyway if not every day), so it might be more routine and thus easier for Gentoo to go the package route, even if it's harder in the absolute. I'd think you need to merge or update this package would suffice for the security-clueless, while the security-clueful already know the deal, so no big deal for them, tho it'd lessen the hassle factor for them as well. -- Duncan - List replies preferred. No HTML msgs. Every nonfree program has a lord, a master -- and if you use the program, he is your master. Richard Stallman -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] Last rites: app-cdr/kover
On Tuesday, 21. August 2007 14:23:44 Wulf C. Krueger wrote: # Wulf C. Krueger [EMAIL PROTECTED] (21 Aug 2007) # Stable version doesn't compile, unstable version is partly broken. # Application is conceptionally wrong. More details on bug 187251. # Use app-cdr/koverartist instead. # Masked for removal in 30 days. app-cdr/kover Gone from both the tree and package.mask. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Re: SSL-Certificates and CAcert
On Fri, Sep 28, 2007 at 09:31:24AM +, Duncan wrote: Would it be possible to setup a gentoo-certs package, versioned like any other, with USE flags if necessary for installing where various browsers, etc can see them? That fails/makes-it-complicated for somebody accessing the Gentoo SSL services outside a Gentoo system. -- Robin Hugh Johnson Gentoo Linux Developer Infra Guy E-Mail : [EMAIL PROTECTED] GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 pgpHq4JdfDhGF.pgp Description: PGP signature
[gentoo-dev] stripping out the DO NOT REPLY from bugzie emails
It seems that not everybody loves the new DO NOT REPLY TO THIS EMAIL header at the top of every bugzie email as much as robbat2 does. Because of that, robbat2, KingTaco, and I came up with a procmail recipe that uses sed to filter that new message out of bugzie emails. This has not actually been tested on incoming mails, so it may rape/eat your dog/sister. Enjoy. # Strip out DO NOT REPLY lines from bugzie emails :0 Hfw * ^From: [EMAIL PROTECTED] | sed -e '/^DO NOT REPLY TO THIS EMAIL/,+2d' -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Catalyst/Installer + x86 release coordinator -- [EMAIL PROTECTED] mailing list
Re: [gentoo-dev] stripping out the DO NOT REPLY from bugzie emails
Andrew Gaffney wrote: It seems that not everybody loves the new DO NOT REPLY TO THIS EMAIL header at the top of every bugzie email as much as robbat2 does. Because of that, robbat2, KingTaco, and I came up with a procmail recipe that uses sed to filter that new message out of bugzie emails. This has not actually been tested on incoming mails, so it may rape/eat your dog/sister. Enjoy. # Strip out DO NOT REPLY lines from bugzie emails :0 Hfw * ^From: [EMAIL PROTECTED] | sed -e '/^DO NOT REPLY TO THIS EMAIL/,+2d' Okay, I just had it tested in the wild. It works just fine. Double enjoy! -- Andrew Gaffney http://dev.gentoo.org/~agaffney/ Gentoo Linux Developer Catalyst/Installer + x86 release coordinator -- [EMAIL PROTECTED] mailing list
[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in media-video/mplayer: ChangeLog mplayer-1.0_rc1_p20070927.ebuild
On 15:35 Thu 27 Sep , Steve Dibb (beandog) wrote: beandog 07/09/27 15:35:24 Modified: ChangeLog Added:mplayer-1.0_rc1_p20070927.ebuild Log: Subversion bump, install a52 by default with dvd use flag, switch xvmc linking back to generic lib (Portage version: 2.1.3.9) 1.1 media-video/mplayer/mplayer-1.0_rc1_p20070927.ebuild file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-video/mplayer/mplayer-1.0_rc1_p20070927.ebuild?rev=1.1view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-video/mplayer/mplayer-1.0_rc1_p20070927.ebuild?rev=1.1content-type=text/plain # DVB / Video4Linux / Radio support if ( use dvb || use v4l || use v4l2 || use radio ); then There's no reason to use a subshell here. if ( use dvb || use v4l || use v4l2 ) use radio; then Same here, although I might switch the logic around so 'use radio' is first. if [ -e /dev/.devfsd ]; then Dependence on the build system is bad. echo ${myconf} ${T}/configure-options Quotes on T. make prefix=${D}/usr \ BINDIR=${D}/usr/bin \ LIBDIR=${D}/usr/$(get_libdir) \ CONFDIR=${D}/etc/mplayer \ DATADIR=${D}/usr/share/mplayer \ MANDIR=${D}/usr/share/man \ install || die Failed to install MPlayer! emake broken here? Also needs quotes on D. if [ -d ${ROOT}/usr/share/mplayer/Skin/default ] This needs quotes or double brackets. if [ -L ${ROOT}/usr/share/mplayer/font -a \ ! -e ${ROOT}/usr/share/mplayer/font ] then rm -f ${ROOT}/usr/share/mplayer/font fi if [ -L ${ROOT}/usr/share/mplayer/subfont.ttf -a \ ! -e ${ROOT}/usr/share/mplayer/subfont.ttf ] then rm -f ${ROOT}/usr/share/mplayer/subfont.ttf Quotes here too. Thanks, Donnie -- [EMAIL PROTECTED] mailing list
[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in dev-java/java-gnome: ChangeLog java-gnome-4.0.4.ebuild
On 20:13 Thu 27 Sep , Petteri Raty (betelgeuse) wrote: betelgeuse07/09/27 20:13:33 Modified: ChangeLog Added:java-gnome-4.0.4.ebuild Log: Version bump for bug #193951. (Portage version: 2.1.3.9) 1.1 dev-java/java-gnome/java-gnome-4.0.4.ebuild file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-java/java-gnome/java-gnome-4.0.4.ebuild?rev=1.1view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-java/java-gnome/java-gnome-4.0.4.ebuild?rev=1.1content-type=text/plain src_compile() { ./configure --prefix=/usr || die make || die Compilation of java-gnome failed if use doc; then make doc || die Making documentation failed fi } It can't use econf or emake? Would be nice to add some comments to that effect. Thanks, Donnie -- [EMAIL PROTECTED] mailing list
[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in sys-apps/portage: ChangeLog portage-2.1.3.11.ebuild portage-2.1.3.10.ebuild
On 23:10 Fri 28 Sep , Zac Medico (zmedico) wrote: zmedico 07/09/28 23:10:10 Modified: ChangeLog Added:portage-2.1.3.11.ebuild Removed: portage-2.1.3.10.ebuild Log: 2.1.3.11 bump. This fixes bugs #192706, #193548, and #194081. Most important is bug #194081 which is a regression in 2.1.3.10 that causes 'Device or resource busy' errors during unmerge. Bug #194041 tracks all bugs fixed since 2.1.3.9. (Portage version: 2.1.3.11) Revision ChangesPath 1.446sys-apps/portage/ChangeLog file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-apps/portage/ChangeLog?rev=1.446view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-apps/portage/ChangeLog?rev=1.446content-type=text/plain diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-apps/portage/ChangeLog?r1=1.445r2=1.446 @@ -43,24 +51,6 @@ 08 Sep 2007; Joseph Jezak [EMAIL PROTECTED] portage-2.1.2.12.ebuild: Marked ppc64 stable for bug #189289. -*portage-2.1.3.8 (07 Sep 2007) - - 07 Sep 2007; Zac Medico [EMAIL PROTECTED] +portage-2.1.3.8.ebuild: - 2.1.3.8 bump. This fixes bugs #110443, #190144, #190214, #190268, - #190406. Bug #181949 tracks all bugs fixed since 2.1.2.x. This release - also includes a merge order optimization that causes installed - dependencies to be rebuilt earlier which helps avoid build failures - during `emerge -e system` after the CHOST has been changed (like when - building a stage3 from a stage2). - You deleted a huge chunk of the ChangeLog. Might want to check for bugs in whatever tool you're using. Thanks, Donnie -- [EMAIL PROTECTED] mailing list
[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in app-misc/supercat: ChangeLog supercat-0.5.2.ebuild
On 00:23 Sat 29 Sep , Olivier Crete (tester) wrote: 1.1 app-misc/supercat/supercat-0.5.2.ebuild file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-misc/supercat/supercat-0.5.2.ebuild?rev=1.1view=markup plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-misc/supercat/supercat-0.5.2.ebuild?rev=1.1content-type=text/plain Index: supercat-0.5.2.ebuild === # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/app-misc/supercat/supercat-0.5.2.ebuild,v 1.1 2007/09/29 00:23:14 tester Exp $ DESCRIPTION=A text file colorizer using powerful regular expressions HOMEPAGE=http://supercat.nosredna.net; SRC_URI=http://supercat.nosredna.net/${P}.tar.gz; LICENSE=GPL-3 SLOT=0 KEYWORDS=~amd64 ~x86 IUSE= DEPEND= RDEPEND= src_install() { emake DESTDIR=${D} install || die Install failed! dodoc ChangeLog } This is a pretty simple ebuild, but it still manages to have basic QA issues like quoting on D. Thanks, Donnie -- [EMAIL PROTECTED] mailing list