[gentoo-dev] Re: [gentoo-dev-announce] Last rites: app-text/cook
On Sat, Nov 28, 2020 at 09:49:21PM +0100, David Seifert wrote: > # David Seifert (2020-11-28) > # Last release in 2002, multiple open bugs, no maintainer, no revdeps. > # Bug #709512, #713300, #729518, Removal in 30 days. > app-text/cook -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
[gentoo-dev] [PATCH 4/4] dev-python/flake8: Use distutils_enable_tests --install
Signed-off-by: Michał Górny --- dev-python/flake8/flake8-3.8.3-r1.ebuild | 8 +--- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/dev-python/flake8/flake8-3.8.3-r1.ebuild b/dev-python/flake8/flake8-3.8.3-r1.ebuild index 55e6d64f8d8d..1bfc0de53548 100644 --- a/dev-python/flake8/flake8-3.8.3-r1.ebuild +++ b/dev-python/flake8/flake8-3.8.3-r1.ebuild @@ -38,10 +38,4 @@ BDEPEND="${RDEPEND} PATCHES=( "${FILESDIR}/${P}-pytest6.patch" ) distutils_enable_sphinx docs/source dev-python/sphinx-prompt dev-python/sphinx_rtd_theme -distutils_enable_tests pytest - -python_test() { - # Otherwise some tests fail if the package isn't installed - distutils_install_for_testing - pytest -vv || die "Tests fail with ${EPYTHON}" -} +distutils_enable_tests --install pytest -- 2.29.2
[gentoo-dev] [PATCH 3/4] distutils-r1.eclass: Accept distutils_enable_tests --install
Add a convenience --install option to distutils_enable_tests to call distutils_install_for_testing. Signed-off-by: Michał Górny --- eclass/distutils-r1.eclass | 74 +- 1 file changed, 58 insertions(+), 16 deletions(-) diff --git a/eclass/distutils-r1.eclass b/eclass/distutils-r1.eclass index 9e862a949275..24fcf13b74d7 100644 --- a/eclass/distutils-r1.eclass +++ b/eclass/distutils-r1.eclass @@ -378,7 +378,7 @@ distutils_enable_sphinx() { } # @FUNCTION: distutils_enable_tests -# @USAGE: +# @USAGE: [--install] # @DESCRIPTION: # Set up IUSE, RESTRICT, BDEPEND and python_test() for running tests # with the specified test runner. Also copies the current value @@ -389,6 +389,10 @@ distutils_enable_sphinx() { # - setup.py: setup.py test (no deps included) # - unittest: for built-in Python unittest module # +# Additionally ,if --install is passed as the first parameter, +# 'distutils_install_for_testing --via-root' is called before running +# the test suite. +# # This function is meant as a helper for common use cases, and it only # takes care of basic setup. You still need to list additional test # dependencies manually. If you have uncommon use case, you should @@ -398,33 +402,71 @@ distutils_enable_sphinx() { # declared. Take care not to overwrite the variables set by it. distutils_enable_tests() { debug-print-function ${FUNCNAME} "${@}" - [[ ${#} -eq 1 ]] || die "${FUNCNAME} takes exactly one argument: test-runner" + local do_install= + case ${1} in + --install) + do_install=1 + shift + ;; + esac + + [[ ${#} -eq 1 ]] || die "${FUNCNAME} takes exactly one argument: test-runner" local test_pkg case ${1} in nose) test_pkg=">=dev-python/nose-1.3.7-r4" - python_test() { - nosetests -v || die "Tests fail with ${EPYTHON}" - } + if [[ ${do_install} ]]; then + python_test() { + distutils_install_for_testing --via-root + nosetests -v || die "Tests fail with ${EPYTHON}" + } + else + python_test() { + nosetests -v || die "Tests fail with ${EPYTHON}" + } + fi ;; pytest) test_pkg=">=dev-python/pytest-4.5.0" - python_test() { - pytest -vv || die "Tests fail with ${EPYTHON}" - } + if [[ ${do_install} ]]; then + python_test() { + distutils_install_for_testing --via-root + pytest -vv || die "Tests fail with ${EPYTHON}" + } + else + python_test() { + pytest -vv || die "Tests fail with ${EPYTHON}" + } + fi ;; setup.py) - python_test() { - nonfatal esetup.py test --verbose || - die "Tests fail with ${EPYTHON}" - } + if [[ ${do_install} ]]; then + python_test() { + distutils_install_for_testing --via-root + nonfatal esetup.py test --verbose || + die "Tests fail with ${EPYTHON}" + } + else + python_test() { + nonfatal esetup.py test --verbose || + die "Tests fail with ${EPYTHON}" + } + fi ;; unittest) - python_test() { - "${EPYTHON}" -m unittest discover -v || - die "Tests fail with ${EPYTHON}" - } + if [[ ${do_install} ]]; then + python_test() { + distutils_install_for_testing --via-root + "${EPYTHON}" -m unittest discover -v || + die "Tests fail with ${EPYTHON}" + } + else +
[gentoo-dev] [PATCH 2/4] dev-python/hypothesis: Use dift --via-root API
Signed-off-by: Michał Górny --- dev-python/hypothesis/hypothesis-5.41.4.ebuild | 6 +- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/dev-python/hypothesis/hypothesis-5.41.4.ebuild b/dev-python/hypothesis/hypothesis-5.41.4.ebuild index 30e83a217730..7cd8e4bcc527 100644 --- a/dev-python/hypothesis/hypothesis-5.41.4.ebuild +++ b/dev-python/hypothesis/hypothesis-5.41.4.ebuild @@ -48,11 +48,7 @@ python_prepare() { } python_test() { - local -x PYTHONPATH="${BUILD_DIR}/install/lib" - esetup.py install \ - --root="${BUILD_DIR}/install" \ - --install-lib=lib - + distutils_install_for_testing --via-root pytest -vv tests/cover tests/pytest tests/quality \ -n "$(makeopts_jobs "${MAKEOPTS}" "$(get_nproc)")" || die "Tests fail with ${EPYTHON}" -- 2.29.2
[gentoo-dev] [PATCH 1/4] distutils-r1.eclass: Introduce install_for_testing --via-root
Introduce a new --via-root mode for distutils_install_for_testing function. The legacy --via-home seems to no longer work for a lot of packages but before we can confirm that --via-root is good enough for every single one of them, let's have two variants to choose from. The general recommendation is to try --via-root, and explicitly specify --via-home if the former does not work. Once all packages have explicit --via-*, we will decide how to proceed. Signed-off-by: Michał Górny --- eclass/distutils-r1.eclass | 50 +++--- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/eclass/distutils-r1.eclass b/eclass/distutils-r1.eclass index 25cb67b78a31..9e862a949275 100644 --- a/eclass/distutils-r1.eclass +++ b/eclass/distutils-r1.eclass @@ -492,7 +492,7 @@ esetup.py() { } # @FUNCTION: distutils_install_for_testing -# @USAGE: [...] +# @USAGE: [--via-root|--via-home] [...] # @DESCRIPTION: # Install the package into a temporary location for running tests. # Update PYTHONPATH appropriately and set TEST_DIR to the test @@ -503,11 +503,19 @@ esetup.py() { # namespaces (and therefore proper install needs to be done to enforce # PYTHONPATH) or tests rely on the results of install command. # For most of the packages, tests built in BUILD_DIR are good enough. +# +# The function supports two install modes. The current default is +# the legacy --via-home mode. However, it has problems with newer +# versions of setuptools (50.3.0+). The --via-root mode generally +# works for these packages, and it will probably become the default +# in the future, once we test all affected packages. Please note +# that proper testing sometimes requires unmerging the package first. distutils_install_for_testing() { debug-print-function ${FUNCNAME} "${@}" # A few notes: - # 1) because of namespaces, we can't use 'install --root', + # 1) because of namespaces, we can't use 'install --root' + #(NB: this is probably no longer true with py3), # 2) 'install --home' is terribly broken on pypy, so we need #to override --install-lib and --install-scripts, # 3) non-root 'install' complains about PYTHONPATH and missing dirs, @@ -522,14 +530,38 @@ distutils_install_for_testing() { PATH=${bindir}:${PATH} PYTHONPATH=${libdir}:${PYTHONPATH} - local add_args=( - install - --home="${TEST_DIR}" - --install-lib="${libdir}" - --install-scripts="${bindir}" - ) + local install_method=home + case ${1} in + --via-home) + install_method=home + shift + ;; + --via-root) + install_method=root + shift + ;; + esac + + case ${install_method} in + home) + local add_args=( + install + --home="${TEST_DIR}" + --install-lib="${libdir}" + --install-scripts="${bindir}" + ) + mkdir -p "${libdir}" || die + ;; + root) + local add_args=( + install + --root="${TEST_DIR}" + --install-lib=lib + --install-scripts=scripts + ) + ;; + esac - mkdir -p "${libdir}" || die esetup.py "${add_args[@]}" "${@}" } -- 2.29.2
[gentoo-dev] Python 2 cleanup: remaining packages, Dec 2020 update
Hi, Here's an update on where we're standing right now. Including only non- masked packages. Please note that there's only month left. Afterwards, the offending packages will be cleaned up / last rited (except for build-time deps). Waiting for cleanup of old (non-trivial!): - dev-db/percona-server - media-tv/mythtv - x11-plugins/enigmail Build-time deps, only old versions: - dev-lang/spidermonkey Build-time deps, to stay for the time being: - dev-python/pypy* - dev-qt/qtwebengine - games-strategy/0ad - www-client/chromium Waiting for py3 port (likely last rite candidates): - games-engines/renpy Dependencies of other packages on the list: - dev-python/numpy-python2 (games-engines/renpy) - dev-python/pygame_sdl2 (likewise) -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
[gentoo-dev] Last rites: app-text/cook
# David Seifert (2020-11-28) # Last release in 2002, multiple open bugs, no maintainer, no revdeps. # Bug #709512, #713300, #729518, Removal in 30 days. app-text/cook signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] PSA: switching default tmpfiles virtual provider
On 25.11.2020 13:57, Georgy Yakovlev wrote: > Hi, > > In case you don't know, opentmpfiles has an open CVE > CVE-2017-18925: root privilege escalation by symlink attack > https://github.com/OpenRC/opentmpfiles/issues/4 > It has been an issue for quite a while, reported 3 years ago, > and not much changed since. > Also it lacks any sort of testing, and master branch is in a non-working > state at time of writing, latest version is masked.[0] > > Due to nature of opentmpfiles (it's a POSIX sh script), > it may be impossible to fix symlink handling and TOCTOU races. > As a consequence I'll be switching default tmpfiles > provider to sys-apps/systemd-tmpfiles by the end of the week by updating > virtual/tmpfiles ebuild. > > pros of systemd-tmpfiles: > 0) Secure. > 1) Reference implementation. > 2) Supports all features, because ^. > 3) Has working tests. > 4) Has millions of users as part of systemd. > 5) upstream supports standalone usecase/build our ebuild uses. [1][2] > 6) drop-in replacement, just emerge and forget. > > systemd-tmpfiles does not depend on any systemd-isms, does not need dbus, > and is just a drop-in replacement, the only step needed is to emerge the > package. > it's a simple single binary + manpage, binary links to libacl and couple other > system libs. > > existing installations will not be affected, but openrc users are welcome to > opt-in by running 'emerge --oneshot systemd-tmpfiles' > > [0] https://bugs.gentoo.org/751739 > [1] https://github.com/systemd/systemd/pull/16061 > [2] > https://github.com/systemd/systemd/pull/16061/commits/db64ba81c62afa0e0d3e95c4a3e1ec3dd9a471a4 This is done in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab23417927d8454c8bb1c0ae52a5cac79d140b94 signature.asc Description: PGP signature
[gentoo-dev] Slotted Lua: eclass migration status
Let me begin by giving my sincere thanks to everyone who has already taken time in the last several weeks to either migrate their Lua-dependent packages to lua{,-single}.eclass or otherwise made sure said packages will not block migration to slotted dev-lang/lua. Your efforts have been VERY much appreciated! On the less positive side, the slotted-Lua tracker bug [1] has still got 119 open "migrate to lua eclasses" tickets attached to it. You can find the complete list at [2]. While the migration of some of depends on various Lua modules which have not themselves been migrated (from a glance at the dependency tree, it seems dev-lua/lpeg and dev-lua/LuaBitOp are the ones we need the most urgently), the vast majority of these packages depend on dev-lang/lua only i.e. could already be migrated. [1] https://bugs.gentoo.org/657722 [2] https://dev.gentoo.org/~marecki/open_lua_eclass_bugs-20201128184637.txt -- MS OpenPGP_signature Description: OpenPGP digital signature