[gentoo-dev] Re: [gentoo-dev-announce] Last rites: app-text/cook

2020-11-28 Thread Robin H. Johnson
On Sat, Nov 28, 2020 at 09:49:21PM +0100, David Seifert wrote:
> # David Seifert  (2020-11-28)
> # Last release in 2002, multiple open bugs, no maintainer, no revdeps.
> # Bug #709512, #713300, #729518, Removal in 30 days.
> app-text/cook



-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail   : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136



[gentoo-dev] [PATCH 4/4] dev-python/flake8: Use distutils_enable_tests --install

2020-11-28 Thread Michał Górny
Signed-off-by: Michał Górny 
---
 dev-python/flake8/flake8-3.8.3-r1.ebuild | 8 +---
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/dev-python/flake8/flake8-3.8.3-r1.ebuild 
b/dev-python/flake8/flake8-3.8.3-r1.ebuild
index 55e6d64f8d8d..1bfc0de53548 100644
--- a/dev-python/flake8/flake8-3.8.3-r1.ebuild
+++ b/dev-python/flake8/flake8-3.8.3-r1.ebuild
@@ -38,10 +38,4 @@ BDEPEND="${RDEPEND}
 PATCHES=( "${FILESDIR}/${P}-pytest6.patch" )
 
 distutils_enable_sphinx docs/source dev-python/sphinx-prompt 
dev-python/sphinx_rtd_theme
-distutils_enable_tests pytest
-
-python_test() {
-   # Otherwise some tests fail if the package isn't installed
-   distutils_install_for_testing
-   pytest -vv || die "Tests fail with ${EPYTHON}"
-}
+distutils_enable_tests --install pytest
-- 
2.29.2




[gentoo-dev] [PATCH 3/4] distutils-r1.eclass: Accept distutils_enable_tests --install

2020-11-28 Thread Michał Górny
Add a convenience --install option to distutils_enable_tests to call
distutils_install_for_testing.

Signed-off-by: Michał Górny 
---
 eclass/distutils-r1.eclass | 74 +-
 1 file changed, 58 insertions(+), 16 deletions(-)

diff --git a/eclass/distutils-r1.eclass b/eclass/distutils-r1.eclass
index 9e862a949275..24fcf13b74d7 100644
--- a/eclass/distutils-r1.eclass
+++ b/eclass/distutils-r1.eclass
@@ -378,7 +378,7 @@ distutils_enable_sphinx() {
 }
 
 # @FUNCTION: distutils_enable_tests
-# @USAGE: 
+# @USAGE: [--install] 
 # @DESCRIPTION:
 # Set up IUSE, RESTRICT, BDEPEND and python_test() for running tests
 # with the specified test runner.  Also copies the current value
@@ -389,6 +389,10 @@ distutils_enable_sphinx() {
 # - setup.py: setup.py test (no deps included)
 # - unittest: for built-in Python unittest module
 #
+# Additionally ,if --install is passed as the first parameter,
+# 'distutils_install_for_testing --via-root' is called before running
+# the test suite.
+#
 # This function is meant as a helper for common use cases, and it only
 # takes care of basic setup.  You still need to list additional test
 # dependencies manually.  If you have uncommon use case, you should
@@ -398,33 +402,71 @@ distutils_enable_sphinx() {
 # declared.  Take care not to overwrite the variables set by it.
 distutils_enable_tests() {
debug-print-function ${FUNCNAME} "${@}"
-   [[ ${#} -eq 1 ]] || die "${FUNCNAME} takes exactly one argument: 
test-runner"
 
+   local do_install=
+   case ${1} in
+   --install)
+   do_install=1
+   shift
+   ;;
+   esac
+
+   [[ ${#} -eq 1 ]] || die "${FUNCNAME} takes exactly one argument: 
test-runner"
local test_pkg
case ${1} in
nose)
test_pkg=">=dev-python/nose-1.3.7-r4"
-   python_test() {
-   nosetests -v || die "Tests fail with ${EPYTHON}"
-   }
+   if [[ ${do_install} ]]; then
+   python_test() {
+   distutils_install_for_testing --via-root
+   nosetests -v || die "Tests fail with 
${EPYTHON}"
+   }
+   else
+   python_test() {
+   nosetests -v || die "Tests fail with 
${EPYTHON}"
+   }
+   fi
;;
pytest)
test_pkg=">=dev-python/pytest-4.5.0"
-   python_test() {
-   pytest -vv || die "Tests fail with ${EPYTHON}"
-   }
+   if [[ ${do_install} ]]; then
+   python_test() {
+   distutils_install_for_testing --via-root
+   pytest -vv || die "Tests fail with 
${EPYTHON}"
+   }
+   else
+   python_test() {
+   pytest -vv || die "Tests fail with 
${EPYTHON}"
+   }
+   fi
;;
setup.py)
-   python_test() {
-   nonfatal esetup.py test --verbose ||
-   die "Tests fail with ${EPYTHON}"
-   }
+   if [[ ${do_install} ]]; then
+   python_test() {
+   distutils_install_for_testing --via-root
+   nonfatal esetup.py test --verbose ||
+   die "Tests fail with ${EPYTHON}"
+   }
+   else
+   python_test() {
+   nonfatal esetup.py test --verbose ||
+   die "Tests fail with ${EPYTHON}"
+   }
+   fi
;;
unittest)
-   python_test() {
-   "${EPYTHON}" -m unittest discover -v ||
-   die "Tests fail with ${EPYTHON}"
-   }
+   if [[ ${do_install} ]]; then
+   python_test() {
+   distutils_install_for_testing --via-root
+   "${EPYTHON}" -m unittest discover -v ||
+   die "Tests fail with ${EPYTHON}"
+   }
+   else
+   

[gentoo-dev] [PATCH 2/4] dev-python/hypothesis: Use dift --via-root API

2020-11-28 Thread Michał Górny
Signed-off-by: Michał Górny 
---
 dev-python/hypothesis/hypothesis-5.41.4.ebuild | 6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/dev-python/hypothesis/hypothesis-5.41.4.ebuild 
b/dev-python/hypothesis/hypothesis-5.41.4.ebuild
index 30e83a217730..7cd8e4bcc527 100644
--- a/dev-python/hypothesis/hypothesis-5.41.4.ebuild
+++ b/dev-python/hypothesis/hypothesis-5.41.4.ebuild
@@ -48,11 +48,7 @@ python_prepare() {
 }
 
 python_test() {
-   local -x PYTHONPATH="${BUILD_DIR}/install/lib"
-   esetup.py install \
-   --root="${BUILD_DIR}/install" \
-   --install-lib=lib
-
+   distutils_install_for_testing --via-root
pytest -vv tests/cover tests/pytest tests/quality \
-n "$(makeopts_jobs "${MAKEOPTS}" "$(get_nproc)")" ||
die "Tests fail with ${EPYTHON}"
-- 
2.29.2




[gentoo-dev] [PATCH 1/4] distutils-r1.eclass: Introduce install_for_testing --via-root

2020-11-28 Thread Michał Górny
Introduce a new --via-root mode for distutils_install_for_testing
function.  The legacy --via-home seems to no longer work for a lot
of packages but before we can confirm that --via-root is good enough
for every single one of them, let's have two variants to choose from.

The general recommendation is to try --via-root, and explicitly specify
--via-home if the former does not work.  Once all packages have explicit
--via-*, we will decide how to proceed.

Signed-off-by: Michał Górny 
---
 eclass/distutils-r1.eclass | 50 +++---
 1 file changed, 41 insertions(+), 9 deletions(-)

diff --git a/eclass/distutils-r1.eclass b/eclass/distutils-r1.eclass
index 25cb67b78a31..9e862a949275 100644
--- a/eclass/distutils-r1.eclass
+++ b/eclass/distutils-r1.eclass
@@ -492,7 +492,7 @@ esetup.py() {
 }
 
 # @FUNCTION: distutils_install_for_testing
-# @USAGE: [...]
+# @USAGE: [--via-root|--via-home] [...]
 # @DESCRIPTION:
 # Install the package into a temporary location for running tests.
 # Update PYTHONPATH appropriately and set TEST_DIR to the test
@@ -503,11 +503,19 @@ esetup.py() {
 # namespaces (and therefore proper install needs to be done to enforce
 # PYTHONPATH) or tests rely on the results of install command.
 # For most of the packages, tests built in BUILD_DIR are good enough.
+#
+# The function supports two install modes.  The current default is
+# the legacy --via-home mode.  However, it has problems with newer
+# versions of setuptools (50.3.0+).  The --via-root mode generally
+# works for these packages, and it will probably become the default
+# in the future, once we test all affected packages.  Please note
+# that proper testing sometimes requires unmerging the package first.
 distutils_install_for_testing() {
debug-print-function ${FUNCNAME} "${@}"
 
# A few notes:
-   # 1) because of namespaces, we can't use 'install --root',
+   # 1) because of namespaces, we can't use 'install --root'
+   #(NB: this is probably no longer true with py3),
# 2) 'install --home' is terribly broken on pypy, so we need
#to override --install-lib and --install-scripts,
# 3) non-root 'install' complains about PYTHONPATH and missing dirs,
@@ -522,14 +530,38 @@ distutils_install_for_testing() {
PATH=${bindir}:${PATH}
PYTHONPATH=${libdir}:${PYTHONPATH}
 
-   local add_args=(
-   install
-   --home="${TEST_DIR}"
-   --install-lib="${libdir}"
-   --install-scripts="${bindir}"
-   )
+   local install_method=home
+   case ${1} in
+   --via-home)
+   install_method=home
+   shift
+   ;;
+   --via-root)
+   install_method=root
+   shift
+   ;;
+   esac
+
+   case ${install_method} in
+   home)
+   local add_args=(
+   install
+   --home="${TEST_DIR}"
+   --install-lib="${libdir}"
+   --install-scripts="${bindir}"
+   )
+   mkdir -p "${libdir}" || die
+   ;;
+   root)
+   local add_args=(
+   install
+   --root="${TEST_DIR}"
+   --install-lib=lib
+   --install-scripts=scripts
+   )
+   ;;
+   esac
 
-   mkdir -p "${libdir}" || die
esetup.py "${add_args[@]}" "${@}"
 }
 
-- 
2.29.2




[gentoo-dev] Python 2 cleanup: remaining packages, Dec 2020 update

2020-11-28 Thread Michał Górny
Hi,

Here's an update on where we're standing right now.  Including only non-
masked packages.  Please note that there's only month left.  Afterwards,
the offending packages will be cleaned up / last rited (except for
build-time deps).


Waiting for cleanup of old (non-trivial!):
- dev-db/percona-server
- media-tv/mythtv
- x11-plugins/enigmail

Build-time deps, only old versions:
- dev-lang/spidermonkey

Build-time deps, to stay for the time being:
- dev-python/pypy*
- dev-qt/qtwebengine
- games-strategy/0ad
- www-client/chromium

Waiting for py3 port (likely last rite candidates):
- games-engines/renpy

Dependencies of other packages on the list:
- dev-python/numpy-python2 (games-engines/renpy)
- dev-python/pygame_sdl2 (likewise)

-- 
Best regards,
Michał Górny



signature.asc
Description: This is a digitally signed message part


[gentoo-dev] Last rites: app-text/cook

2020-11-28 Thread David Seifert
# David Seifert  (2020-11-28)
# Last release in 2002, multiple open bugs, no maintainer, no revdeps.
# Bug #709512, #713300, #729518, Removal in 30 days.
app-text/cook


signature.asc
Description: This is a digitally signed message part


Re: [gentoo-dev] PSA: switching default tmpfiles virtual provider

2020-11-28 Thread Georgy Yakovlev
On 25.11.2020 13:57, Georgy Yakovlev wrote:
> Hi,
> 
> In case you don't know, opentmpfiles has an open CVE
> CVE-2017-18925: root privilege escalation by symlink attack
> https://github.com/OpenRC/opentmpfiles/issues/4
> It has been an issue for quite a while, reported 3 years ago,
> and not much changed since.
> Also it lacks any sort of testing, and master branch is in a non-working
> state at time of writing, latest version is masked.[0]
> 
> Due to nature of opentmpfiles (it's a POSIX sh script),
> it may be impossible to fix symlink handling and TOCTOU races.
> As a consequence I'll be switching default tmpfiles
> provider to sys-apps/systemd-tmpfiles by the end of the week by updating
> virtual/tmpfiles ebuild.
> 
> pros of systemd-tmpfiles:
> 0) Secure.
> 1) Reference implementation.
> 2) Supports all features, because ^.
> 3) Has working tests.
> 4) Has millions of users as part of systemd.
> 5) upstream supports standalone usecase/build our ebuild uses. [1][2]
> 6) drop-in replacement, just emerge and forget.
> 
> systemd-tmpfiles does not depend on any systemd-isms, does not need dbus,
> and is just a drop-in replacement, the only step needed is to emerge the
> package.
> it's a simple single binary + manpage, binary links to libacl and couple other
> system libs.
> 
> existing installations will not be affected, but openrc users are welcome to
> opt-in by running 'emerge --oneshot systemd-tmpfiles'
> 
> [0] https://bugs.gentoo.org/751739
> [1] https://github.com/systemd/systemd/pull/16061
> [2] 
> https://github.com/systemd/systemd/pull/16061/commits/db64ba81c62afa0e0d3e95c4a3e1ec3dd9a471a4

This is done in
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab23417927d8454c8bb1c0ae52a5cac79d140b94


signature.asc
Description: PGP signature


[gentoo-dev] Slotted Lua: eclass migration status

2020-11-28 Thread Marek Szuba
Let me begin by giving my sincere thanks to everyone who has already 
taken time in the last several weeks to either migrate their 
Lua-dependent packages to lua{,-single}.eclass or otherwise made sure 
said packages will not block migration to slotted dev-lang/lua. Your 
efforts have been VERY much appreciated!


On the less positive side, the slotted-Lua tracker bug [1] has still got 
119 open "migrate to lua eclasses" tickets attached to it. You can find 
the complete list at [2]. While the migration of some of depends on 
various Lua modules which have not themselves been migrated (from a 
glance at the dependency tree, it seems dev-lua/lpeg and 
dev-lua/LuaBitOp are the ones we need the most urgently), the vast 
majority of these packages depend on dev-lang/lua only i.e. could 
already be migrated.


[1] https://bugs.gentoo.org/657722
[2] https://dev.gentoo.org/~marecki/open_lua_eclass_bugs-20201128184637.txt

--
MS



OpenPGP_signature
Description: OpenPGP digital signature


[gentoo-portage-dev] [PATCH] Allow a package to replace its own buildtime dependency

2020-11-28 Thread Zac Medico
If a package has a buildtime dependency on a previous version that
it will replace, then do not treat it as a slot conflict. This
solves inappropriate behavior for dev-lang/rust[system-bootstrap].

This requires adjustments to package selection logic in several
locations, in order to ensure that an installed package instance
will be selected to satisfy a buildtime dependency when
appropriate. Dependencies of the installed package will be
entirely ignored, but that has already been the case when using
installed package to break cycles, as discussed in bug 199856.

Bug: https://bugs.gentoo.org/756961
Signed-off-by: Zac Medico 
---
 lib/_emerge/depgraph.py   | 68 ++
 lib/portage/dep/dep_check.py  | 24 ---
 .../resolver/test_circular_choices_rust.py| 69 +++
 3 files changed, 139 insertions(+), 22 deletions(-)
 create mode 100644 lib/portage/tests/resolver/test_circular_choices_rust.py

diff --git a/lib/_emerge/depgraph.py b/lib/_emerge/depgraph.py
index d10474ab3..1271bda3e 100644
--- a/lib/_emerge/depgraph.py
+++ b/lib/_emerge/depgraph.py
@@ -85,6 +85,8 @@ from _emerge.resolver.output import Display, 
format_unmatched_atom
 
 # Exposes a depgraph interface to dep_check.
 _dep_check_graph_interface = 
collections.namedtuple('_dep_check_graph_interface',(
+   # Checks if parent package will replace child.
+   'will_replace_child',
# Indicates a removal action, like depclean or prune.
'removal_action',
# Checks if update is desirable for a given package.
@@ -507,6 +509,7 @@ class _dynamic_depgraph_config:
# Track missed updates caused by solved conflicts.
self._conflict_missed_update = collections.defaultdict(dict)
dep_check_iface = _dep_check_graph_interface(
+   will_replace_child=depgraph._will_replace_child,
removal_action="remove" in myparams,
want_update_pkg=depgraph._want_update_pkg,
)
@@ -3104,6 +3107,22 @@ class depgraph:

self._frozen_config.myopts,

modified_use=self._pkg_use_enabled(pkg))),

level=logging.DEBUG, noiselevel=-1)
+   elif (pkg.installed and myparent and
+   pkg.root == myparent.root and
+   pkg.slot_atom == myparent.slot_atom):
+   # If the parent package is replacing 
the child package then
+   # there's no slot conflict. Since the 
child will be replaced,
+   # do not add it to the graph. No 
attempt will be made to
+   # satisfy its dependencies, which is 
unsafe if it has any
+   # missing dependencies, as discussed in 
bug 199856.
+   if debug:
+   writemsg_level(
+   "%s%s %s\n" % ("Replace 
Child:".ljust(15),
+   pkg, 
pkg_use_display(pkg,
+   
self._frozen_config.myopts,
+   
modified_use=self._pkg_use_enabled(pkg))),
+   level=logging.DEBUG, 
noiselevel=-1)
+   return 1
 
else:
if debug:
@@ -5877,6 +5896,27 @@ class depgraph:
(arg_atoms or update) and
not self._too_deep(depth))
 
+   def _will_replace_child(self, parent, root, atom):
+   """
+   Check if a given parent package will replace a child package
+   for the given root and atom.
+
+   @param parent: parent package
+   @type parent: Package
+   @param root: child root
+   @type root: str
+   @param atom: child atom
+   @type atom: Atom
+   @rtype: Package
+   @return: child package to replace, or None
+   """
+   if parent.root != root or parent.cp != atom.cp:
+   return None
+   for child in 
self._iter_match_pkgs(self._frozen_config.roots[root], "installed", atom):
+   if parent.slot_atom == child.slot_atom:
+   return child
+   return None
+
def _too_deep(self, depth):
"""
Check if a package depth is deeper than the max allowed depth.
@@