Re: [gentoo-portage-dev] [PATCH] Print WORKDIR & D sizes in build logs

2015-12-28 Thread Ulrich Mueller 
> On Sun, 27 Dec 2015, Michał Górny wrote:

> ---
>  bin/phase-functions.sh | 9 +
>  1 file changed, 9 insertions(+)

> diff --git a/bin/phase-functions.sh b/bin/phase-functions.sh
> index 0b853bf..6a47fed 100644
> --- a/bin/phase-functions.sh
> +++ b/bin/phase-functions.sh
> @@ -593,6 +593,15 @@ __dyn_install() {
>   __vecho
>   __ebuild_phase post_src_install
 
> + # record build & installed size in build log
> + if type -P du &>/dev/null; then
> + local sz=( $(du -ks "${WORKDIR}") )
> + einfo "Final size of build directory: ${sz[0]} KiB"
> + sz=( $(du -ks "${D}") )
> + einfo "Final size of installed tree: ${sz[0]} KiB"
> + __vecho
> + fi
> +
>   cd "${PORTAGE_BUILDDIR}"/build-info
>   set -f
>   local f x
> -- 
> 2.6.4

Will this be called before or after prepcompress?

Ulrich


pgpcKy53y1gSh.pgp
Description: PGP signature

[gentoo-dev] [PATCH 2/9] check-reqs.eclass: Use eqawarn() from eutils.eclass

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index 4f74536..219023e 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -76,10 +76,10 @@ check_reqs() {
debug-print-function ${FUNCNAME} "$@"
 
echo
-   ewarn "QA: Package calling old ${FUNCNAME} function."
-   ewarn "QA: Please file a bug against the package."
-   ewarn "QA: It should call check-reqs_pkg_pretend and 
check-reqs_pkg_setup"
-   ewarn "QA: and possibly use EAPI=4 or later."
+   eqawarn "Package calling old ${FUNCNAME} function."
+   eqawarn "Please file a bug against the package."
+   eqawarn "It should call check-reqs_pkg_pretend and check-reqs_pkg_setup"
+   eqawarn "and possibly use EAPI=4 or later."
echo
 
check-reqs_pkg_setup "$@"
@@ -194,9 +194,9 @@ check-reqs_get_number() {
# Check for unset units and warn about them.
# Backcompat.
if [[ ${size} == ${1} ]]; then
-   ewarn "QA: Package does not specify unit for the size check"
-   ewarn "QA: Assuming mebibytes."
-   ewarn "QA: File bug against the package. It should specify the 
unit."
+   eqawarn "Package does not specify unit for the size check"
+   eqawarn "Assuming mebibytes."
+   eqawarn "File bug against the package. It should specify the 
unit."
fi
 
echo ${size}
-- 
2.6.4

[gentoo-dev] [PATCH 1/9] check-reqs.eclass: Only inherit eclass once

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 5 +
 1 file changed, 5 insertions(+)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index d685f1f..4f74536 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -38,6 +38,8 @@
 # These checks should probably mostly work on non-Linux, and they should
 # probably degrade gracefully if they don't. Probably.
 
+if [[ ! ${_CHECK_REQS_ECLASS_} ]]; then
+
 inherit eutils
 
 # @ECLASS-VARIABLE: CHECKREQS_MEMORY
@@ -353,3 +355,6 @@ check-reqs_unsatisfied() {
# Internal, do not set yourself.
CHECKREQS_FAILED="true"
 }
+
+_CHECK_REQS_ECLASS_=1
+fi
-- 
2.6.4

[gentoo-dev] [PATCH 3/9] check-reqs.eclass: Mark interal function with @INTERNAL

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index 219023e..3c98baf 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -108,6 +108,7 @@ check-reqs_pkg_pretend() {
 }
 
 # @FUNCTION: check-reqs_prepare
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that checks the variables that should be defined.
 check-reqs_prepare() {
@@ -124,6 +125,7 @@ check-reqs_prepare() {
 }
 
 # @FUNCTION: check-reqs_run
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that runs the check based on variable settings.
 check-reqs_run() {
@@ -158,6 +160,7 @@ check-reqs_run() {
 }
 
 # @FUNCTION: check-reqs_get_mebibytes
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that returns number in mebibytes.
 # Returns 1024 for 1G or 1048576 for 1T.
@@ -180,6 +183,7 @@ check-reqs_get_mebibytes() {
 }
 
 # @FUNCTION: check-reqs_get_number
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that returns the numerical value without the unit.
 # Returns "1" for "1G" or "150" for "150T".
@@ -203,6 +207,7 @@ check-reqs_get_number() {
 }
 
 # @FUNCTION: check-reqs_get_unit
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that return the unit without the numerical value.
 # Returns "GiB" for "1G" or "TiB" for "150T".
@@ -224,6 +229,7 @@ check-reqs_get_unit() {
 }
 
 # @FUNCTION: check-reqs_output
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that prints the warning and dies if required based on
 # the test results.
@@ -246,6 +252,7 @@ check-reqs_output() {
 }
 
 # @FUNCTION: check-reqs_memory
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that checks size of RAM.
 check-reqs_memory() {
@@ -283,6 +290,7 @@ check-reqs_memory() {
 }
 
 # @FUNCTION: check-reqs_disk
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that checks space on the harddrive.
 check-reqs_disk() {
@@ -316,6 +324,7 @@ check-reqs_disk() {
 }
 
 # @FUNCTION: check-reqs_start_phase
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that inform about started check
 check-reqs_start_phase() {
@@ -331,6 +340,7 @@ check-reqs_start_phase() {
 }
 
 # @FUNCTION: check-reqs_unsatisfied
+# @INTERNAL
 # @DESCRIPTION:
 # Internal function that inform about check result.
 # It has different output between pretend and setup phase,
-- 
2.6.4

[gentoo-dev] [PATCH 8/9] check-reqs.eclass: Require units for CHECKREQS_ in EAPIs > 5

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index 4513904..26f2dc1 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -198,13 +198,14 @@ check-reqs_get_number() {
 
local unit=${1:(-1)}
local size=${1%[GMT]}
+   local msg=eerror
+   [[ ${EAPI:-0} == [012345] ]] && msg=eqawarn
 
# Check for unset units and warn about them.
# Backcompat.
if [[ ${size} == ${1} ]]; then
-   eqawarn "Package does not specify unit for the size check"
-   eqawarn "Assuming mebibytes."
-   eqawarn "File bug against the package. It should specify the 
unit."
+   ${msg} "Package does not specify unit for the size check"
+   ${msg} "File bug against the package. It should specify the 
unit."
fi
 
echo ${size}
-- 
2.6.4

Re: [gentoo-dev] [PATCH 0/9] Cleanup and EAPI=6 support for check-reqs.eclass

2015-12-28 Thread Justin Lecher (jlec) 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 28/12/15 10:35, Andrew Savchenko wrote:
> Hi,
> 
> On Mon, 28 Dec 2015 09:43:46 +0100 Justin Lecher wrote:
>> Dear all,
>> 
>> please review my suggestion to the check-reqs.eclass according to
>> cleanups and EAPI=6 support. Any further ideas you like to see
>> implemented?
> 
> It would be useful to allow users to include swap space for memory 
> estimation. Sometimes this is the only way to build package
> without cross-compiling. So I propose something like:
> 
> CHECKREQS_MEMORY_USE_SWAP="yes|no"
> 
> which can be set on command line, in make.conf or in per-package
> env setup.
> 
> This option should be disabled by default, of course.
> 
> Best regards, Andrew Savchenko
> 

Hi Andrew,

could you please file a bug for this? We do not bind this to any EAPI
as this is an additional feature.

Thanks,

Justin


-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0

iQJ8BAEBCgBmBQJWgQOKXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmiUGwQALGC6G1QpuNLmRoi3HNO4SwF
TrFEpiEqBRhYN09PQQOs82ke8m6MkU7miBZazv9ty/GwVz1x+aNsRj3b7IY6kT9S
gTTjUcUFtn62mZtym0OFBqlOcjeeHcPMFCfQxBJ5Opgayjcr2//xd8cEj6TH8z11
M4vLvXbQ7283+0bvbd3g0G+JMquF51z+A87zZEu950sTKv2ZF35FBECzqCEmWYOM
/o0qj089VxGppvRuA5JWS/BfH/Rjxe4XvdJv9PEwfNX/S9rLHOYi63mb8d2eyINO
Eug8pkVSxXl9sGllanVYYNo/WlVZZQDZRwzAV6AsBBKU7QP+OHPjST0ikV2TE0nP
eRZ1biekprTYWaL6eucTh8VRhBPewHRC33cElWOYW9mqPz0bF+R1jTgNMU6+D96x
j5Uzx/gi1AXN6dnK8B2TqEBbsvBXig6mHiszI2c81A55GrPmpYXZiYpeOKpklopz
vwb0h021gTFYScxynthomDDFVWdUprkePHtR3rPLwbiL/aAx0FbVf6yi5QBJBmuM
HOSlYtOUK/8yYwl9fXTymvWBJlMbXqUToRsKU+/98S97JnxMBju6JVB+m4+R8PE3
YOQrZirU9JqyOxQZ4f9NHwiwnlGth732qQ3GZd4sVkxNG7b/v0YzEVvrzJtIHo7R
lk1NIx/RFE2BQ4YVNrv7
=nfVS
-END PGP SIGNATURE-

[gentoo-dev] [PATCH 7/9] check-reqs.eclass: Sanitize MERGE_TYPE for EAPI < 4

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index ad032b9..4513904 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -136,6 +136,8 @@ check-reqs_run() {
# some people are *censored*
unset CHECKREQS_FAILED
 
+   [[ ${EAPI:-0} == [0123] ]] && local MERGE_TYPE=""
+
# use != in test, because MERGE_TYPE only exists in EAPI 4 and later
if [[ ${MERGE_TYPE} != binary ]]; then
[[ -n ${CHECKREQS_MEMORY} ]] && \
-- 
2.6.4

[gentoo-dev] [PATCH 9/9] check-reqs.eclass: Enable EAPI 6 support

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index 26f2dc1..d22e8c2 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -65,7 +65,7 @@ inherit eutils
 EXPORT_FUNCTIONS pkg_setup
 case "${EAPI:-0}" in
0|1|2|3) ;;
-   4|5) EXPORT_FUNCTIONS pkg_pretend ;;
+   4|5|6) EXPORT_FUNCTIONS pkg_pretend ;;
*) die "EAPI=${EAPI} is not supported" ;;
 esac
 
-- 
2.6.4

[gentoo-dev] [PATCH 4/9] check-reqs.eclass: Fix typo

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index 3c98baf..138bfec 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -71,7 +71,7 @@ esac
 
 # @FUNCTION: check_reqs
 # @DESCRIPTION:
-# Obsolete function executing all the checks and priting out results
+# Obsolete function executing all the checks and printing out results
 check_reqs() {
debug-print-function ${FUNCNAME} "$@"
 
-- 
2.6.4

[gentoo-dev] [PATCH 5/9] check-reqs.eclass: Replace obsolete df option -m with -B ###

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index 138bfec..a32f8f8 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -306,7 +306,7 @@ check-reqs_disk() {
${size} \
"disk space at \"${path}\""
 
-   space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print $4}')
+   space_megs=$(df -P -B 1048576 "${1}" 2>/dev/null | awk 'FNR == 2 {print 
$4}')
 
if [[ $? == 0 && -n ${space_megs} ]] ; then
if [[ ${space_megs} -lt $(check-reqs_get_mebibytes ${size}) ]] 
; then
-- 
2.6.4

[gentoo-dev] [PATCH 6/9] check-reqs.eclass: Ban obsolete functions in newer EAPIs

2015-12-28 Thread Justin Lecher 
Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index a32f8f8..ad032b9 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -75,6 +75,8 @@ esac
 check_reqs() {
debug-print-function ${FUNCNAME} "$@"
 
+   [[ ${EAPI:-0} == [012345] ]] || die "${FUNCNAME} is banned in EAPI > 5"
+
echo
eqawarn "Package calling old ${FUNCNAME} function."
eqawarn "Please file a bug against the package."
-- 
2.6.4

Re: [gentoo-dev] [PATCH 0/9] Cleanup and EAPI=6 support for check-reqs.eclass

2015-12-28 Thread Andrew Savchenko 
Hi,

On Mon, 28 Dec 2015 09:43:46 +0100 Justin Lecher wrote:
> Dear all,
> 
> please review my suggestion to the check-reqs.eclass according to cleanups
> and EAPI=6 support. Any further ideas you like to see implemented?

It would be useful to allow users to include swap space for memory
estimation. Sometimes this is the only way to build package without
cross-compiling. So I propose something like:

CHECKREQS_MEMORY_USE_SWAP="yes|no"

which can be set on command line, in make.conf or in per-package env
setup.

This option should be disabled by default, of course.

Best regards,
Andrew Savchenko


pgpEZd_uDqf26.pgp
Description: PGP signature

Re: [gentoo-dev] [PATCH 5/9] check-reqs.eclass: Replace obsolete df option -m with -B ###

2015-12-28 Thread Michał Górny 
Dnia 28 grudnia 2015 09:43:51 CET, Justin Lecher  napisał(a):
>Signed-off-by: Justin Lecher 
>---
> eclass/check-reqs.eclass | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
>index 138bfec..a32f8f8 100644
>--- a/eclass/check-reqs.eclass
>+++ b/eclass/check-reqs.eclass
>@@ -306,7 +306,7 @@ check-reqs_disk() {
>   ${size} \
>   "disk space at \"${path}\""
> 
>-  space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print $4}')
>+  space_megs=$(df -P -B 1048576 "${1}" 2>/dev/null | awk 'FNR == 2
>{print $4}')

I don't want to spoil the party but '-B' doesn't seem portable. I don't see 
that option in FreeBSD man page.

> 
>   if [[ $? == 0 && -n ${space_megs} ]] ; then
>   if [[ ${space_megs} -lt $(check-reqs_get_mebibytes ${size}) ]] 
> ; then


-- 
Best regards,
Michał Górny (by phone)

Re: [gentoo-dev] [RFC] New project: Crypto

2015-12-28 Thread Kristian Fiskerstrand 


[Sent from my iPad, as it is not a secured device there are no cryptographic 
keys on this device, meaning this message is sent without an OpenPGP signature. 
In general you should *not* rely on any information sent over such an unsecure 
channel, if you find any information controversial or un-expected send a 
response and request a signed confirmation]

> On 28 Dec 2015, at 15:58, James Le Cuirot  wrote:
> 
> On Mon, 28 Dec 2015 09:42:40 -0500
> Rich Freeman  wrote:
>> 

..

>> And this would be why I don't bother to sign my emails any longer.
>> The FOSS world is still stuck in the days when people ran X11-based
>> MUAs and stored their mail in conventional folders.  I've yet to see a
>> decent browser-based MUA or Android client which does signing.
>> Squirrelmail does, but it is really lacking compared to something like
>> Gmail.
> 
> I haven't tried the feature myself but K9 Mail, which is highly
> regarded, does it via APG on Android.


iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things 
happening with OpenKeychain (https://www.openkeychain.org/k-9/ ) in that 
regard. We actually discussed it a bit during last OpenPGP summit in zurich. 

The main issue is key storage, though. For signatures you can use a dedicated 
signing subkey, however you get in problem with encrypted emails as mobile 
devices are not really secure devices and should never have cryptographic 
material. What could work in this case is a NFC (or for that matter bluetooth, 
although it needs to be properly paired etc etc) channel with a separate device 
with a separate keychain and display so you can verify the request, and never 
actually expose private key material to the cellphone.

In the mean time I just include the notice whenever I don't sign, at least some 
people notice it and gives it another thought.

Re: [gentoo-dev] [PATCH 0/9] Cleanup and EAPI=6 support for check-reqs.eclass

2015-12-28 Thread Andrew Savchenko 
Hi,

On Mon, 28 Dec 2015 10:40:26 +0100 Justin Lecher (jlec) wrote:
> On 28/12/15 10:35, Andrew Savchenko wrote:
> > On Mon, 28 Dec 2015 09:43:46 +0100 Justin Lecher wrote:
> >> please review my suggestion to the check-reqs.eclass according to
> >> cleanups and EAPI=6 support. Any further ideas you like to see
> >> implemented?
> > 
> > It would be useful to allow users to include swap space for memory 
> > estimation. Sometimes this is the only way to build package
> > without cross-compiling. So I propose something like:
> > 
> > CHECKREQS_MEMORY_USE_SWAP="yes|no"
> > 
> > which can be set on command line, in make.conf or in per-package
> > env setup.
> > 
> > This option should be disabled by default, of course.
> > 
> > Best regards, Andrew Savchenko
> > 
> 
> Hi Andrew,
> 
> could you please file a bug for this? We do not bind this to any EAPI
> as this is an additional feature.

Done:
https://bugs.gentoo.org/show_bug.cgi?id=569966

Best regards,
Andrew Savchenko


pgp5NNrlbD1A0.pgp
Description: PGP signature

Re: [gentoo-dev] [RFC] New project: Crypto

2015-12-28 Thread Rich Freeman 
On Mon, Dec 28, 2015 at 8:11 AM, Kristian Fiskerstrand  wrote:
>
>
> [Sent from my iPad, as it is not a secured device there are no cryptographic 
> keys on this device,
> meaning this message is sent without an OpenPGP signature. In general you 
> should *not* rely on
> any information sent over such an unsecure channel, if you find any 
> information controversial or
> un-expected send a response and request a signed confirmation]

And this would be why I don't bother to sign my emails any longer.
The FOSS world is still stuck in the days when people ran X11-based
MUAs and stored their mail in conventional folders.  I've yet to see a
decent browser-based MUA or Android client which does signing.
Squirrelmail does, but it is really lacking compared to something like
Gmail.

-- 
Rich

Re: [gentoo-dev] [PATCH 5/9] check-reqs.eclass: Replace obsolete df option -m with -B ###

2015-12-28 Thread Andrew Savchenko 
Hi,

On Mon, 28 Dec 2015 09:43:51 +0100 Justin Lecher wrote:
> Signed-off-by: Justin Lecher 
> ---
>  eclass/check-reqs.eclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
> index 138bfec..a32f8f8 100644
> --- a/eclass/check-reqs.eclass
> +++ b/eclass/check-reqs.eclass
> @@ -306,7 +306,7 @@ check-reqs_disk() {
>   ${size} \
>   "disk space at \"${path}\""
>  
> - space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print $4}')
> + space_megs=$(df -P -B 1048576 "${1}" 2>/dev/null | awk 'FNR == 2 {print 
> $4}')

Why not "-BM"? IMHO, this will be more readable, though, of course,
both arguments are semantically correct.

Best regards,
Andrew Savchenko


pgpoKY8IH4uNu.pgp
Description: PGP signature

Re: [gentoo-dev] [PATCH 5/9] check-reqs.eclass: Replace obsolete df option -m with -B ###

2015-12-28 Thread Justin Lecher (jlec) 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 28/12/15 14:58, Andrew Savchenko wrote:
> Hi,
> 
> On Mon, 28 Dec 2015 09:43:51 +0100 Justin Lecher wrote:
>> Signed-off-by: Justin Lecher  --- 
>> eclass/check-reqs.eclass | 2 +- 1 file changed, 1 insertion(+), 1
>> deletion(-)
>> 
>> diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass 
>> index 138bfec..a32f8f8 100644 --- a/eclass/check-reqs.eclass +++
>> b/eclass/check-reqs.eclass @@ -306,7 +306,7 @@ check-reqs_disk()
>> { ${size} \ "disk space at \"${path}\""
>> 
>> -space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print
>> $4}') +  space_megs=$(df -P -B 1048576 "${1}" 2>/dev/null | awk
>> 'FNR == 2 {print $4}')
> 
> Why not "-BM"? IMHO, this will be more readable, though, of
> course, both arguments are semantically correct.
> 

Because the output is different to the original version.

$ (0) df -Pm /
Filesystem 1048576-blocks  Used Available Capacity Mounted on
/dev/root   47244 25665 19157  58% /
$ (0) df -P -B 1048576 /
Filesystem 1048576-blocks  Used Available Capacity Mounted on
/dev/root   47244 25665 19157  58% /
$ (0) df -P -BM /
Filesystem 1048576-blocks   Used Available Capacity Mounted on
/dev/root  47244M 25665M19157M  58% /
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0

iQJ8BAEBCgBmBQJWgUQzXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmiAEUP/RQJRmOaXjUD5orDBpXj/nvj
CszwErjdwR43HwEsWeNVGMX1dXd0l1KM5p8tK5d4cn2u920VG8U8ef+SsfJhmfbn
tnlM7hOhLmWZOqp57YpLeOvEpz0gqfjgKw3b/5Ywg4ISacufgAwNxbsSBnEmqQYv
wETPveQAVETa0SoKD3Ki9PLRVVMN1t+/azMc9hn7+Tm2dth0QoF2sQ3Tm5VbQG/H
BfQ4IWAUgpSrU991uliOt7kVTXTEShScSVPVACNoU63qtbNrYU92XGlDCAzPBsjp
E8l7jdrlHXlgqu8zh+wvrJ/1qw3t3eqnB96pGe8HAfhdeJ6cVd3mNZITMNmmRl/G
IaIdQ1dZlQLmP1ywK3bxS0ehi4XCmaQJKxP0vNAcnrlY41ea8qHp6UhrHT69c+Nr
WKCKmanfaadsoLQkHgFiy4kGuXna20XyBdyr1zP9y6L8aSz8Cq6WbESkFu3aNgFT
FTNOW4Z6fFwEc/Le3Kaowk8arv9E7yryjkqWzl4EO2nwUReg/4UmfkqgBCSOFh0z
JUd1Xvoaeo6hiSEw/VmL+D/HCzlm7Z+SRtNKDR3d8gsyCY0lVMBZscBYdSpAKbn2
5RkkynZdR52Y+1cr8Rt9G7Uz+AaX82L19+WgYd9y5dcUynNJgDU5+SRFT1/hZfSR
eO0pNmZ9ywefEvYh/2Mc
=4hR/
-END PGP SIGNATURE-

[gentoo-dev] [PATCH] check-reqs.eclass: Replace obsolete df option -m with -k

2015-12-28 Thread Justin Lecher 
Using kbi as base unit for calculation as linux and bsd only have -k as
common option

Signed-off-by: Justin Lecher 
---
 eclass/check-reqs.eclass | 25 +
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
index 138bfec..a649693 100644
--- a/eclass/check-reqs.eclass
+++ b/eclass/check-reqs.eclass
@@ -159,12 +159,12 @@ check-reqs_run() {
fi
 }
 
-# @FUNCTION: check-reqs_get_mebibytes
+# @FUNCTION: check-reqs_get_kbibytes
 # @INTERNAL
 # @DESCRIPTION:
-# Internal function that returns number in mebibytes.
-# Returns 1024 for 1G or 1048576 for 1T.
-check-reqs_get_mebibytes() {
+# Internal function that returns number in kbibytes.
+# Returns 1024**2 for 1G or 1024**3 for 1T.
+check-reqs_get_kbibytes() {
debug-print-function ${FUNCNAME} "$@"
 
[[ -z ${1} ]] && die "Usage: ${FUNCNAME} [size]"
@@ -173,9 +173,10 @@ check-reqs_get_mebibytes() {
local size=${1%[GMT]}
 
case ${unit} in
-   G) echo $((1024 * size)) ;;
-   [M0-9]) echo ${size} ;;
-   T) echo $((1024 * 1024 * size)) ;;
+   G) echo $((1024 * 1024 * size)) ;;
+   M) echo $((1024 * size)) ;;
+   T) echo $((1024 * 1024 * 1024 * size)) ;;
+   [0-9]) echo $((1024 * size)) ;;
*)
die "${FUNCNAME}: Unknown unit: ${unit}"
;;
@@ -275,7 +276,7 @@ check-reqs_memory() {
actual_memory=$(echo $actual_memory | sed -e 
's/^[^:=]*[:=]//' )
fi
if [[ -n ${actual_memory} ]] ; then
-   if [[ ${actual_memory} -lt $((1024 * $(check-reqs_get_mebibytes 
${size}))) ]] ; then
+   if [[ ${actual_memory} -lt $(check-reqs_get_kbibytes ${size}) 
]] ; then
eend 1
check-reqs_unsatisfied \
${size} \
@@ -300,16 +301,16 @@ check-reqs_disk() {
 
local path=${1}
local size=${2}
-   local space_megs
+   local space_kbi
 
check-reqs_start_phase \
${size} \
"disk space at \"${path}\""
 
-   space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print $4}')
+   space_kbi=$(df -Pk "${1}" 2>/dev/null | awk 'FNR == 2 {print $4}')
 
-   if [[ $? == 0 && -n ${space_megs} ]] ; then
-   if [[ ${space_megs} -lt $(check-reqs_get_mebibytes ${size}) ]] 
; then
+   if [[ $? == 0 && -n ${space_kbi} ]] ; then
+   if [[ ${space_kbi} -lt $(check-reqs_get_kbibytes ${size}) ]] ; 
then
eend 1
check-reqs_unsatisfied \
${size} \
-- 
2.6.4

Re: [gentoo-dev] [RFC] New project: Crypto

2015-12-28 Thread James Le Cuirot 
On Mon, 28 Dec 2015 09:42:40 -0500
Rich Freeman  wrote:

> On Mon, Dec 28, 2015 at 8:11 AM, Kristian Fiskerstrand
>  wrote:
> >
> >
> > [Sent from my iPad, as it is not a secured device there are no
> > cryptographic keys on this device, meaning this message is sent
> > without an OpenPGP signature. In general you should *not* rely on
> > any information sent over such an unsecure channel, if you find any
> > information controversial or un-expected send a response and
> > request a signed confirmation]  
> 
> And this would be why I don't bother to sign my emails any longer.
> The FOSS world is still stuck in the days when people ran X11-based
> MUAs and stored their mail in conventional folders.  I've yet to see a
> decent browser-based MUA or Android client which does signing.
> Squirrelmail does, but it is really lacking compared to something like
> Gmail.
> 

I haven't tried the feature myself but K9 Mail, which is highly
regarded, does it via APG on Android.

-- 
James Le Cuirot (chewi)
Gentoo Linux Developer


pgpZQv7sb95B6.pgp
Description: OpenPGP digital signature

[gentoo-dev] [PATCH] Replace df -m with df -k

2015-12-28 Thread Justin Lecher 
I replaced al calculations from mbi to kbi so that we can use the
common -k flag.

Justin


Justin Lecher (1):
  check-reqs.eclass: Replace obsolete df option -m with -k

 eclass/check-reqs.eclass | 25 +
 1 file changed, 13 insertions(+), 12 deletions(-)

-- 
2.6.4

Re: [gentoo-dev] [RFC] New project: Crypto

2015-12-28 Thread Kristian Fiskerstrand 


[Sent from my iPad, as it is not a secured device there are no cryptographic 
keys on this device, meaning this message is sent without an OpenPGP signature. 
In general you should *not* rely on any information sent over such an unsecure 
channel, if you find any information controversial or un-expected send a 
response and request a signed confirmation]

> On 27 Dec 2015, at 23:49, Andrew Savchenko  wrote:
> 
> Hi!
> 
>> On Wed, 25 Nov 2015 21:21:37 +0100 Kristian Fiskerstrand wrote:
>>> 
...
> 
>> I'm trying to reclaim the #gentoo-crypto channel for now, would be
>> nice to have a place for coordination corresponding to the project
> 
> Any progress here?
> 

Yeah, we have control :)

K_F

Re: [gentoo-dev] [PATCH 5/9] check-reqs.eclass: Replace obsolete df option -m with -B ###

2015-12-28 Thread Justin Lecher (jlec) 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 28/12/15 15:24, Michał Górny wrote:
> Dnia 28 grudnia 2015 09:43:51 CET, Justin Lecher 
> napisał(a):
>> Signed-off-by: Justin Lecher  --- 
>> eclass/check-reqs.eclass | 2 +- 1 file changed, 1 insertion(+), 1
>> deletion(-)
>> 
>> diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass 
>> index 138bfec..a32f8f8 100644 --- a/eclass/check-reqs.eclass +++
>> b/eclass/check-reqs.eclass @@ -306,7 +306,7 @@ check-reqs_disk()
>> { ${size} \ "disk space at \"${path}\""
>> 
>> -space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print
>> $4}') +  space_megs=$(df -P -B 1048576 "${1}" 2>/dev/null | awk
>> 'FNR == 2 {print $4}')
> 
> I don't want to spoil the party but '-B' doesn't seem portable. I
> don't see that option in FreeBSD man page.

The source code says


case 'm': /* obsolescent, exists for BSD compatibility */


So it might silently go away. Let me have a look at the BSD sources.
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0

iQJ8BAEBCgBmBQJWgUclXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmiiUgP/itabhl/43o8fY79y/cuZuRW
xmvQirepGlHrqVZvgOGiBxyK2q0wpVhrsgHe/hwkK/lV8NA+C0eOIUW2wlwLiyEN
T6UavwPFdoZ4YgNuj9m8ZCNbZVrJUyEFP01RUWuHyEah6MFBg+D8Jtl8vWNlzZKm
W8z3KPDTrDhpcg8i+r9D915RARpo9wraTc/LvK8QXF51YuBcn1MWsRjd50g2FQiu
R6Epylw7EmAL4AT9bhx7skdBS2z5GRHJQFEObYqtxve0PDdXOvw8SOcxwcqQXCv2
ZCEuVCURfOlOOVdL1mgfIJa/h1FMO3n1NjrZXFFZtVNs1T3sYm9/lyYjGuYQIFP3
ITkIVPBunjgbmG+wNRFOonNRDnxY0Y8F0AiaDNi07WpbkAoo52oHz9gWL/hsdhDd
vfH074JoIVtoXS6yeaESPSwOlurQ30bwhpAz7xzWLW8sWopyR+sGkuW7AQ9PkmZc
mwVX6ZIWBdZ6Zk5Ae7UNi3Lc3akSrz4GkiAlbLmxg946BMrTfJFIPBFvR82TkkNw
+mRPJUPuiCWDDDyDKNCpGb/YQB8kjkiWHZkr1Id7PLhIIDkeuccVqvEvzTNU22pk
DdQkUt9L69FxTE8OtskEDueaINaBMtBpGpPh5K+arsKUt85jIX4oM25IXau8HAWx
mDTncoD6QRn2dNXuf5gx
=O924
-END PGP SIGNATURE-

Re: [gentoo-dev] [PATCH 5/9] check-reqs.eclass: Replace obsolete df option -m with -B ###

2015-12-28 Thread Michał Górny 
Dnia 28 grudnia 2015 15:28:53 CET, "Justin Lecher (jlec)"  
napisał(a):
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>On 28/12/15 15:24, Michał Górny wrote:
>> Dnia 28 grudnia 2015 09:43:51 CET, Justin Lecher 
>> napisał(a):
>>> Signed-off-by: Justin Lecher  --- 
>>> eclass/check-reqs.eclass | 2 +- 1 file changed, 1 insertion(+), 1
>>> deletion(-)
>>> 
>>> diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass 
>>> index 138bfec..a32f8f8 100644 --- a/eclass/check-reqs.eclass +++
>>> b/eclass/check-reqs.eclass @@ -306,7 +306,7 @@ check-reqs_disk()
>>> { ${size} \ "disk space at \"${path}\""
>>> 
>>> -   space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print
>>> $4}') + space_megs=$(df -P -B 1048576 "${1}" 2>/dev/null | awk
>>> 'FNR == 2 {print $4}')
>> 
>> I don't want to spoil the party but '-B' doesn't seem portable. I
>> don't see that option in FreeBSD man page.
>
>The source code says
>
>
>case 'm': /* obsolescent, exists for BSD compatibility */
>
>
>So it might silently go away. Let me have a look at the BSD sources.

POSIX gives you '-k -P' only, so you should probably stick to that.

>-BEGIN PGP SIGNATURE-
>Version: GnuPG/MacGPG2 v2.0
>
>iQJ8BAEBCgBmBQJWgUclXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
>ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
>OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmiiUgP/itabhl/43o8fY79y/cuZuRW
>xmvQirepGlHrqVZvgOGiBxyK2q0wpVhrsgHe/hwkK/lV8NA+C0eOIUW2wlwLiyEN
>T6UavwPFdoZ4YgNuj9m8ZCNbZVrJUyEFP01RUWuHyEah6MFBg+D8Jtl8vWNlzZKm
>W8z3KPDTrDhpcg8i+r9D915RARpo9wraTc/LvK8QXF51YuBcn1MWsRjd50g2FQiu
>R6Epylw7EmAL4AT9bhx7skdBS2z5GRHJQFEObYqtxve0PDdXOvw8SOcxwcqQXCv2
>ZCEuVCURfOlOOVdL1mgfIJa/h1FMO3n1NjrZXFFZtVNs1T3sYm9/lyYjGuYQIFP3
>ITkIVPBunjgbmG+wNRFOonNRDnxY0Y8F0AiaDNi07WpbkAoo52oHz9gWL/hsdhDd
>vfH074JoIVtoXS6yeaESPSwOlurQ30bwhpAz7xzWLW8sWopyR+sGkuW7AQ9PkmZc
>mwVX6ZIWBdZ6Zk5Ae7UNi3Lc3akSrz4GkiAlbLmxg946BMrTfJFIPBFvR82TkkNw
>+mRPJUPuiCWDDDyDKNCpGb/YQB8kjkiWHZkr1Id7PLhIIDkeuccVqvEvzTNU22pk
>DdQkUt9L69FxTE8OtskEDueaINaBMtBpGpPh5K+arsKUt85jIX4oM25IXau8HAWx
>mDTncoD6QRn2dNXuf5gx
>=O924
>-END PGP SIGNATURE-


-- 
Best regards,
Michał Górny (by phone)

Re: [gentoo-dev] [RFC] New project: Crypto

2015-12-28 Thread Kristian Fiskerstrand 


[Sent from my iPad, as it is not a secured device there are no cryptographic 
keys on this device, meaning this message is sent without an OpenPGP signature. 
In general you should *not* rely on any information sent over such an unsecure 
channel, if you find any information controversial or un-expected send a 
response and request a signed confirmation]

> On 28 Dec 2015, at 16:07, Kristian Fiskerstrand  wrote:
> 
> 

> The main issue is key storage, though. For signatures you can use a dedicated 
> signing subkey, however you get in problem with encrypted emails as mobile 
> devices are not really secure devices and should never have cryptographic 
> material. What could work in this case is a NFC (or for that matter 
> bluetooth, although it needs to be properly paired etc etc) channel with a 
> separate device with a separate keychain and display so you can verify the 
> request, and never

This should read pinentry, the existence of a keyring is implicit to the use 
case..

> actually expose private key material to the cellphone.
> 
> In the mean time I just include the notice whenever I don't sign, at least 
> some people notice it and gives it another thought.

Re: [gentoo-dev] [PATCH] check-reqs.eclass: Replace obsolete df option -m with -k

2015-12-28 Thread Justin Lecher (jlec) 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 28/12/15 16:41, Michał Górny wrote:
> Dnia 28 grudnia 2015 16:27:43 CET, Justin Lecher 
> napisał(a):
>> Using kbi as base unit for calculation as linux and bsd only have
>> -k as common option
> 
> It's 'kibibyte', or KiB in short.

Updated, I had the suspicion that it wasn't correct, but didn't do any
research.

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0

iQJ8BAEBCgBmBQJWgVkVXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0QUU0N0I4NzFERUI0MTJFN0EyODE0NUFF
OTQwMkE3OUIwMzUyOUEyAAoJEOlAKnmwNSmi3AkQALwjL7LRN3AcmQnWBHy56YFK
3YmDwFUDZZ9aA6doO3C5TVKzwBc/+WopqS7sDb8djC4yMmPVJqZJIYmwNbkch7SE
UamDfBo8d8asbW+KmfKdOm56IWlL3P+ObPD3qaUcVsOkfw4q4iF5VK55Of7l/Va2
oh1rugmQ22nY0lcSo1QCioiuwqsivQnBdnK+iEHNXxEiF+WFg2MXnedcVF0blGii
iXTqJZXavjTanXANPyHn35WpPIw6cQR+vYjXT9JX8uDqchfKtgooYNsatGSc7Osi
0vykwSa4/A7SKrksyPdQ5/NcSArQZEk9M6udEEChx6LLuURtsMMKPEeAxF45CMGR
Pqc6InN2xU8eocAHm2eZO+Pj065Pvio3WSXCL4LCADwU9mlktb6GJZIEpOBVs3QP
WrV7TFzikbiW4vKfD0nvv3o6IqcwNQQeoPbBOiigPnXOGzJGVklMs8g/VOQvslsZ
ALscmFhKmhbS5ISpivXhbQMaZlChhXLCJHmsED2Mf2C5rIuOUxSLjly05K6v7+gB
1Zowqny/nFa6Z9OejNmuSyk0OB/PLV1U0cel0lmsL6RKpRDl9g3YUsIsE09GDWdx
x8CWsJXB0YdIaQ8b7TC39/DdT9o2nwddKlfHZVHwXzfq4zn++lU1yq1AAh0fecOz
PTt3IvS+XyZlR7Npt298
=OXj4
-END PGP SIGNATURE-

Re: [gentoo-dev] [PATCH] check-reqs.eclass: Replace obsolete df option -m with -k

2015-12-28 Thread Michał Górny 
Dnia 28 grudnia 2015 16:27:43 CET, Justin Lecher  napisał(a):
>Using kbi as base unit for calculation as linux and bsd only have -k as
>common option

It's 'kibibyte', or KiB in short.

>
>Signed-off-by: Justin Lecher 
>---
> eclass/check-reqs.eclass | 25 +
> 1 file changed, 13 insertions(+), 12 deletions(-)
>
>diff --git a/eclass/check-reqs.eclass b/eclass/check-reqs.eclass
>index 138bfec..a649693 100644
>--- a/eclass/check-reqs.eclass
>+++ b/eclass/check-reqs.eclass
>@@ -159,12 +159,12 @@ check-reqs_run() {
>   fi
> }
> 
>-# @FUNCTION: check-reqs_get_mebibytes
>+# @FUNCTION: check-reqs_get_kbibytes
> # @INTERNAL
> # @DESCRIPTION:
>-# Internal function that returns number in mebibytes.
>-# Returns 1024 for 1G or 1048576 for 1T.
>-check-reqs_get_mebibytes() {
>+# Internal function that returns number in kbibytes.
>+# Returns 1024**2 for 1G or 1024**3 for 1T.
>+check-reqs_get_kbibytes() {
>   debug-print-function ${FUNCNAME} "$@"
> 
>   [[ -z ${1} ]] && die "Usage: ${FUNCNAME} [size]"
>@@ -173,9 +173,10 @@ check-reqs_get_mebibytes() {
>   local size=${1%[GMT]}
> 
>   case ${unit} in
>-  G) echo $((1024 * size)) ;;
>-  [M0-9]) echo ${size} ;;
>-  T) echo $((1024 * 1024 * size)) ;;
>+  G) echo $((1024 * 1024 * size)) ;;
>+  M) echo $((1024 * size)) ;;
>+  T) echo $((1024 * 1024 * 1024 * size)) ;;
>+  [0-9]) echo $((1024 * size)) ;;
>   *)
>   die "${FUNCNAME}: Unknown unit: ${unit}"
>   ;;
>@@ -275,7 +276,7 @@ check-reqs_memory() {
>   actual_memory=$(echo $actual_memory | sed -e 
> 's/^[^:=]*[:=]//' )
>   fi
>   if [[ -n ${actual_memory} ]] ; then
>-  if [[ ${actual_memory} -lt $((1024 * $(check-reqs_get_mebibytes
>${size}))) ]] ; then
>+  if [[ ${actual_memory} -lt $(check-reqs_get_kbibytes ${size}) 
>]] ;
>then
>   eend 1
>   check-reqs_unsatisfied \
>   ${size} \
>@@ -300,16 +301,16 @@ check-reqs_disk() {
> 
>   local path=${1}
>   local size=${2}
>-  local space_megs
>+  local space_kbi
> 
>   check-reqs_start_phase \
>   ${size} \
>   "disk space at \"${path}\""
> 
>-  space_megs=$(df -Pm "${1}" 2>/dev/null | awk 'FNR == 2 {print $4}')
>+  space_kbi=$(df -Pk "${1}" 2>/dev/null | awk 'FNR == 2 {print $4}')
> 
>-  if [[ $? == 0 && -n ${space_megs} ]] ; then
>-  if [[ ${space_megs} -lt $(check-reqs_get_mebibytes ${size}) ]] ;
>then
>+  if [[ $? == 0 && -n ${space_kbi} ]] ; then
>+  if [[ ${space_kbi} -lt $(check-reqs_get_kbibytes ${size}) ]] ; 
>then
>   eend 1
>   check-reqs_unsatisfied \
>   ${size} \


-- 
Best regards,
Michał Górny (by phone)

Re: [gentoo-dev] [RFC] New project: Crypto

2015-12-28 Thread Andrew Savchenko 
On Mon, 28 Dec 2015 09:42:40 -0500 Rich Freeman wrote:
> On Mon, Dec 28, 2015 at 8:11 AM, Kristian Fiskerstrand  
> wrote:
> >
> >
> > [Sent from my iPad, as it is not a secured device there are no 
> > cryptographic keys on this device,
> > meaning this message is sent without an OpenPGP signature. In general you 
> > should *not* rely on
> > any information sent over such an unsecure channel, if you find any 
> > information controversial or
> > un-expected send a response and request a signed confirmation]
> 
> And this would be why I don't bother to sign my emails any longer.
> The FOSS world is still stuck in the days when people ran X11-based
> MUAs and stored their mail in conventional folders.  I've yet to see a
> decent browser-based MUA or Android client which does signing.
> Squirrelmail does, but it is really lacking compared to something like
> Gmail.

YMMW, but I'm perfectly fine with Claws mail on my phone.

Another problem is that this device lacks reliable RNG and faces
threats of baseband processor data interception (as well as all
other phones I'm aware about). So phones/tablets are not suitable
for cryptography anyway.

P.S. We had a good discussion of this on core, but still have no
summary on dev ML.

Best regards,
Andrew Savchenko


pgp2cyjAVTb6R.pgp
Description: PGP signature

Re: [gentoo-dev] [RFC] New project: Crypto

2015-12-28 Thread Rich Freeman 
On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand  wrote:
>> On 28 Dec 2015, at 15:58, James Le Cuirot  wrote:
>>
>> On Mon, 28 Dec 2015 09:42:40 -0500
>> Rich Freeman  wrote:
>
>>> And this would be why I don't bother to sign my emails any longer.
>>> The FOSS world is still stuck in the days when people ran X11-based
>>> MUAs and stored their mail in conventional folders.  I've yet to see a
>>> decent browser-based MUA or Android client which does signing.
>>> Squirrelmail does, but it is really lacking compared to something like
>>> Gmail.
>>
>> I haven't tried the feature myself but K9 Mail, which is highly
>> regarded, does it via APG on Android.
>
> iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things 
> happening with OpenKeychain
> (https://www.openkeychain.org/k-9/ ) in that regard. We actually discussed it 
> a bit during last OpenPGP summit in zurich.
>

K9 also doesn't support email tagging as far as I'm aware, and I don't
believe there is a browser version of it either (I do require an MUA
accessible by a browser, as this is how I compose 99% of my emails - I
read this email on androids, and am replying from a browser right
now).  To some extent they can be forgiven for not supporting tagging,
as I don't believe IMAP supports it either, so we need standards as
well as FOSS clients to make it work.

But, it isn't like I'm paying anybody to solve the problem, so we all
make do, either living without features or without signatures as the
case may be.

> The main issue is key storage, though. For signatures you can use a dedicated
> signing subkey, however you get in problem with encrypted emails as mobile 
> devices
> are not really secure devices and should never have cryptographic material. 
> What could
> work in this case is a NFC (or for that matter bluetooth, although it needs 
> to be properly
> paired etc etc) channel with a separate device with a separate keychain and 
> display so
> you can verify the request, and never actually expose private key material to 
> the cellphone.

That concern is hardly unique to phones.  PCs suffer just as much from
this problem.  The solution could potentially be the same.  For
signing it is a straightforward problem since there is nothing to be
kept secret except the key material itself (just send the message to
the signing device, and return the signature back).  For encryption
you have additional challenges if you want to be able to make any use
of the plaintext without it getting stolen - once decrypted it is only
secure as any device that comes in contact with it.  And there is no
reason that mobile and browser frameworks couldn't talk to such
devices with the right standards.

If it were up to me the government would hand out signing devices just
as they hand out passports.  It seems kind of silly in this day and
age that we haven't solved the key-management problem and half of our
commerce involves giving 16-digit numbers to everybody we do business
with and asking them to keep them secret for us.

-- 
Rich

[gentoo-dev] Need clear semantics for packages with binary entities

2015-12-28 Thread trupanka 
I’m suffering from the fact that users can distinguish packages containing
binaries just by eye. There is no mechanism to allow/ignore such packages.
For license restrictions we have ‘package.license/’ whitelist.

I figure out the following binary entities in portage’s packages
that (to my point of view) need to be clearly defined as BINARY:
1. *-bin packages (maven-bin, icedtea-bin)
2. firmware packages (linux-firmware)
3. purely binary packages that are installed without any notion
they are binary or source packages just like Ubuntu’s ones
(app-office/upwork)
4. packages with pre-compiled bytecode/objectcode that are installed
like packages in #3.
(geogebra, many packages with .jar files in dev-java/*)
5. packages with ‘-binary’ USE-flag. Semantics of ‘-binary’ differs:
(seabios) binary : Use official upstream pre-built binaries
(ghc) binary: Install the binary version directly, rather than
using it to build the source version.
(scala) binary : Install from (Gentoo-compiled) binary instead of
building from sources. Set this when you run out of memory during build.
(etc...)
6. packages that need binaries to compile/bootstrap (sbcl)
7. to be continued... I guess

#1 semantics has no control. Such packages may be installed as a
dependency
without warnings they are binaries.
#5 semantics are not clear (defined in manifest.xml)

The only binary entities under users’ control are:
1. packages from “PKGDIR” installed with ‘emerge --usepkg’
2. packages with -binary USE-flag

I wonder if Gentoo’s devs can do something with the problem.
I think it’s problem in source-based Linux distribution.

Re: [gentoo-dev] Need clear semantics for packages with binary entities

2015-12-28 Thread Michał Górny 
On Mon, 28 Dec 2015 21:24:14 +0300
trupa...@gmail.com wrote:

> I’m suffering from the fact that users can distinguish packages containing
> binaries just by eye. There is no mechanism to allow/ignore such packages.
> For license restrictions we have ‘package.license/’ whitelist.
> 
> I figure out the following binary entities in portage’s packages
> that (to my point of view) need to be clearly defined as BINARY:
> 1. *-bin packages (maven-bin, icedtea-bin)
> 2. firmware packages (linux-firmware)
> 3. purely binary packages that are installed without any notion
> they are binary or source packages just like Ubuntu’s ones
> (app-office/upwork)
> 4. packages with pre-compiled bytecode/objectcode that are installed
> like packages in #3.
> (geogebra, many packages with .jar files in dev-java/*)

And you already covered here how different the notion of 'binary' (or
rather, 'pre-built') can be. There could be pre-built stuff that is
arch-specific or otherwise of limited portability. There could be
pre-built stuff that is portable. There could be pre-built stuff whose
rebuilding isn't really meaningful at all.

Do you want to force rebuilding docs in every package? Do you want to
force eautoreconf to ensure you don't run pre-built configure scripts?

-- 
Best regards,
Michał Górny



pgpRh9mT_enuC.pgp
Description: OpenPGP digital signature