Re: [gentoo-dev] [PATCH 1/2] selinux-policy-2.eclass: add EAPI 7

2020-11-02 Thread Ulrich Mueller
> On Mon, 02 Nov 2020, David Michael wrote:

> +if [[ ${EAPI:-0} == [56] ]]; then

Substituting 0 is not necessary here.

Ulrich


signature.asc
Description: PGP signature


[gentoo-dev] Last-rites: broken, outdated, unmaintained -9999 packages

2020-11-02 Thread Joonas Niilola

# Dead upstream, or broken for a long time, not maintained in Gentoo.
# Removal in 30 days. Bug #752462
app-emulation/rex-client
app-i18n/kde-l10n-scripts
media-plugins/xbmc-addon-xvdr
net-analyzer/nagios-plugins-flameeyes
net-libs/libosmo-abis
net-libs/libosmo-netif
net-misc/lcr
net-misc/srf-ip-conn-srv
net-wireless/dump978
net-wireless/openbsc
net-wireless/openggsn
net-wireless/osmobts
net-wireless/osmocom-bb




OpenPGP_signature
Description: OpenPGP digital signature


[gentoo-dev] New QA policy suggestion: Disallow "live-only" packages

2020-11-02 Thread Joonas Niilola

Hey,

I'm suggesting a new QA policy to disallow any "live-ebuild-only
packages" being hosted in ::gentoo. Rationale being the same as why
- packages can't have KEYWORDS: They are unpredictable and
potentially insecure. Unpredictability could mean upstream repo being
broken at any given time placing users in an awkward situation, where
they are able to build some packages while not the others. Upstream
repo can also be force-pushed over. I feel like packages offered in
::gentoo shouldn't have these issues, and the need to have at least one
safe release available to users that's guaranteed to build.

With Git-like VCS's becoming popular, it is super easy to create an
unchanged snapshot based on a commit. Even devmanual encourages this
with proper guide how-to:
https://devmanual.gentoo.org/ebuild-writing/file-format/index.html#snapshots-and-live-ebuilds
  (https://devmanual.gentoo.org/keywording/index.html)

We currently have 43 "live-ebuild-only" packages in tree. Out of those
19 are totally unbuildable, that's 44 % of all packages present in the
repo. Overall the maintenance of these live-ebuild-only packages looks
low, there's only a handful of ebuilds that have good quality and no
issues at all. 12 of them, 28 %, are still on EAPI-5. Of all 43, only 2
would require the maintainer to generate a tarball by themself, while
others can utilize upstream's tagged releases, or ability to make a
snapshot from a specific commit. Obviously if this policy passes, I'll
be helping getting these packages keyworded.

And finally here's an example how to introduce new packages to tree
without upstream releases:
https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/rlottie?id=42873c46b7ed07d5b4f8af5fcf08d8549cb6385b
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=2de52234783be909f6e4aed333533e6a804e8e6b
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=8305f0c6cd0ce8cb5ac0f2d92569acce36a5cc0a
  etc...
https://gitweb.gentoo.org/repo/gentoo.git/commit/media-libs/rlottie?id=24c48b325dd5a22284d077d6581a1a45e397e511

If the only available version for a package doesn't build - or can't be
guaranteed to build - then it should be last-rited, or not exist in
::gentoo repo at all.

Some history and initiative: bug #713802

-- juippis



[gentoo-dev] [PATCH 1/2] selinux-policy-2.eclass: add EAPI 7

2020-11-02 Thread David Michael
Closes: https://bugs.gentoo.org/748483
Signed-off-by: David Michael 
---

Hi,

Please start allowing EAPI 7 SELinux policy ebuilds.

Thanks.

David

 eclass/selinux-policy-2.eclass | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass
index c1e21974021..3ba310e49de 100644
--- a/eclass/selinux-policy-2.eclass
+++ b/eclass/selinux-policy-2.eclass
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # Eclass for installing SELinux policy, and optionally
@@ -7,7 +7,7 @@
 # @ECLASS: selinux-policy-2.eclass
 # @MAINTAINER:
 # seli...@gentoo.org
-# @SUPPORTED_EAPIS: 5 6
+# @SUPPORTED_EAPIS: 5 6 7
 # @BLURB: This eclass supports the deployment of the various SELinux modules 
in sec-policy
 # @DESCRIPTION:
 # The selinux-policy-2.eclass supports deployment of the various SELinux 
modules
@@ -76,7 +76,7 @@
 
 case "${EAPI:-0}" in
0|1|2|3|4) die "EAPI<5 is not supported";;
-   5|6) : ;;
+   5|6|7) : ;;
*) die "unknown EAPI" ;;
 esac
 
@@ -117,9 +117,15 @@ else
RDEPEND=">=sys-apps/policycoreutils-2.0.82
>=sec-policy/selinux-base-policy-${PV}"
 fi
-DEPEND="${RDEPEND}
-   sys-devel/m4
-   >=sys-apps/checkpolicy-2.0.21"
+if [[ ${EAPI:-0} == [56] ]]; then
+   DEPEND="${RDEPEND}
+   sys-devel/m4
+   >=sys-apps/checkpolicy-2.0.21"
+else
+   DEPEND="${RDEPEND}"
+   BDEPEND="sys-devel/m4
+   >=sys-apps/checkpolicy-2.0.21"
+fi
 
 EXPORT_FUNCTIONS src_unpack src_prepare src_compile src_install pkg_postinst 
pkg_postrm
 
-- 
2.26.2



[gentoo-dev] [PATCH 2/2] selinux-policy-2.eclass: drop EAPI 5

2020-11-02 Thread David Michael
Signed-off-by: David Michael 
---

Grepping through the ebuilds using this eclass shows that they're all on
EAPI 6.  A bunch of workarounds could be dropped along with EAPI 5, but
it isn't necessary to fix anything, so feel free to ignore this patch.

 eclass/selinux-policy-2.eclass | 38 --
 1 file changed, 9 insertions(+), 29 deletions(-)

diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass
index 3ba310e49de..ce7643ecf15 100644
--- a/eclass/selinux-policy-2.eclass
+++ b/eclass/selinux-policy-2.eclass
@@ -7,7 +7,7 @@
 # @ECLASS: selinux-policy-2.eclass
 # @MAINTAINER:
 # seli...@gentoo.org
-# @SUPPORTED_EAPIS: 5 6 7
+# @SUPPORTED_EAPIS: 6 7
 # @BLURB: This eclass supports the deployment of the various SELinux modules 
in sec-policy
 # @DESCRIPTION:
 # The selinux-policy-2.eclass supports deployment of the various SELinux 
modules
@@ -75,8 +75,8 @@
 : ${SELINUX_GIT_BRANCH:="master"};
 
 case "${EAPI:-0}" in
-   0|1|2|3|4) die "EAPI<5 is not supported";;
-   5|6|7) : ;;
+   0|1|2|3|4|5) die "EAPI<6 is not supported";;
+   6|7) : ;;
*) die "unknown EAPI" ;;
 esac
 
@@ -87,10 +87,6 @@ case ${BASEPOL} in
EGIT_CHECKOUT_DIR="${WORKDIR}/refpolicy";;
 esac
 
-if [[ ${EAPI:-0} == 5 ]]; then
-   inherit eutils
-fi
-
 IUSE=""
 
 HOMEPAGE="https://wiki.gentoo.org/wiki/Project:SELinux;
@@ -117,7 +113,7 @@ else
RDEPEND=">=sys-apps/policycoreutils-2.0.82
>=sec-policy/selinux-base-policy-${PV}"
 fi
-if [[ ${EAPI:-0} == [56] ]]; then
+if [[ ${EAPI:-0} == 6 ]]; then
DEPEND="${RDEPEND}
sys-devel/m4
>=sys-apps/checkpolicy-2.0.21"
@@ -162,25 +158,13 @@ selinux-policy-2_src_prepare() {
# Patch the sources with the base patchbundle
if [[ -n ${BASEPOL} ]] && [[ "${BASEPOL}" != "" ]]; then
cd "${S}"
-   if [[ ${EAPI:-0} == 5 ]]; then
-   EPATCH_MULTI_MSG="Applying SELinux policy updates ... " 
\
-   EPATCH_SUFFIX="patch" \
-   EPATCH_SOURCE="${WORKDIR}" \
-   EPATCH_FORCE="yes" \
-   epatch
-   else
-   einfo "Applying SELinux policy updates ... "
-   eapply -p0 
"${WORKDIR}/0001-full-patch-against-stable-release.patch"
-   fi
+   einfo "Applying SELinux policy updates ... "
+   eapply -p0 
"${WORKDIR}/0001-full-patch-against-stable-release.patch"
fi
 
-   # Call in epatch_user. We do this early on as we start moving
+   # Call in eapply_user. We do this early on as we start moving
# files left and right hereafter.
-   if [[ ${EAPI:-0} == 5 ]]; then
-   epatch_user
-   else
-   eapply_user
-   fi
+   eapply_user
 
# Copy additional files to the 3rd_party/ location
if [[ "$(declare -p POLICY_FILES 2>/dev/null 2>&1)" == "declare -a"* ]] 
||
@@ -200,11 +184,7 @@ selinux-policy-2_src_prepare() {
cd "${S}/refpolicy/policy/modules"
for POLPATCH in ${POLICY_PATCH[@]};
do
-   if [[ ${EAPI:-0} == 5 ]]; then
-   epatch "${POLPATCH}"
-   else
-   eapply "${POLPATCH}"
-   fi
+   eapply "${POLPATCH}"
done
fi
 
-- 
2.26.2