Re: [gentoo-dev] PSA: switching default tmpfiles virtual provider
Hi, On 25/11/2020 22.57, Georgy Yakovlev wrote: > systemd-tmpfiles does not depend on any systemd-isms, does not need dbus, > and is just a drop-in replacement, the only step needed is to emerge the > package. > it's a simple single binary + manpage, binary links to libacl and couple other > system libs. Can confirm that systemd-tmpfiles works fine on OpenRC systems. Been using it since end of October. Two things that are different in terms of interface to opentmpfiles is that systemd-tmpfiles does not have --dry-run runtime option, and it will complain if any /usr/lib/tmpfiles.d/*.conf uses /var/run instead of /run, but that's just an warning. Regardless, it's just a drop-in replacement, have not noticed any issues. -- Piotr.
[gentoo-dev] Packages up for grabs: x11-misc/menulibre
Dear all the following packages are up for grabs while dissolving the desktop-misc project: x11-misc/menulibre https://packages.gentoo.org/packages/x11-misc/menulibre It has many users and it would be great if you would take care for it. It has 5 open bugs - some with a fix. https://bugs.gentoo.org/buglist.cgi?quicksearch=x11-misc%2Fmenulibre_id=5000746 -- Best, Jonas
[gentoo-dev] Packages up for grabs: x11-misc/zim
Dear all the following packages are up for grabs while dissolving the desktop-misc project: x11-misc/zim https://packages.gentoo.org/packages/x11-misc/zim It is a very powerful deskop wiki which is written in python. It has many users and it would be great if you would take care for it. It has one open bug with a fix in the comments. https://bugs.gentoo.org/678436 -- Best, Jonas
[gentoo-dev] PSA: switching default tmpfiles virtual provider
Hi, In case you don't know, opentmpfiles has an open CVE CVE-2017-18925: root privilege escalation by symlink attack https://github.com/OpenRC/opentmpfiles/issues/4 It has been an issue for quite a while, reported 3 years ago, and not much changed since. Also it lacks any sort of testing, and master branch is in a non-working state at time of writing, latest version is masked.[0] Due to nature of opentmpfiles (it's a POSIX sh script), it may be impossible to fix symlink handling and TOCTOU races. As a consequence I'll be switching default tmpfiles provider to sys-apps/systemd-tmpfiles by the end of the week by updating virtual/tmpfiles ebuild. pros of systemd-tmpfiles: 0) Secure. 1) Reference implementation. 2) Supports all features, because ^. 3) Has working tests. 4) Has millions of users as part of systemd. 5) upstream supports standalone usecase/build our ebuild uses. [1][2] 6) drop-in replacement, just emerge and forget. systemd-tmpfiles does not depend on any systemd-isms, does not need dbus, and is just a drop-in replacement, the only step needed is to emerge the package. it's a simple single binary + manpage, binary links to libacl and couple other system libs. existing installations will not be affected, but openrc users are welcome to opt-in by running 'emerge --oneshot systemd-tmpfiles' [0] https://bugs.gentoo.org/751739 [1] https://github.com/systemd/systemd/pull/16061 [2] https://github.com/systemd/systemd/pull/16061/commits/db64ba81c62afa0e0d3e95c4a3e1ec3dd9a471a4 signature.asc Description: PGP signature
[gentoo-dev] Last-rites: net-libs/libkvkontakte
# Andreas Sturmlechner (2020-11-25) # Depends on deprecated dev-qt/qtwebkit and kde-frameworks/kdewebkit. # Barely maintained upstream and on the brink of being archived for good. # Patch for Qt5WebEngine exists but needs runtime testing, bug #756685 # Masked for removal in 30 days. net-libs/libkvkontakte signature.asc Description: This is a digitally signed message part.
