Re: [gentoo-dev] [PATCH] verify-sig.eclass: Fix the example to use BROOT

[Sam James]

> On 18 Jul 2021, at 19:44, Michał Górny  wrote:
> 
> Signed-off-by: Michał Górny 
> ---
> eclass/verify-sig.eclass | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> [snip]
> # BDEPEND="
> #   verify-sig? ( app-crypt/openpgp-keys-example )"
> #
> -# VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/example.asc
> +# VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/example.asc
> # @CODE
> 
> case ${EAPI} in
> --
> 2.32.0
> 
> 

lgtm, but consider fixing up existing ebuilds in the tree?

best,
sam


signature.asc
Description: Message signed with OpenPGP

Re: [gentoo-dev] [PATCH] optfeature.eclass: Drop support for EAPIs 0,1,2,3,4,5

[Sam James]

> On 23 Jul 2021, at 07:44, Andreas Sturmlechner  wrote:
> 
> Signed-off-by: Andreas Sturmlechner 
> ---
> eclass/optfeature.eclass | 8 
> 1 file changed, 4 insertions(+), 4 deletions(-)
> [snip]

lgtm.

best,
sam


signature.asc
Description: Message signed with OpenPGP

Re: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults

[Sam James]

> On 27 Jul 2021, at 13:32, David Seifert  wrote:
> 
> Signed-off-by: David Seifert 
> ---
> .../2021-08-01-tcpd-disabled.en.txt   | 62 +++
> 1 file changed, 62 insertions(+)
> create mode 100644 2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
> 
> diff --git a/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt 
> b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
> new file mode 100644
> index 000..3631de3
> --- /dev/null
> +++ b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt
> @@ -0,0 +1,62 @@
> +Title: USE=tcpd no longer globally enabled
> +Author: David Seifert 
> +Posted: 2021-08-01
> +Revision: 1
> +News-Item-Format: 2.0
> [snip]
> +
> +On 2021-11-01, we will remove USE="tcpd" from the globally default
> +enabled USE flags. USE="tcpd" usually enables sys-apps/tcp-wrappers
> +for an adhoc firewall based on /etc/hosts.allow and /etc/hosts.deny.
> +

This lgtm overall and thanks for working on it. Some minor comments below.

Could you file and reference a bug within the news item (and in the commit
message for the news item) to allow issues to be raised in one place by users?

> +The base system project has come to the conclusion that 24 years after

s/base system/Base System/.

> +the last upstream release, tcp-wrappers is not relevant in 2021 anymore.

How about: "tcp-wrappers is not suitable for a default configuration in 2021 
anymore."?

> +Other distributions have completely removed support at this point. If
> +you rely on tcp-wrappers, you can re-enable the flag. We strongly
> +recommend you switch to more modern packet filters, such as BPF,
> +nftables or iptables.

Let's add that we recommend users who specifically rely on functionality,
including tcpd, can and should enable it specifically for that package
via their package manager's configuration? (make.conf/package.use for
Portage).

We'll link to https://wiki.gentoo.org/wiki//etc/portage/package.use.

best,
sam


signature.asc
Description: Message signed with OpenPGP

Re: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults

[Ulrich Mueller]

> On Wed, 28 Jul 2021, Thomas Deutschmann wrote:

> On 2021-07-27 16:07, Ulrich Mueller wrote:
>>> +Display-If-Installed: net-analyzer/argus-clients
>> IIUC this won't affect users who have already disabled the flag,
>> so maybe add a [tcpd] use dependency here (and to all other
>> Display-If-Installed lines below)?

> Looks like we cannot target USE flags in GLEP 42 news items:

That looks like a bug in Portage. News item format 2.0 should support
EAPI 5 dependency specifications.

In either case, it doesn't error out, so adding [tcpd] the the news item
won't harm.

Ulrich


signature.asc
Description: PGP signature

Re: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults

[Thomas Deutschmann]

On 2021-07-27 16:07, Ulrich Mueller wrote:

+Display-If-Installed: net-analyzer/argus-clients

IIUC this won't affect users who have already disabled the flag,
so maybe add a [tcpd] use dependency here (and to all other
Display-If-Installed lines below)?


Looks like we cannot target USE flags in GLEP 42 news items:


# equery uses mail-mta/postfix | grep cdb
-cdb



# eselect news list
News items:
[...]
  [20] 2021-07-23  migrating from glibc[crypt] to libxcrypt in ~arch



# eselect news unread 20


Add


Display-If-Installed: mail-mta/postfix[cdb]


to 
/var/db/repos/gentoo/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.en.txt



# emerge -p mail-mta/postfix
[...]

>  * IMPORTANT: 1 news items need reading for repository 'gentoo'.
>  * Use eselect news read to view new items.


--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5



OpenPGP_signature
Description: OpenPGP digital signature