Hi,
I send this email to know the devs opinion about Gentoo integration with
Open Build Service[1].
When creating specialized images and using an automated process for
testing before deployment, I think that Open Build Service would be
useful. It already support all major binary based distros and
Hi Michał,
On 11/11/2017 08:09 AM, Michał Górny wrote:
> You've put a lot of theory in here but not really a single sentence
> on what needs to be done. I'm aware that some people used to be working
> on adding some OBS ebuilds to Gentoo but I've no clue about their goal.
>
> Long story short, if
Hi,
On 11/14/2017 10:04 AM, Michael Haubenwallner wrote:
> Well, Gentoo is a Meta Distribution, and it's binary instantiation usually
> does emerge on the users machine(s). So users actually do have their private
> binary distribution - either with or without caching the binary packages.
> (In my
Hi,
On 11/14/2017 03:04 PM, Ian Stakenvicius wrote:
> The biggest issue you will have with doing these types of builds,
> though, is dealing with the various use flag differences that various
> consumer systems may have. From what little I've played with binary
> builds, if you want to offer bin
Hi Peter,
On 11/14/2017 07:33 AM, Peter Volkov wrote:
> Samuel, probably I miss something but this should work out of box:
> https://wiki.gentoo.org/wiki/Binary_package_guide#Web_based_binary_package_host
>
> Or do you mean something else?
>
Yes, you're right. I miss that when I read that page
Hello,
I'm using oracle jdk as default jvm, but when I review java-config
result after setting oracle-jdk-bin as prefered jvm, javaws continues to
start icedtea version.
Analysing the script /usr/libexec/eselect-java/run-java-tool.bash I
realised that itweb-javaws is hardcoded:
> if [ "${tool}"
Hi,
I send this email to know the opinion of gentoo developers about
registering gentoo profiles in the context of reproducible-builds.org
Cheers
On 02/04/2018 06:14 PM, Canek Peláez Valdés wrote:
>
>
> What would this even mean in the context of a source-based distro?
>
>
> It would mean that we all could reproduce the exact same bugs given
> the CFLAGS/USE/etc. combination.
>
> Many groups are working on this from different fronts; if
Dear all,
I send this email to ask you for your help for the better approach to
translate the following autoreconf command to an ebuild:
> |autoreconf -i -f ./configure \ --prefix=/usr \
> --libexecdir=/usr/lib/snapd \
> --with-snap-mount-dir=/var/lib/snapd/snap \ --enable-apparmor \
> --enable-n
Thank you Michal and Haelwenn for your advises.
I'm taking as reference the documentation about functions syntax in
devmanual[1] (very useful for a quickly review).
In the source code where autoreconf is being called I found a
configure.ac and Makefile.am.
Looking into autogen.sh[2] script prvid
Dear all,
Fulfilling the linting of ebuild code style design for software projects
that loads their dependencies during build, such as go based projects or
npm as an example, could be very nasty.
Looking into source code of snapd or opennebula as two examples, I need
to break network sandbox to g
Hi Haelwenn,
On 3/27/20 1:50 AM, Haelwenn (lanodan) Monnier wrote:
> Couldn't the snapd_${PV}.vendor.tar.xz available in
> https://github.com/snapcore/snapd/releases
> work in your case to avoid downloading tarballs?
> And probably consider using go-modules.eclass, which can also allow
> packagin
Hi Robin,
On 3/27/20 3:03 AM, Robin H. Johnson wrote:
> Have you looked at the EGO_SUM in go-module? This already covers ANY go
> package that uses go.mod + go.sum, in a fully reproducible way that does
> not break network sandbox.
I didn't understand EGO_SUM right.
Thank you for mentioned it.
Hi Michał,
On 3/27/20 5:59 AM, Michał Górny wrote:
> Stop here. If you think that you need to 'break network sandbox', you
> already have the wrong attitude and shouldn't continue. Network sandbox
> is not your enemy. Using network is.
>
> Network sandbox protects users from paying extra becaus
Hi Michał,
On 3/27/20 11:33 AM, Michał Górny wrote:
> SRC_URI is well-defined, and that makes it possible for us and users to
> develop consistent solutions. We have Gentoo mirror network to increase
> reliability when upstream servers fail. Users can deploy local mirrors
> to increase reliabili
Hi again Michał,
On 3/27/20 11:48 AM, Michał Górny wrote:
> Nope, just ::gentoo. Minus ebuilds with RESTRICT=mirror.
I have some doubts after reading the mirror documentation[1] in the
context of personal overlays (not official).
There is two procedures defined as I could understand:
- manually
Dear all,
Would it be possible to create official ebuilds for Gentoo
infrastructure projects, such as:
https://github.com/mgorny/repo-mirror-ci
https://github.com/mgorny/pkgcheck-result-parser
Thank you,
Samuel
signature.asc
Description: OpenPGP digital signature
Hi Mike,
On 3/27/20 4:31 PM, Mike Gilbert wrote:
> On Fri, Mar 27, 2020 at 12:19 PM Samuel Bernardo
> wrote:
>> Dear all,
>>
>> Would it be possible to create official ebuilds for Gentoo
>> infrastructure projects, such as:
>>
>> https://github.com/mgor
Hi Alec,
On 3/27/20 7:27 PM, Alec Warner wrote:
> The Gentoo Mirror system is basically a set of scripts that syncs the
> ::gentoo repository, enumerates all URIs in SRC_URI for all ebuilds,
> and fetches them.
> It doesn't enumerate anything in any overlays. Overlay authors are
> required to poin
Thank you very much for you detailed answers Alec.
I will add them to my FAQ,
Best,
Samuel
On 3/27/20 11:20 PM, Alec Warner wrote:
>
> On Fri, Mar 27, 2020 at 3:59 PM Alec Warner <mailto:anta...@gentoo.org>> wrote:
>
>
> On Fri, Mar 27, 2020 at
Hi Alec,
On 3/27/20 11:20 PM, Alec Warner wrote:
>
> I should point you at man portage(5) (search for mirrors), which has
> more detail on how to set up a non-gentoo mirror network.
Reading portage manpage about mirrors I didn't find the mirror type
possible values. As I could understand, there i
Dear all,
My goal is to integrate local rsyncd mirror in /etc/portage/mirrors with
a configuration like
local rsync://localnet-master/gentoo
where "gentoo" in rsyncd.conf contains every files in
/var/db/repos/gentoo including distfiles/, excluding only packages/
directory that is defined in "por
Hi,
On 3/31/20 9:25 PM, Alec Warner wrote:
>
> From thirdpartymirrors file I can see more examples... The mirror type
> can be any label that I decide to use?
>
>
> man portage(5) says:
> Whenever portage encounters a mirror:// style URI it will look up the
> actual hosts here. If the mir
Hi Alec,
Thank you very much for your explanation.
I'll keep it in my notes.
Best,
Samuel
On 3/31/20 11:41 PM, Alec Warner wrote:
> In general I'd avoid using the mirror system as URI simplification too
> much; a lot of the idea is to avoid hardcoding specific hosts. E.g.
> for the gentoo mirr
:47 PM, Michael Orlitzky wrote:
> On 3/31/20 6:21 PM, Samuel Bernardo wrote:
>> But after your explanation, I understand now that mirror types provides
>> alias to use in ebuild SRC_URI, specially useful for the update task
>> (awesome).
>>
> Beware: thirdpartymirrors doe
Hi Robin,
On 4/1/20 6:36 AM, Robin H. Johnson wrote:
> Samuel:
> I already proved that using go-module.eclass EGO_SUM it will NOT use Git
> repositories, and all of the fetching will happen long before
> src_unpack. Why do you persist with your statement to the contrary?
Sorry my misunderstanding
Hi Robin,
On 4/1/20 6:36 AM, Robin H. Johnson wrote:
>> Normally we don't bundle dependencies, avoiding that problem entirely.
>> The Go eclasses however are badly designed, committed against protest by
>> paid corporate interests, and serve only to facilitate large-scale
>> copyright infringement
/20 4:49 PM, Alec Warner wrote:
>
> On Wed, Apr 1, 2020 at 5:14 AM Samuel Bernardo
> mailto:samuelbernardo.m...@gmail.com>>
> wrote:
>
> Forgive my noobishness in this matter that let Alec to comment
> over my own statement.
>
> Alec pointed out some v
Hi Michael,
On 4/1/20 6:01 PM, Michael Orlitzky wrote:
> On 4/1/20 11:49 AM, Alec Warner wrote:
>> Imagine a common dep (CommonFoo-x-y-z)
>> has a security problem, so we must upgrade to CommonFoo-y-z. In the
>> scenario where CommonFoo is a dynamically linked package we can
>> recompile it once[4
Hi Robin,
On 4/1/20 11:07 PM, Robin H. Johnson wrote:
>>> # I am considering removing this and just hard coding mirror://goproxy
>>> # below, so please do not rely on it.
>>> : "${_GOMODULE_GOPROXY_BASEURI:=mirror://goproxy/}"|
>> So, go-module.eclass provides a good base to follow SRP pattern (si
On 2020-04-04 15:57, Kent Fredric wrote:
> Depends how concerned you are about VM busting exploits contaminating
> the host.
>
> ( Maybe not Zoom in particular, but with regard to the general theme of
> "risky apps on a valued system" )
Sorry about my comment, but couldn't that be solved choosing
Hi Kent,
On 4/6/20 2:08 PM, Kent Fredric wrote:
> So no, nobody can actually make assurances of this software, we can
> only stipulate which cautions we know are warranted.
No assurance is also a level that takes place in the lower ranking
level. If someone needs to use zoom because they are dema
Dear all,
I start to subscribe all the messages that have been exchanged2 and
would like to start to cite a very important sentence mentioned by Kent
in zoom thread, that concerns me:
On 4/7/20 7:23 AM, Kent Fredric wrote:
> But utlimately, this is not a technology problem: Its a staffing problem
Hi everyone,
I would like to leave a suggestion for Gentoo portage ebuild review.
Since there are some ebuilds in portage that become outdated for more
than one year when there are new versions available, maybe could be
possible to add a new step in Gentoo QA service to generate an alarm
(send em
Looking also to changes proposed in GLEP 72 maybe my previous suggestion
would bring another profile status as unattended or ceased.
This would allow the transition for those that need to use old or
archived profile versions.
On 2020-04-10 12:31, Samuel Bernardo wrote:
> Hi everyone,
>
>
Dear Java team,
I send this email to mention that it seems to be missing eclasses for
JVM builders such as those I mention in this email subject. Dependencies
and tasks management are hard tasks now that I think to have great scope
for improvement.
Looking into the developments made in go eclasse
Hi,
Thank you very much for your experience and information sharing. I
learnt very much with your answers.
---
The goal of my suggestions was related to ebuilds that become unattended
more than one year or being left behind even further. Anyway the right
timescale depends on each project and so
Hi,
On 4/11/20 2:13 AM, Jonas Stein wrote:
> AFAIK technically it can already scan overlays.
> You can ask the euscan team.
Anybody there who can help me to contact euscan team?
> http://euscan.gentooexperimental.org/
The updated team contact is missing in this page.
Is euscan still experimenta
very useful to develop ebuilds
and evolve with the right procedures.
Thanks,
Samuel
On 4/11/20 2:06 AM, Benda Xu wrote:
> Hi Samuel,
>
> Samuel Bernardo writes:
>
>> I send this email to mention that it seems to be missing eclasses for
>> JVM builders such as those I
Hi Benda,
Thanks for the reference to Java Packing policy since I haven't read it
before.
I also forget to mention maven build system in last email, but for now
I'm only focused on scala and sbt.
On 4/19/20 5:31 AM, Benda Xu wrote:
> That's a good idea. What's your plan to realize the eclasses?
On 2020-04-19 16:37, Michael Orlitzky wrote:
> On 4/19/20 10:55 AM, Samuel Bernardo wrote:
>> Taking into account the network sandbox requirement, sbt.eclass needs to
>> download all dependencies with some approach like EGO_SUM implementation
>> in go-module.eclass[1].
Hi Michael,
On 4/19/20 9:09 PM, Michael Orlitzky wrote:
> You can do whatever you want in an overlay, but you can't introduce
> security vulnerabilities and license issues into thousands of peoples'
> homes and businesses through ::gentoo because it makes your life a tiny
> bit easier.
>
> The job
On 4/20/20 8:27 PM, Rich Freeman wrote:
> IMO it isn't really worth worrying about, because right now the main
> limitation seems to be a lack of people working on projects, not 25
> devs who each want to re-implement go their own way...
This is another reason I think is so important the overlays
On 4/21/20 6:50 AM, Michał Górny wrote:
> I realize Go is not isolated here. It's just brought as one major
> example. Rust is no better. All these shiny 'write and forget'
> languages share the same problem. Pay for some work hours, get
> a working product, deploy it and forget unless customer
Hi everyone,
gentoostats is a novelty for me and I'm not aware of previous
discussions or implementations. But for what I could understand from the
comments and Michał Górny explanation, I would start to ask your
attention to octoverse[1] initiative.
Maybe collected statistics could be a possible
Hi,
I start to thanks all your advices from previous emails related to
ebuild development.
I send you this email to let off steam about the big mess to have latest
OpenNebula version available in my Gentoo overlay[1]. This was the
problems I had to deal with:
- patch many source files with sed t
Well I use eix-sync...
As I can see in comment in the script beginning eix-sync uses emerge --sync:
> This script calls emerge --sync and shows the differences.
So that kind of transition to emaint sync would require a review from
the current tools.
On 5/6/20 11:11 PM, Zac Medico wrote:
> On 5/6
-sandbox was not authorized by the user.
I hope this ebuild to be useful and I'm glad to share it for Gentoo
community.
Best,
Samuel
[1] https://cgit.gentoo.org/repo/user/ssnb.git/tree/app-emulation/opennebula
On 5/4/20 2:00 PM, Samuel Bernardo wrote:
> Hi,
>
> I start to thanks all you
Hi William,
How about overlays using the eclass, will this changes only apply to EAPI 8?
Thanks,
Samuel
On 5/10/20 10:16 PM, William Hubbs wrote:
> All,
>
> now that go 1.14.2 is stable, I want to remove the EGO_VENDOR support from
> go-module.eclass.
>
> This was kept when the EGO_SUM support
Hi William,
On 5/12/20 4:38 PM, William Hubbs wrote:
> Hi Samuel,
>
> this change will apply to all users of the eclass.
>
> Overlays are not considered blockers for in-tree eclass work.
>
> Also, keepin mind that there was a qa warning in place for this issue
> for 3 months, so overlay owners
Hi,
On 5/12/20 6:40 PM, Joonas Niilola wrote:
> On 5/12/20 8:36 PM, Samuel Bernardo wrote:
>> My concern was about the others, for instance go-overlay that I have
>> enabled.
>>
>> Should it be possible to run a QA check to create a bug request to
>> remember t
On 5/19/20 7:47 AM, Michał Górny wrote:
> Do you have any specific solution in mind?
>
> [1] https://gitweb.gentoo.org/archive/proj/identity.gentoo.org.git/
I would suggest for SSO an implementation like the following with LDAP
provider:
https://github.com/Luzifer/nginx-sso/wiki/Auth-Provider-Con
Hi,
I realize today that nginx ebuild have a new slot mainline. The current
ebuild stable version 1.17 came from mainline. Anyone knows if this
means that is not the stable version of nginx?
After reading the following blog post I couldn't understand what they
are doing now:
https://www.nginx.co
On 5/22/20 9:08 PM, Michał Górny wrote:
> Hence my question: do you find 'do not remove kernels listed
> in bootloader config' feature useful? Do you think it should remain
> the default? Do you think it is worthwhile to continue supporting it?
In my Gentoo maintenance scripts I'm using
eclean-
Hi,
I need to add a commit to a gentoo pull request that I had opened before.
https://github.com/samuelbernardo/gentoo
Is it possible to add the commit to that pull request or I need to open
a new pull request?
I already try to get help in gentoo-dev channel but I haven't voice there...
Thanks
Hi,
Sorry if I miss any detail about glsa-check context, but I think that it
misses the CVE[1] id review I left in subject.
About chromium stability, what would you advice me, install latest
keyword masked version or wait for next stable version?
The current chromium stable version have also run
Hi,
I send this email to ask for your help on selecting the project
maintainer for a new ebuild.
I created a pull request for the ebuild in subject[1] and the QA reports
complaints about missing project maintainer[2]. What should I do?
Thanks
[1] https://github.com/gentoo/gentoo/pull/16399
[2]
Hi Brian
On 6/25/20 11:18 PM, Brian Dolbec wrote:
> You add yourself as primary maintainer. The proxy maintainers will add
> themselves for the merge to the repo after all review is done. This
> will mean that you will need to maintain the pkg, do the version bumps,
> etc.. The proxy team will
On 6/25/20 11:28 PM, Brian Dolbec wrote:
> yes, you do not need to add a Gentoo maintainer unless asked to.
Even without maintainer Gentoo CI fails the check for maintainer[1].
Maybe this could be not expected, and so I give you this feedback for
Gentoo infrastructure review.
[1]
https://qa-repo
Hi,
Sorry to bother you directly, but this seems very urgent and may be
neglected in the middle of all the tasks you had:
https://bugs.gentoo.org/822291
Stabilization of thunderbird current stable version 91!
78 should be masked since is not supported anymore.
https://en.wikipedia.org/wiki/
60 matches
Mail list logo
