On Mon, May 16, 2022 at 07:37:40PM +0200, Markus Walter wrote:
> Hello all,
>
> is it possible to do the following: after fetching a distfile portage runs
> an external normaliser program specified in an ebuild before checking the
> hash?
>
> My use case is the following: I would like to improve
On Sun, Jun 28, 2020 at 12:54:56PM -0700, Zac Medico wrote:
> Use sort and comm with temporary files in order to compare lists
> of docompress -x and precompressed files, since the file lists
> can be extremely large. Also strip ${D%/} from paths in order to
> reduce length.
+1 looks much better.
On Tue, Jun 23, 2020 at 05:36:14PM -0700, Zac Medico wrote:
> From: Patrick McLean
>
> Use sed -f to feed commands to sed via stdin, in order to avoid
> the "Argument list too long" error reported in bug 727522.
Will this need to move to a tempfile in the near future, for the size of
sed_args? Ma
Can Portage handle this error more gracefully please?
The symlink test file is there to verify mirror behavior, so we don't
want to delete it either.
--
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B
On Tue, Jan 16, 2018 at 11:32:28AM -0800, Zac Medico wrote:
> > But app-crypt/gentoo-keys doesn't include that executable, and it has
> > no dependency on app-crypt/gkeys. I'd rather not introduce an artificial
> > dependency here.
>
> I suppose we could using a separate ebuild to install this hoo
On Mon, Nov 06, 2017 at 09:14:56AM +0100, Michał Górny wrote:
> -# Future events:
> -#
> -# After WHIRLPOOL is supported in stable portage for at least 1 year:
> -# - Change MANIFEST2_REQUIRED_HASH to WHIRLPOOL.
> -# - Remove SHA256 from MANIFEST2_HASH_*.
> -# - Set manifest-hashes in gentoo-x86/me
On Thu, Aug 31, 2017 at 10:45:42PM +0200, Michał Górny wrote:
> + export PATH=/dev/null
Minor nitpick: The Single UNIX spec says that PATH is a set of prefixes,
and that they're treated as directories.
http://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html
I think it might be good to use
On Fri, Nov 25, 2016 at 12:32:28PM -0800, Zac Medico wrote:
> I question the usefulness of producing warnings that people probably
> want to ignore anyway, but I suppose we could make the
> Manifest.checkTypeHashes method implement this behavior internally.
Ok, then I'd like to flip your default to
On Wed, Nov 23, 2016 at 11:04:54PM -0800, Zac Medico wrote:
> The current GLEP 60 draft specifies that non-strict handling of MISC
> digests should be supported.
In my followup post about how it should work, I noted that in non-strict
mode, a non-fatal warning should be issued for the mismatch of
There is no way to presently declare that Gentoo itself is
the upstream hosting location for a given package. Add
'gentoo' option to the remote-id type attribute to cover
such a case.
Signed-off-by: Robin H. Johnson
---
repoman/cnf/metadata.xsd | 1 +
1 file changed, 1 insertion(+)
On Tue, Jun 14, 2016 at 10:41:38AM +0200, Alexander Berntsen wrote:
> Friends,
>
> I saw Brian asking Michał to OpenPGP-sign his commits in IRC, to which
> Michał quipped that we would have if it were enforced. So perhaps we
> should just enforce it. Most of us do it -- but I see Zac not doing it
On Fri, Nov 13, 2015 at 01:26:24PM +0100, Alexander Berntsen wrote:
> On 12/11/15 22:21, Robin H. Johnson wrote:
> > Thanks, merged.
> Sorry, what? You're not in the Portage team. The last time you
> committed directly was in 2007; I can't speak for that period of ti
On Wed, Nov 11, 2015 at 10:09:42PM -0800, Zac Medico wrote:
> On 11/11/2015 02:30 PM, robb...@gentoo.org wrote:
> > From: "Robin H. Johnson"
> >
> > If GIT_DIR is used, and .git is outside the root of the checkout, then
> > --work-tree=... needs to be spec
Confirmed to work; please merge (also my prior patch that fixes relative
GIT_DIR implications, or ACK and I will merge it myself).
Speedup is less than expected however.
Running with:
--jobs 10 --load-average 6
yields a ~3.3x speedup on the previous non-parallel version.
With the system load aver
[snip entire message]
You mean like...
https://github.com/gentoo/portage
--
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead
E-Mail : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
This is a small feature request, but it will require a modification to
PMS, so I describe it here.
The present thirdpartymirrors file is unwieldy, and difficult to manage
due to it's format with very long lines. It also doesn't permit easy
comments. Presently commits to it look very ugly, because
On Tue, Dec 03, 2013 at 11:05:51AM -0500, Mike Frysinger wrote:
> as for the patch, i'm of the opinion that make.conf is not for documenting
> random USE_EXPAND-ed variables.
...
> there is the matter of visibility ... we could add a generic pointer to the
> make.conf man page discussing that the
On Wed, Oct 05, 2011 at 11:07:03AM -0700, Zac Medico wrote:
> On 10/01/2011 12:40 AM, Robin H. Johnson wrote:
> > Respun now with the help of ferringb. Cleans up the implementation and
> > catches
> > a few bug and improvements:
> > - mhash priority moved lower than pyc
On Sun, Oct 02, 2011 at 01:39:41PM -0700, Zac Medico wrote:
> On 10/02/2011 05:46 AM, Robin H. Johnson wrote:
> > On Sat, Oct 01, 2011 at 09:40:13PM -0700, Zac Medico wrote:
> >> If we control these hashes via metadata/layout.conf, then we can toggle
> >> it atomically f
On Sat, Oct 01, 2011 at 09:40:13PM -0700, Zac Medico wrote:
> If we control these hashes via metadata/layout.conf, then we can toggle
> it atomically for all commiters. Otherwise, we'll have an annoying
> period of time where different committers are committing different sets
> of hashes, depending
On Sat, Oct 01, 2011 at 02:08:57PM -0400, Mike Frysinger wrote:
> On Thursday, September 29, 2011 21:27:39 Robin H. Johnson wrote:
> > Provide public-domain implementation of the Whirlpool hash algorithm to
> > be used as new Manifest2 hash.
> >
> > Sign
From: "Robin H. Johnson"
To be used shortly for WHIRLPOOL as well as RMD160.
Signed-off-by: Robin H. Johnson
---
pym/portage/checksum.py | 21 -
1 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/pym/portage/checksum.py b/pym/portage/checksu
From: "Robin H. Johnson"
Change Manifest2 hashes to a more secure set as approved in GLEP59.
SHA512 and WHIRLPOOL are added, SHA1 and RMD160 are dropped.
SHA256 is now the lowest security hash, and must remain in Manifest
files for at least 1 year, otherwise older Portage installs wil
Respun now with the help of ferringb. Cleans up the implementation and catches
a few bug and improvements:
- mhash priority moved lower than pycrypto/hashlib because mhash holds GIL
while the other implementations don't.
- hashlib does offer whirlpool if it was built against openssl 1.0.
1/5: Re
From: "Robin H. Johnson"
Provide public-domain implementation of the Whirlpool hash algorithm to
be used as new Manifest2 hash.
Signed-off-by: Robin H. Johnson
---
pym/portage/checksum.py |8 ++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/pym/portage/che
From: "Robin H. Johnson"
Offer mhash as a provider for Manifest2 hash generation and validation.
This is important as either of pycrypto or fchksum offer an accelerated
Whirlpool implementation, and hashlib might not offer it. Additionally,
the mhash implementation is accelerated and
From: "Robin H. Johnson"
Provide SHA512 hash algorithm to be used as new Manifest2 hash.
Signed-off-by: Robin H. Johnson
---
pym/portage/checksum.py |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/pym/portage/checksum.py b/pym/portage/checksum.py
ind
On Fri, Sep 30, 2011 at 01:27:41AM +, Robin H. Johnson wrote:
> Offer mhash as a provider for Manifest2 hash generation and validation.
> This is important as none of pycrypto/hashlib/fchksum offer an
> accelerated Whirlpool implementaiton. Additionally, the mhash
> imple
any of the hashes in the Manifest
files.
Future events:
After 2012/10/01:
- Change MANIFEST2_REQUIRED_HASH to WHIRLPOOL.
- Remove SHA256 from MANIFEST2_HASH_FUNCTIONS.
After SHA-3 is approved:
- Add new hashes to MANIFEST2_HASH_FUNCTIONS.
Signed-off-by: Robin H. Johnson
---
pym/portage/const.py
Provide SHA512 hash algorithm to be used as new Manifest2 hash.
Signed-off-by: Robin H. Johnson
---
pym/portage/checksum.py |1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/pym/portage/checksum.py b/pym/portage/checksum.py
index 3d674c8..b2c9333 100644
--- a/pym/portage
Offer mhash as a provider for Manifest2 hash generation and validation.
This is important as none of pycrypto/hashlib/fchksum offer an
accelerated Whirlpool implementaiton. Additionally, the mhash
implementation is accelerated and ships with a rigorious testsuite.
Signed-off-by: Robin H. Johnson
Provide public-domain implementation of the Whirlpool hash algorithm to
be used as new Manifest2 hash.
Signed-off-by: Robin H. Johnson
---
pym/portage/checksum.py |4 +
pym/portage/util/whirlpool.py | 788 +
2 files changed, 792 insertions
For an overview of tree-signing, please see informational GLEP57.
This patch series implements all parts needed for GLEP59. Upcoming patch series
will include support for the rest of the tree-signing, GLEP59-61.
[1/4] Manifest2 hash: Whirlpool
[2/4] Manifest2 hash: SHA512
New hashes.
[3/4] Mani
On Mon, Sep 12, 2011 at 10:50:30PM -0700, Zac Medico wrote:
> On 09/12/2011 10:30 PM, Zac Medico wrote:
> > On 09/12/2011 09:38 PM, Robin H. Johnson wrote:
> >> On Tue, Sep 13, 2011 at 03:20:35AM +, Zac Medico wrote:
> >>> commit: 677240f7b3db66bdcd403c2
On Tue, Sep 13, 2011 at 03:20:35AM +, Zac Medico wrote:
> commit: 677240f7b3db66bdcd403c214e5d3fa30e31a24a
> Author: Zac Medico gentoo org>
> AuthorDate: Tue Sep 13 03:20:00 2011 +
> Commit: Zac Medico gentoo org>
> CommitDate: Tue Sep 13 03:20:00 2011 +
> URL:
>
On Thu, Apr 22, 2010 at 01:05:11AM +0300, Amit Dor-Shifer wrote:
> When I invoke the following, I see http interaction w/gentoo.org:
>
> layman -c /dev/null -N -f -a oversi -o file:///tmp/layman-oversi.xml
> which AFAIK doesn't read /etc/layman/layman.cfg.
The config file given (empty via /dev/nul
On Thu, Apr 22, 2010 at 12:09:21AM +0300, Amit Dor-Shifer wrote:
> Hi all. Some questions rgd layman:
>
> 1. Seems like layman is hard-wired to contain the layman-global.txt
> list of overlays. What's the reasoning behind this? My issue
> w/this is that, lately, when gentoo.org was unr
On Fri, Mar 05, 2010 at 04:33:14PM +0100, Sebastian Pipping wrote:
> I don't feel like proposing anything on that matter at the moment. With
> that said: what do you and Robin think?
Here's a related question.
Did the previous CVS -> SVN question generate the svn:ignore files from
.cvsignore, or
On Tue, Dec 02, 2008 at 07:46:13PM +0200, Tambet wrote:
> Has anyone ever noticed that portage tree contains a lot of md5 hashes,
> which are not at all important for using it? I think that it does not make
> reliability or functionality smaller any bit if those would all stay in sync
> servers - a
Somebody subscribed a bad list manager to the list, and caused a mail
loop. I removed the offending list address now, but I don't know who did
it in the first place.
--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : [EMAIL PROTECTED]
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E
On Tue, Jul 29, 2008 at 08:51:45PM +0100, Mike Auty wrote:
> In this Glep (xx+1), in the section discussing the procedure for
> creating a MetaManifest file, in step 3.3, does that include
> verification of the manifest's signature if it has one? It would seem
> odd to ignore the signature if it's
So I'm not going to directly attach the GLEPs again this time, however
I am just going to link to them, and summarize the changes:
xx+1:
- Add mention of how to defeat the mirror replay attacks from [EMAIL PROTECTED]
- Clarify wording of the UNCOVERED=ALL-COVERED set math, and why it's
important
Attached.
--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : [EMAIL PROTECTED]
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
GLEP: xx+5
Title: Manifest2 filetypes
Version: $Revision: 1.15 $
Last-Modified: $Date: 2008/07/01 08:52:34 $
Author: Robin Hugh Johnson
Attached.
--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : [EMAIL PROTECTED]
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
GLEP: xx+4
Title: Manifest2 hash policies and security implications
Version: $Revision: 1.10 $
Last-Modified: $Date: 2008/07/01 07:18:4
Attached.
--
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : [EMAIL PROTECTED]
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
GLEP: xx+1
Title: Security of distribution of Gentoo software - Infrastructure to User
distribution - MetaManifest
Version: $Revision:
g list, "Report: rsync1.it.gentoo.org compromised"
2003-12-03, gentoo-core mailing list, "Signing of ebuilds"
2003-12-07, gentoo-core mailing list, "gpg signing of Manifests", thread
includes the first GnuPG signing prototype code, by Robin H. Johnson
(robbat2). Andre
Hi folks, it's that time again, time for the proto-gleps on
tree-signing. Barring two minor TODO items, I have completed all of the
series dealing with distribution issues and Manifest2.
The developer issues and gnupg management issues remain, but they don't
block the Manifest2 and distribution pa
On Sat, Jan 12, 2008 at 05:49:10AM +0100, Marcel Meyer wrote:
> I'm wondering if the GPG-signing feature within portage is already useable
> (if I recall correctly it was startet 2004 or 2005?). If yes, how can I use
> it correctly and where to get the gpg-key "securely"? The URLs I found by
> g
On Sat, Feb 24, 2007 at 10:00:29PM +0100, Beginner wrote:
> I recommend not to use wget and not to reconnect to the server for every
> single packet, but to hold the connection
> therefore spare traffic and download more fast.
If you are doing lots of downloads, use 'emerge -pvf FOO' and feed each
On Fri, Jan 12, 2007 at 12:18:34AM +0200, Philipp Riegger wrote:
> On 02.01.2007, at 06:56, Zac Medico wrote:
> >In >=portage-2.1.2_rc4-r2 t does that now for installed package (see
> >bug #158931). For /var/cache/edb/dep the sqlite module is available
> >(requires pysqlite or python-2.5 with sqli
On Sun, Dec 25, 2005 at 07:41:01PM -0800, Brian Harring wrote:
> On Sun, Dec 25, 2005 at 06:48:02PM -0500, Mike Frysinger wrote:
> > On Sunday 25 December 2005 17:12, Brian Harring wrote:
> > > Can be defeated by a unpack ${DISTDIR}/file call, but that's invalid
> > > anyways.
> >
> > and what abo
On Sat, Nov 19, 2005 at 06:44:34AM +, Ciaran McCreesh wrote:
> | First, the blatantly obvious, for the benefit of same developers, even
> | though it's not relevant to signing. It is still a weak-point and does
> | need to be addressed. Multiple-hashes!
> There is no proof that multiple hashes
Hi,
After my post to -core about how to move ahead with signing, I thought
the next best place to continue is in a discussion of how Portage
handles manifests and their signatures.
First, the blatantly obvious, for the benefit of same developers, even
though it's not relevant to signing. It is st
53 matches
Mail list logo