Re: [gentoo-portage-dev] profile masking

2020-08-15 Thread Joakim Tjernlund
On Fri, 2020-08-14 at 23:12 +0200, Michał Górny wrote:
> On Fri, 2020-08-14 at 15:42 +, Joakim Tjernlund wrote:
> > On Fri, 2020-08-14 at 17:31 +0200, Ulrich Mueller wrote:
> > > > > > > > On Fri, 14 Aug 2020, Joakim Tjernlund wrote:
> > > > When pkgs are masked in the profile, it affects all variants of that
> > > > pkgs, even the ones that are in other overlays.
> > > > Example:
> > > > !!! The following installed packages are masked:
> > > > - sys-auth/sssd-::transmode (masked by: package.mask)
> > > > /usr/portage/profiles/package.mask:
> > > > # Matt Turner  (2020-08-13)
> > > > # Masked for testing
> > > > My sssd- is now masked.
> > > > Could the profile syntax be extended to include syntax allowed in
> > > > /etc/portage ? Then one could use the ::gentoo syntax (or so I hope)
> > > 
> > > The :: syntax is Portage specific and doesn't exist in EAPI 7.
> > > So there's no chance to get it into the profile dir anytime soon
> > > (because that would imply :: to be added to a future EAPI and the
> > > top-level profile dir to be bumped to that EAPI).
> > 
> > Is profile part of EAPI? masks are not defined/used in ebuilds directly.
> > 
> > > You could override the mask in your overlay's profile/package.mask
> > > instead, using an entry with the "-" operator.
> > 
> > Yes, I know I can add that in profile/package.mask but I am looking for the 
> > bigger
> > picture here. This has to stop somehow, there need to be something that 
> > limits
> > the mask scope to the repo/overlay it is defined.
> > 
> 
> Why is that?  I dare say the bigger picture needs to include different
> mask reasons.  Sure, 'masked for testing' may or may not make little
> sense for live ebuilds.  However, 'masked for security issues' may
> pretty apply to custom repo ebuilds as well.
> 

Possibly, but the way you mask Test/Security should then be referring to 
specific versions,
not all possible versions in the universe.

 Jocke 


Re: [gentoo-portage-dev] profile masking

2020-08-14 Thread Michał Górny
On Fri, 2020-08-14 at 15:42 +, Joakim Tjernlund wrote:
> On Fri, 2020-08-14 at 17:31 +0200, Ulrich Mueller wrote:
> > > > > > > On Fri, 14 Aug 2020, Joakim Tjernlund wrote:
> > > When pkgs are masked in the profile, it affects all variants of that
> > > pkgs, even the ones that are in other overlays.
> > > Example:
> > > !!! The following installed packages are masked:
> > > - sys-auth/sssd-::transmode (masked by: package.mask)
> > > /usr/portage/profiles/package.mask:
> > > # Matt Turner  (2020-08-13)
> > > # Masked for testing
> > > My sssd- is now masked.
> > > Could the profile syntax be extended to include syntax allowed in
> > > /etc/portage ? Then one could use the ::gentoo syntax (or so I hope)
> > 
> > The :: syntax is Portage specific and doesn't exist in EAPI 7.
> > So there's no chance to get it into the profile dir anytime soon
> > (because that would imply :: to be added to a future EAPI and the
> > top-level profile dir to be bumped to that EAPI).
> 
> Is profile part of EAPI? masks are not defined/used in ebuilds directly.
> 
> > You could override the mask in your overlay's profile/package.mask
> > instead, using an entry with the "-" operator.
> 
> Yes, I know I can add that in profile/package.mask but I am looking for the 
> bigger
> picture here. This has to stop somehow, there need to be something that limits
> the mask scope to the repo/overlay it is defined.
> 

Why is that?  I dare say the bigger picture needs to include different
mask reasons.  Sure, 'masked for testing' may or may not make little
sense for live ebuilds.  However, 'masked for security issues' may
pretty apply to custom repo ebuilds as well.

-- 
Best regards,
Michał Górny



signature.asc
Description: This is a digitally signed message part


Re: [gentoo-portage-dev] profile masking

2020-08-14 Thread Zac Medico
On 8/14/20 1:42 PM, Zac Medico wrote:
> On 8/14/20 1:08 PM, Ulrich Mueller wrote:
>>> On Fri, 14 Aug 2020, Zac Medico wrote:
>>
>>> On 8/14/20 8:42 AM, Joakim Tjernlund wrote:
 Yes, I know I can add that in profile/package.mask but I am looking
 for the bigger picture here. This has to stop somehow, there need to
 be something that limits the mask scope to the repo/overlay it is
 defined.
>>
>>> The scope is already limited, but this overlay inherits the mask because
>>> it has the gentoo repo as its master (either implicitly or via a masters
>>> setting in metadata/layout.conf).
>>
>>> I suppose we could add an option to prevent this inheritance.
>>
>> Like an option in repos.conf or layout.conf?
>>
>> The problem I see with this is that preventing inheritance would disable
>> files like license_groups or thirdpartymirrors. So overlays would have
>> to maintain their own versions.
> 
> I've just tested, and it's possible to do this with a -* at the top of
> the overlay/profiles/package.mask file, if we simply modify the the
> grabfile_package function to allow the -* pass through (it currently
> discards it as an invalid atom).

Opened this bug:

https://bugs.gentoo.org/737148
-- 
Thanks,
Zac



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-portage-dev] profile masking

2020-08-14 Thread Zac Medico
On 8/14/20 1:08 PM, Ulrich Mueller wrote:
>> On Fri, 14 Aug 2020, Zac Medico wrote:
> 
>> On 8/14/20 8:42 AM, Joakim Tjernlund wrote:
>>> Yes, I know I can add that in profile/package.mask but I am looking
>>> for the bigger picture here. This has to stop somehow, there need to
>>> be something that limits the mask scope to the repo/overlay it is
>>> defined.
> 
>> The scope is already limited, but this overlay inherits the mask because
>> it has the gentoo repo as its master (either implicitly or via a masters
>> setting in metadata/layout.conf).
> 
>> I suppose we could add an option to prevent this inheritance.
> 
> Like an option in repos.conf or layout.conf?
> 
> The problem I see with this is that preventing inheritance would disable
> files like license_groups or thirdpartymirrors. So overlays would have
> to maintain their own versions.

I've just tested, and it's possible to do this with a -* at the top of
the overlay/profiles/package.mask file, if we simply modify the the
grabfile_package function to allow the -* pass through (it currently
discards it as an invalid atom).

>>> I think a good start would be to consider /etc/portage the top
>>> profile and other subprofiles should be able to use the same features
>>> as /etc/portage.
>>>
>>> Portage could start supporting that now, but there would be a while
>>> until one can use them in Gentoo profile.
> 
>> We've got this bug open for the ::repo atom support:
> 
>> https://bugs.gentoo.org/651208
> 
> I still believe that adding ::gentoo to every line in package.mask would
> be the wrong approach to the problem.

Of course, that would be silly. The per-repo package.mask scoping is
actually implemented internally by adding an implicit ::repo to each
atom in the package.mask file.
-- 
Thanks,
Zac



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-portage-dev] profile masking

2020-08-14 Thread Ulrich Mueller
> On Fri, 14 Aug 2020, Zac Medico wrote:

> On 8/14/20 8:42 AM, Joakim Tjernlund wrote:
>> Yes, I know I can add that in profile/package.mask but I am looking
>> for the bigger picture here. This has to stop somehow, there need to
>> be something that limits the mask scope to the repo/overlay it is
>> defined.

> The scope is already limited, but this overlay inherits the mask because
> it has the gentoo repo as its master (either implicitly or via a masters
> setting in metadata/layout.conf).

> I suppose we could add an option to prevent this inheritance.

Like an option in repos.conf or layout.conf?

The problem I see with this is that preventing inheritance would disable
files like license_groups or thirdpartymirrors. So overlays would have
to maintain their own versions.

>> I think a good start would be to consider /etc/portage the top
>> profile and other subprofiles should be able to use the same features
>> as /etc/portage.
>> 
>> Portage could start supporting that now, but there would be a while
>> until one can use them in Gentoo profile.

> We've got this bug open for the ::repo atom support:

> https://bugs.gentoo.org/651208

I still believe that adding ::gentoo to every line in package.mask would
be the wrong approach to the problem.

Ulrich



Re: [gentoo-portage-dev] profile masking

2020-08-14 Thread Zac Medico
On 8/14/20 8:42 AM, Joakim Tjernlund wrote:
> On Fri, 2020-08-14 at 17:31 +0200, Ulrich Mueller wrote:
>>> On Fri, 14 Aug 2020, Joakim Tjernlund wrote:
>>
>>> When pkgs are masked in the profile, it affects all variants of that
>>> pkgs, even the ones that are in other overlays.
>>> Example:
>>> !!! The following installed packages are masked:
>>> - sys-auth/sssd-::transmode (masked by: package.mask)
>>> /usr/portage/profiles/package.mask:
>>> # Matt Turner  (2020-08-13)
>>> # Masked for testing
>>
>>> My sssd- is now masked.
>>
>>> Could the profile syntax be extended to include syntax allowed in
>>> /etc/portage ? Then one could use the ::gentoo syntax (or so I hope)
>>
>> The :: syntax is Portage specific and doesn't exist in EAPI 7.
>> So there's no chance to get it into the profile dir anytime soon
>> (because that would imply :: to be added to a future EAPI and the
>> top-level profile dir to be bumped to that EAPI).
> 
> Is profile part of EAPI? masks are not defined/used in ebuilds directly.
> 
>>
>> You could override the mask in your overlay's profile/package.mask
>> instead, using an entry with the "-" operator.
> 
> Yes, I know I can add that in profile/package.mask but I am looking for the 
> bigger
> picture here. This has to stop somehow, there need to be something that limits
> the mask scope to the repo/overlay it is defined.

The scope is already limited, but this overlay inherits the mask because
it has the gentoo repo as its master (either implicitly or via a masters
setting in metadata/layout.conf).

I suppose we could add an option to prevent this inheritance.

> I think a good start would be to consider /etc/portage the top profile and 
> other
> subprofiles should be able to use the same features as /etc/portage.
> 
> Portage could start supporting that now, but there would be a while until
> one can use them in Gentoo profile.

We've got this bug open for the ::repo atom support:

https://bugs.gentoo.org/651208
-- 
Thanks,
Zac



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-portage-dev] profile masking

2020-08-14 Thread Joakim Tjernlund
On Fri, 2020-08-14 at 17:31 +0200, Ulrich Mueller wrote:
> > > > > > On Fri, 14 Aug 2020, Joakim Tjernlund wrote:
> 
> > When pkgs are masked in the profile, it affects all variants of that
> > pkgs, even the ones that are in other overlays.
> > Example:
> > !!! The following installed packages are masked:
> > - sys-auth/sssd-::transmode (masked by: package.mask)
> > /usr/portage/profiles/package.mask:
> > # Matt Turner  (2020-08-13)
> > # Masked for testing
> 
> > My sssd- is now masked.
> 
> > Could the profile syntax be extended to include syntax allowed in
> > /etc/portage ? Then one could use the ::gentoo syntax (or so I hope)
> 
> The :: syntax is Portage specific and doesn't exist in EAPI 7.
> So there's no chance to get it into the profile dir anytime soon
> (because that would imply :: to be added to a future EAPI and the
> top-level profile dir to be bumped to that EAPI).

Is profile part of EAPI? masks are not defined/used in ebuilds directly.

> 
> You could override the mask in your overlay's profile/package.mask
> instead, using an entry with the "-" operator.

Yes, I know I can add that in profile/package.mask but I am looking for the 
bigger
picture here. This has to stop somehow, there need to be something that limits
the mask scope to the repo/overlay it is defined.

I think a good start would be to consider /etc/portage the top profile and other
subprofiles should be able to use the same features as /etc/portage.

Portage could start supporting that now, but there would be a while until
one can use them in Gentoo profile.

Meanwhile one should ban masks containing > and instead use exact revision of 
the package.

 Jocke


Re: [gentoo-portage-dev] profile masking

2020-08-14 Thread Ulrich Mueller
> On Fri, 14 Aug 2020, Joakim Tjernlund wrote:

> When pkgs are masked in the profile, it affects all variants of that
> pkgs, even the ones that are in other overlays.
> Example:
> !!! The following installed packages are masked:
> - sys-auth/sssd-::transmode (masked by: package.mask)
> /usr/portage/profiles/package.mask:
> # Matt Turner  (2020-08-13)
> # Masked for testing

> My sssd- is now masked.

> Could the profile syntax be extended to include syntax allowed in
> /etc/portage ? Then one could use the ::gentoo syntax (or so I hope)

The :: syntax is Portage specific and doesn't exist in EAPI 7.
So there's no chance to get it into the profile dir anytime soon
(because that would imply :: to be added to a future EAPI and the
top-level profile dir to be bumped to that EAPI).

You could override the mask in your overlay's profile/package.mask
instead, using an entry with the "-" operator.

Ulrich


signature.asc
Description: PGP signature