On 08/28/14 19:23, Brian Dolbec wrote:
On Thu, 28 Aug 2014 17:57:11 -0400
"Anthony G. Basile" <bluen...@gentoo.org> wrote:
scanelf is the last line of defense. If we get there, paxctl and
paxctl-ng have failed, so we can't trust them really. Changing the
exit code for scanelf could cause other issues, eg in portage where
it is used in a few places. As we discussed today during the
Hardened meeting, we'll ewarn if we get here.
scanelf is also used in the new python based revdep-rebuild. So,
changing it will cause issues there too.
Thanks good to know. I had no intentions of even suggesting a changed
behavior. I'm just pointing out why I wrote the eclass the way I did.
You'll notice the exit code is used in conjunction with `&& continue`
everywhere except scanelf, so one might wonder why. When I add the
ewarn, I'll also add a comment explaining scanelfs behavior.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
