Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in net-dialup/sendpage: sendpage-1.1.0-r2.ebuild ChangeLog sendpage-1.1.0-r1.ebuild

2013-09-10 Thread Sergey Popov 
04.09.2013 18:01, Ian Stakenvicius пишет:
 On 04/09/13 01:28 AM, Sergey Popov wrote:
 02.09.2013 19:29, Ian Delaney (idella4) пишет:
 idella4 13/09/02 15:29:57

 Modified: ChangeLog Added:
 sendpage-1.1.0-r2.ebuild Removed:
 sendpage-1.1.0-r1.ebuild Log: revbump - EAPI 5, remove old

 (Portage version: 2.2.0/cvs/Linux x86_64, signed Manifest commit
 with key 0xB8072B0D)

 Revision  ChangesPath 1.13
 net-dialup/sendpage/ChangeLog

 file :
 http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dialup/sendpage/ChangeLog?rev=1.13view=markup


 plain:
 http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dialup/sendpage/ChangeLog?rev=1.13content-type=text/plain
 diff :
 http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dialup/sendpage/ChangeLog?r1=1.12r2=1.13



 Index: ChangeLog
 ===


 RCS file: /var/cvsroot/gentoo-x86/net-dialup/sendpage/ChangeLog,v
 retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12
 -r1.13 --- ChangeLog14 Jun 2012 01:50:05 -  1.12 +++
 ChangeLog   2 Sep 2013 15:29:57 -   1.13 @@ -1,6 +1,12 @@ #
 ChangeLog for net-dialup/sendpage -# Copyright 2000-2012 Gentoo
 Foundation; Distributed under the GPL v2 -# $Header:
 /var/cvsroot/gentoo-x86/net-dialup/sendpage/ChangeLog,v 1.12
 2012/06/14 01:50:05 zmedico Exp $ +# Copyright 2000-2013 Gentoo
 Foundation; Distributed under the GPL v2 +# $Header:
 /var/cvsroot/gentoo-x86/net-dialup/sendpage/ChangeLog,v 1.13
 2013/09/02 15:29:57 idella4 Exp $ + +*sendpage-1.1.0-r2 (02 Sep
 2013) + +  02 Sep 2013; Ian Delaney idel...@gentoo.org
 +sendpage-1.1.0-r2.ebuild, +  -sendpage-1.1.0-r1.ebuild: +
 revbump - EAPI 5, remove old

 14 Jun 2012; Zac Medico zmed...@gentoo.org
 sendpage-1.1.0-r1.ebuild: inherit user for enewgroup and
 enewuser



 1.1
 net-dialup/sendpage/sendpage-1.1.0-r2.ebuild

 file :
 http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dialup/sendpage/sendpage-1.1.0-r2.ebuild?rev=1.1view=markup


 plain:
 http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-dialup/sendpage/sendpage-1.1.0-r2.ebuild?rev=1.1content-type=text/plain

 Index: sendpage-1.1.0-r2.ebuild 
 ===


 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License
 v2 # $Header:
 /var/cvsroot/gentoo-x86/net-dialup/sendpage/sendpage-1.1.0-r2.ebuild,v
 1.1 2013/09/02 15:29:57 idella4 Exp $

 EAPI=5

 inherit perl-module eutils user

 MY_P=${PN}-1.001 DESCRIPTION=Dialup alphapaging software. 
 HOMEPAGE=http://www.sendpage.org/; 
 SRC_URI=http://www.sendpage.org/download/${MY_P}.tar.gz; 
 S=${WORKDIR}/${MY_P}

 LICENSE=GPL-2 SLOT=0 KEYWORDS=~amd64 ~ppc ~x86 # This
 package warrants IUSE doc IUSE=

 DEPEND=!net-misc/hylafax =dev-perl/Device-SerialPort-0.13 
 =dev-perl/MailTools-1.44 =virtual/perl-libnet-1.11 
 =dev-perl/Net-SNPP-1.13 dev-perl/DBI

 mydoc=FEATURES email2page.conf sendpage.cf snpp.conf

 pkg_setup() { enewgroup sms enewuser sendpage -1 -1
 /var/spool/sendpage sms }

 PATCHES=( ${FILESDIR}/${PV}-makefile.patch )

 src_install() { perl-module_src_install insinto /etc doins
 sendpage.cf newinitd ${FILESDIR}/sendpage.initd sendpage 
 diropts -o sendpage -g sms -m0770 keepdir /var/spool/sendpage #
 Separate docs/ content from ${mydoc[@]} docompress -x
 /usr/share/doc/${PF}/text/ docinto text/ dodoc docs/* }




 
 EAPI=5 has no implicit RDEPEND=${DEPEND}. Does this package
 really has no run-time dependendies?
 
 
 
 Well, perl-module.eclass adds an RDEPEND of dev-lang/perl , so there's
 that.  If it's just perl scripts, though (and I haven't checked if it
 is or not), then that probably would be the only hard RDEPEND...
 

Package contents are EXACTLY the perl scripts that needs specified
modules in runtime. Fixed that now.

-- 
Best regards, Sergey Popov
Gentoo developer
Gentoo Desktop Effects project lead
Gentoo Qt project lead
Gentoo Proxy maintainers project lead



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] git-r3: initial draft for review

2013-09-10 Thread Michał Górny 
Dnia 2013-09-10, o godz. 07:04:49
Peter Stuge pe...@stuge.se napisał(a):

 Markos Chandras wrote:
  the whole eclass is inside the  if [[ ! ${_GIT_R3} ]]  block.
 
 Rather than putting the whole eclass inside a block like that maybe
 it's possible to test for that condition and exit early?

Could you try your solutions before suggesting them on the list? It's
really something you could try at home in less than 5 minutes, and you
wouldn't have to make noise on the mailing list (not that anyone still
reads it). I think that you testing than would even take less time than
me answering it.

And in case you didn't want to do that: exiting ebuild process in middle
of inheritance chain is *not* a good idea. Portage will even give
an explanatory error for you.

-- 
Best regards,
Michał Górny


signature.asc
Description: PGP signature

Re: [gentoo-dev] git-r3: initial draft for review

2013-09-10 Thread Peter Stuge 
Michał Górny wrote:
   the whole eclass is inside the  if [[ ! ${_GIT_R3} ]]  block.
  
  Rather than putting the whole eclass inside a block like that maybe
  it's possible to test for that condition and exit early?
 
 exiting ebuild process in middle of inheritance chain is *not* a good idea

I know, that's why I used quotes around the word exit. The question
is of course if there is a usable way to accomplish an early exit in
eclass context. Sad face if not.


//Peter


pgpU7QQybXnvE.pgp
Description: PGP signature

Re: [gentoo-dev] [PATCH] gnome2-utils.eclass add support for gdk-pixbuf cache update

2013-09-10 Thread Ian Stakenvicius 

On 2013-09-09, at 7:31 PM, Alex Xu alex_y...@yahoo.ca wrote:

 On 09/09/13 08:29 PM, Gilles Dartiguelongue wrote:
 
 Index: gdk-pixbuf-2.28.2.ebuild
 ===
 RCS file: 
 /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.28.2.ebuild,v
 retrieving revision 1.3
 diff -u -B -r1.3 gdk-pixbuf-2.28.2.ebuild
 --- gdk-pixbuf-2.28.2.ebuild3 Sep 2013 21:59:11 -1.3
 +++ gdk-pixbuf-2.28.2.ebuild9 Sep 2013 22:28:20 -
 @@ -67,6 +67,15 @@
  
  pkg_preinst() {
 gnome2_gdk_pixbuf_savelist
 +
 +# Make sure loaders.cache belongs to gdk-pixbuf alone
 +local 
 cache=usr/$(get_libdir)/${PN}-2.0/2.10.0/loaders.cache
 +
 +if [[ -e ${ROOT}${cache} ]]; then
 +cp ${ROOT}${cache} ${D}/${cache} || die
 +else
 +touch ${D}/${cache} || die
 +fi
  }
  
  pkg_postinst() {
 
 Index: gdk-pixbuf-2.28.2.ebuild
 ===
 RCS file:
 /var/cvsroot/gentoo-x86/x11-libs/gdk-pixbuf/gdk-pixbuf-2.28.2.ebuild,v
 retrieving revision 1.3
 diff -u -B -r1.3 gdk-pixbuf-2.28.2.ebuild
 --- gdk-pixbuf-2.28.2.ebuild3 Sep 2013 21:59:11 -   1.3
 +++ gdk-pixbuf-2.28.2.ebuild9 Sep 2013 22:28:20 -
 @@ -67,6 +67,15 @@
 
 pkg_preinst() {
gnome2_gdk_pixbuf_savelist
 +
 +   # Make sure loaders.cache belongs to gdk-pixbuf alone
 +   local cache=usr/$(get_libdir)/${PN}-2.0/2.10.0/loaders.cache
 +
 +   if [[ -e ${ROOT}${cache} ]]; then
 +   cp ${ROOT}${cache} ${D}/${cache} || die
 +   else
 +   touch ${D}/${cache} || die
 +   fi
 }
 
 pkg_postinst() {
 


shouldn't that be EROOT ?

[gentoo-dev] Re: bash-completion-2.1-r1

2013-09-10 Thread Martin Vaeth 
Duncan 1i5t5.dun...@cox.net wrote:

 Indeed.  The general gentoo policy is that trivial files such as bash-
 completions, systemd unit files, etc, aren't to be install-controlled via
 USE flags

Then why is bash-completion still a global USE-flag?
Those few cases where it has a different effect than installing
a single file can still use a local flag - are there even such
cases at all?

How is it with USE=zsh-completion?
This is a completely analogous situation.

Should both USE-flags be deprecated as global flags?

[gentoo-dev] Re: [PATCH systemd.eclass] Introduce systemd_install_serviced().

2013-09-10 Thread Steven J. Long 
Michał Górny wrote:
 +systemd_install_serviced() {
 + debug-print-function ${FUNCNAME} ${@}
 +
 + local src=${1}
 + local service=${2}
 +
 + if [[ ! ${service} ]]; then
 + [[ ${src} == *.conf ]] || die Source file needs .conf suffix

I would hoist this check to before the if.

 + service=${src##*/}
 + service=${service%.conf}
 + fi
 + # avoid potentially common mistake
 + [[ ${service} != *.d ]] || die Service must not have .d suffix

Double-negative reads badly:

  [[ $service = *.d ]]  die $FUNCNAME: Service must not have .d suffix

 Nope. 'insinto' sets INSDESTTREE. Due to lack of proper scoping
 support in bash, we need to localize this variable to restore previous
 'insinto' scope after leaving the function.

Actually the only reason you are able to do that, is *because* bash has proper
scoping support.

-- 
#friendly-coders -- We're friendly, but we're not /that/ friendly ;-)

[gentoo-dev] Re: bash-completion-2.1-r1

2013-09-10 Thread Steven J. Long 
On Tue, Sep 10, 2013 at 10:43:53AM +, Martin Vaeth wrote:
 Duncan 1i5t5.dun...@cox.net wrote:
 
  Indeed.  The general gentoo policy is that trivial files such as bash-
  completions, systemd unit files, etc, aren't to be install-controlled via
  USE flags
 
 Then why is bash-completion still a global USE-flag?
 Those few cases where it has a different effect than installing
 a single file can still use a local flag - are there even such
 cases at all?
 
 How is it with USE=zsh-completion?
 This is a completely analogous situation.
 
 Should both USE-flags be deprecated as global flags?
 

Yes, except for the cases you point out, which if they exist would be covered by
a local flag, with a desc explaining how it affects the package.

-- 
#friendly-coders -- We're friendly, but we're not /that/ friendly ;-)

Re: [gentoo-dev] Re: [PATCH systemd.eclass] Introduce systemd_install_serviced().

2013-09-10 Thread Mike Gilbert 
On Tue, Sep 10, 2013 at 12:36 PM, Michał Górny mgo...@gentoo.org wrote:
  Nope. 'insinto' sets INSDESTTREE. Due to lack of proper scoping
  support in bash, we need to localize this variable to restore previous
  'insinto' scope after leaving the function.

 Actually the only reason you are able to do that, is *because* bash has 
 proper
 scoping support.

 Proper scoping support would actually either disallow something like
 this or disallow something designed as 'insinto'. The 'local' in bash
 in the worst thing you could expect.


From what I can remember from college, It seems like a pretty typical
case of dynamic scope. Why do you find this to be bad?

Re: [gentoo-dev] Re: Improve the security of the default profile

2013-09-10 Thread Jeroen Roovers 
On Sun, 8 Sep 2013 18:06:56 -0600
Ryan Hill dirtye...@gentoo.org wrote:

 So does anyone have any objections to making -fstack-protector the
 default? Now is the time to speak up.

On PARISC you get plenty of warning of how well it's going to work out:

(cc1|gcc|foo): warning: -fstack-protector not supported for this target
[enabled by default]


 jer

[gentoo-dev] gnome2-utils.eclass: Add support new gtk-query-immodules handling introduced in gtk+-2.24.20

2013-09-10 Thread Pacho Ramos 
We need to handle this in a different way for gtk+-2.24.20 and newer as
explained at:
https://bugs.gentoo.org/show_bug.cgi?id=476100

The patch is here:
https://476100.bugs.gentoo.org/attachment.cgi?id=358136

If you have any problems with it, please tell me so.

Thanks

Re: [gentoo-dev] Re: [PATCH systemd.eclass] Introduce systemd_install_serviced().

2013-09-10 Thread Michał Górny 
Dnia 2013-09-10, o godz. 11:57:31
Steven J. Long sl...@rathaus.eclipse.co.uk napisał(a):

 Michał Górny wrote:
  +systemd_install_serviced() {
  +   debug-print-function ${FUNCNAME} ${@}
  +
  +   local src=${1}
  +   local service=${2}
  +
  +   if [[ ! ${service} ]]; then
  +   [[ ${src} == *.conf ]] || die Source file needs .conf suffix
 
 I would hoist this check to before the if.

Any suffix is allowed if ${service} is provided. Specific naming is
required only for service guessing.

  +   service=${src##*/}
  +   service=${service%.conf}
  +   fi
  +   # avoid potentially common mistake
  +   [[ ${service} != *.d ]] || die Service must not have .d suffix
 
 Double-negative reads badly:
 
   [[ $service = *.d ]]  die $FUNCNAME: Service must not have .d suffix

I agree.

  Nope. 'insinto' sets INSDESTTREE. Due to lack of proper scoping
  support in bash, we need to localize this variable to restore previous
  'insinto' scope after leaving the function.
 
 Actually the only reason you are able to do that, is *because* bash has proper
 scoping support.

Proper scoping support would actually either disallow something like
this or disallow something designed as 'insinto'. The 'local' in bash
in the worst thing you could expect.

-- 
Best regards,
Michał Górny


signature.asc
Description: PGP signature

Re: [gentoo-dev] [PATCH] gnome2-utils.eclass add support for gdk-pixbuf cache update

2013-09-10 Thread Fabian Groffen 
On 10-09-2013 06:22:38 -0400, Ian Stakenvicius wrote:
  pkg_preinst() {
 gnome2_gdk_pixbuf_savelist
  +
  +   # Make sure loaders.cache belongs to gdk-pixbuf alone
  +   local cache=usr/$(get_libdir)/${PN}-2.0/2.10.0/loaders.cache
  +
  +   if [[ -e ${ROOT}${cache} ]]; then
  +   cp ${ROOT}${cache} ${D}/${cache} || die
  +   else
  +   touch ${D}/${cache} || die
  +   fi
  }
  
  pkg_postinst() {
  
 
 
 shouldn't that be EROOT ?

and ED in that case too


-- 
Fabian Groffen
Gentoo on a different level

Re: [gentoo-dev] Re: Improve the security of the default profile

2013-09-10 Thread Richard Yao 
On 09/08/2013 08:06 PM, Ryan Hill wrote:
 On Sat, 07 Sep 2013 19:08:57 -0400
 Rick \Zero_Chaos\ Farina zeroch...@gentoo.org wrote:
 
 Personally I think this would be a great stepping stone.  If we add
 - -fstack-protector to 4.8.1 it will improve security (only a little I
 know) and give us an idea of what issues we may have.  After a short
 enjoyment of fixing any issues which come up we could more to
 - -fstack-protector-strong in 4.9.
 
 Okay it won't be available for 4.8.1.  It's going to require a couple minor
 glibc changes and a lot of testing.  A bunch of packages stick workarounds
 behind a hardened USE flag or do things like `filter-flags -fstack-protector`
 which don't actually work (we have to patch the compiler, not just add it to
 the default flags in the profiles or something).  I need to check the
 interactions with hardened's spec files.  And I need to get 4.8.1 out the door
 two weeks ago. Once we fix the fallout from the unmasking I'll get back to 
 this.
 
 I also want to make a comment on the implications of this change that people
 may not have considered.  Bugs caused by -fstack-protector can no longer be
 just dismissed as unsupported, invalid, or assigned to the hardened team and
 forgotten about.  You will be expected to fix them, and `append-flags
 -fno-stack-protector` is not an acceptable fix.  You can't champion for more
 secure defaults and then just disable them when they get in your way.
 
 So does anyone have any objections to making -fstack-protector the default?
 Now is the time to speak up.
 
 
 
 (and for the record I've changed my mind and would like to see this go 
 forward,
 so please stop emailing me)
 
 

A few thoughts:

1. The kernel expects -fno-stack-protector to be the default. What will
the effect be on kernel configuration once -fstack-protector is the default?

2. We should make sure that -fno-stack-protector is a supported CFLAG.
This will make it easier to handle complaints from the vocal minority of
our user base that want every last percentage point of performance.

3. I would like to point out that we are talking about deviating from
upstream behavior and everyone is okay with it. Anyone who thinks we
should stick to upstream when it is not good for us should speak now or
risk being asked where were you when... whenever they try to use
upstream as an excuse to hold back progress. ;)



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] Re: Improve the security of the default profile

2013-09-10 Thread Rich Freeman 
On Tue, Sep 10, 2013 at 6:41 PM, Richard Yao r...@gentoo.org wrote:
 1. The kernel expects -fno-stack-protector to be the default. What will
 the effect be on kernel configuration once -fstack-protector is the default?

Nothing, since the kernel build system doesn't source make.conf.  If
somebody creates an ebuild that actually installs a kernel then it
might be an issue, though it could be filtered if it is a problem.


 2. We should make sure that -fno-stack-protector is a supported CFLAG.
 This will make it easier to handle complaints from the vocal minority of
 our user base that want every last percentage point of performance.

No reason that it would be any less supported than -fstack-protector
already is.


 3. I would like to point out that we are talking about deviating from
 upstream behavior and everyone is okay with it. Anyone who thinks we
 should stick to upstream when it is not good for us should speak now or
 risk being asked where were you when... whenever they try to use
 upstream as an excuse to hold back progress. ;)

I don't really see this as an issue - in general maintainers are
expected to accommodate reasonable CFLAGS.  This doesn't mean that
arbitrary CFLAGS are supported so much as bugs should be taken
seriously if they're really bugs.  If -fstack-protector causes serious
problems and this is inherent to the nature of the package/etc then
just filter it.  If it causes problems because upstream isn't doing
things right, then this is no different than how things were 10 years
ago when we were stomping out amd64 issues left and right (not working
on amd64 wasn't a reason to mask a package for x86, but we didn't
accept upstream doesn't care about amd64 as an excuse).

Staying close to upstream is a good philosophy in general.  I don't
think that means that we can't have reasonable CFLAGS.  Otherwise we
wouldn't set CFLAGS at all and would just use whatever defaults the
upstream build system applies.  We're a distro - doing integration
work is a value-add, not a sin.  If we aren't doing integration, then
users might as well just do Linux-from-scratch.

Rich

[gentoo-dev] Re: Improve the security of the default profile

2013-09-10 Thread Duncan 
Rich Freeman posted on Tue, 10 Sep 2013 21:17:33 -0400 as excerpted:

 On Tue, Sep 10, 2013 at 6:41 PM, Richard Yao r...@gentoo.org wrote:
 1. The kernel expects -fno-stack-protector to be the default. What will
 the effect be on kernel configuration once -fstack-protector is the
 default?
 
 Nothing, since the kernel build system doesn't source make.conf.  If
 somebody creates an ebuild that actually installs a kernel then it might
 be an issue, though it could be filtered if it is a problem.

If I'm not mistaken, dirtyepic intends to patch gcc directly to enable 
-fstack-protector, changing the default at that level so it'll be used 
unless -fno-stack-protector is in CFLAGS.  At least, that's how I 
interpret (dirtyepic):

'filter-flags -fstack-protector [won't] actually work
(we have to patch the compiler, not just add it to the
default flags in the profiles or something).

Which means that yes, it WILL affect the kernel (and anything else 
separately compiled, unless -fno-stack-protector is given), since it'll 
then be the gentoo-patched gcc default, not in make.conf.

(Tho jer points out that the parisc arch, among others, won't work with 
that flag at all, and warns to that effect.  So I guess the patch will 
etiher be ifdeffed not to apply on such archs or will be conditionally 
applied in the first place.  The former is I believe preferred as 
conditional patching is considered subpar.)

I guess hardened should know what -fstack-protector does to the kernel, 
tho.

But in any case it's certainly worth a news item when it happens, as 
people obviously build a lot of stuff with gcc independent of the tree, 
and I'm sure some of it will break if that becomes the default, so 
letting them know about it with a news item should help avoid at least 
/some/ of the resulting bugs from such a default-change.

-- 
Duncan - List replies preferred.   No HTML msgs.
Every nonfree program has a lord, a master --
and if you use the program, he is your master.  Richard Stallman

[gentoo-dev] Re: Improve the security of the default profile

2013-09-10 Thread Ryan Hill 
On Tue, 10 Sep 2013 18:41:34 -0400
Richard Yao r...@gentoo.org wrote:

 A few thoughts:
 
 1. The kernel expects -fno-stack-protector to be the default. What will
 the effect be on kernel configuration once -fstack-protector is the default?

The kernel has supported building with -fstack-protector since 2.6.19, (at least
on x86/x86-64).  It's controlled by CONFIG_CC_STACKPROTECTOR and if it's
disabled then -fno-stack-protector is explicitly added to the command line.

 2. We should make sure that -fno-stack-protector is a supported CFLAG.
 This will make it easier to handle complaints from the vocal minority of
 our user base that want every last percentage point of performance.

If by supported you mean that they won't be removed by things like strip-flags,
then yes, -fstack-protector -fstack-protector-all -fno-stack-protector and
-fno-stack-protector-all are all on the whitelist.

 3. I would like to point out that we are talking about deviating from
 upstream behavior and everyone is okay with it. Anyone who thinks we
 should stick to upstream when it is not good for us should speak now or
 risk being asked where were you when... whenever they try to use
 upstream as an excuse to hold back progress. ;)

In this case it seems every other distro is already doing this, so we're in
good company.


-- 
Ryan Hillpsn: dirtyepic_sk
   gcc-porting/toolchain/wxwidgets @ gentoo.org

47C3 6D62 4864 0E49 8E9E  7F92 ED38 BD49 957A 8463


signature.asc
Description: PGP signature