[gentoo-dev] Automated Package Removal and Addition Tracker, for the week ending 2017-01-08 23:59 UTC

2017-01-08 Thread Robin H. Johnson 
The attached list notes all of the packages that were added or removed
from the tree, for the week ending 2017-01-08 23:59 UTC.

Removals:
app-misc/tomboy   20170106-09:33 mgorny cc85d79
app-mobilephone/gsmlib20170106-09:32 mgorny 0d5e104
dev-python/pygtkspellcheck20170106-09:37 mgorny 25a0c76
dev-python/shapely20170106-09:36 mgorny c18af72
kde-apps/kdgantt2 20170103-08:56 johu   5503ec3
kde-apps/ktp-l10n 20170103-08:55 johu   d6afebf
media-gfx/kiconedit   20170106-09:38 mgorny a1ae8a8
net-libs/libkpeople   20170103-18:11 johu   4fb1738

Additions:
app-office/projectlibre-bin   20170108-19:53 creffett   604dbcb
dev-libs/libgpuarray  20170104-05:32 bicatali   7308d22
dev-perl/Crypt-CipherSaber20170102-09:10 dilfridge  1d413ba
dev-perl/Digest-GOST  20170106-03:53 kentnl 6897b47
dev-perl/Gtk2-SourceView2 20170102-09:32 dilfridge  0ee6306
dev-perl/HTML-StripScripts20170104-10:07 dilfridge  8206a7c
dev-perl/HTML-StripScripts-Parser 20170104-10:09 dilfridge  7ac1db6
dev-perl/HTTP-CookieJar   20170106-00:15 kentnl 76277d9
dev-perl/Mozilla-PublicSuffix 20170106-00:02 kentnl fdd0a8c
dev-python/CommonMark 20170102-05:39 bicatali   8c95962
dev-python/isort  20170102-19:26 williamh   4b317da
dev-python/MechanicalSoup 20170103-17:55 williamh   bef2b64
dev-python/nbdime 20170102-11:04 jlec   f9daab8
dev-python/pydot-ng   20170102-05:38 bicatali   32b49e2
dev-python/pygpu  20170103-05:02 bicatali   eb516ce
dev-python/pytest-fixture-config  20170103-21:34 dolsen ddce240
dev-python/pytest-shutil  20170103-21:25 dolsen 1687915
dev-python/pytest-virtualenv  20170103-21:40 dolsen 397cd2a
dev-python/readlike   20170103-18:25 williamh   96bffde
dev-python/recommonmark   20170102-05:39 bicatali   fa7aca9
dev-python/ReParser   20170103-19:28 williamh   aa0d59d
dev-python/schedule   20170106-15:31 mrueg  02efe36
dev-python/setuptools_trial   20170104-04:25 dolsen bf4ee68
dev-util/qdevicemonitor   20161229-09:12 monsieurp  98319e0
media-gfx/maim20161221-20:39 soap   f2b70ff
media-gfx/synnefo 20170104-18:15 johu   9e76d4f
net-analyzer/hexinject20161127-12:47 soap   e60dab5
net-fs/docker-volume-netshare 20170106-15:00 mrueg  6336b6f
net-im/hangups20170103-23:28 williamh   ebc286e
sci-libs/clblas   20170104-05:09 bicatali   023edbb
sci-libs/clblast  20170104-04:45 bicatali   a1682e3
sci-libs/sundials 20161230-23:58 bicatali   ac85f06
sci-mathematics/pymc3 20170105-04:52 bicatali   5086e10
sci-mathematics/z320170102-00:18 gienah e1bee05
sys-block/open-isns   20170102-18:41 prometheanfire 5e223b9
sys-cluster/sanlock   20170102-00:16 mschiff54c9e81
x11-misc/libinput-gestures20161229-17:38 monsieurp  0823413
x11-misc/slop 20161221-20:38 soap   676abc6

--
Robin Hugh Johnson
Gentoo Linux Developer
E-Mail : robb...@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85
Removed Packages:
media-gfx/kiconedit,removed,mgorny,20170106-09:38,a1ae8a8
dev-python/pygtkspellcheck,removed,mgorny,20170106-09:37,25a0c76
dev-python/shapely,removed,mgorny,20170106-09:36,c18af72
app-misc/tomboy,removed,mgorny,20170106-09:33,cc85d79
app-mobilephone/gsmlib,removed,mgorny,20170106-09:32,0d5e104
net-libs/libkpeople,removed,johu,20170103-18:11,4fb1738
kde-apps/kdgantt2,removed,johu,20170103-08:56,5503ec3
kde-apps/ktp-l10n,removed,johu,20170103-08:55,d6afebf
Added Packages:
app-office/projectlibre-bin,added,creffett,20170108-19:53,604dbcb
dev-perl/Digest-GOST,added,kentnl,20170106-03:53,6897b47
sci-mathematics/pymc3,added,bicatali,20170105-04:52,5086e10
dev-python/schedule,added,mrueg,20170106-15:31,02efe36
net-fs/docker-volume-netshare,added,mrueg,20170106-15:00,6336b6f
dev-perl/HTTP-CookieJar,added,kentnl,20170106-00:15,76277d9
dev-perl/Mozilla-PublicSuffix,added,kentnl,20170106-00:02,fdd0a8c
net-im/hangups,added,williamh,20170103-23:28,ebc286e
dev-python/ReParser,added,williamh,20170103-19:28,aa0d59d
dev-python/readlike,added,williamh,20170103-18:25,96bffde
dev-python/MechanicalSoup,added,williamh,20170103-17:55,bef2b64
media-gfx/maim,added,soap,20161221-20:39,f2b70ff
x11-misc/slop,added,soap,20161221-20:38,676abc6
media-gfx/synnefo,added,johu,20170104-18:15,9e76d4f
net-analyzer/hexinject,added,soap,20161127-12:47,e60dab5
dev-perl/HTML-StripScripts

Re: [gentoo-portage-dev] [PATCH] repoman: add HOMEPAGE.missingurischeme check

2017-01-08 Thread Zac Medico 
On 01/07/2017 05:32 AM, Michael Orlitzky wrote:
> On 01/07/2017 06:08 AM, Wim Muskee wrote:
>>
>> URISCHEME_RE = re.compile(r'^[a-z\-]+://')
>>
>> ...
>>
>> URISCHEME_RE.match(ebuild.metadata.get("HOMEPAGE")) is None:
>>
> 
> The PMS allows some weird stuff in HOMEPAGE:
> 
>   https://dev.gentoo.org/~ulm/pms/head/pms.html#x1-760008
> 
> Specifically,
> 
>   In addition, SRC_URI, HOMEPAGE, RESTRICT, PROPERTIES, LICENSE and
>   REQUIRED_USE use dependency-style specifications to specify their
>   values.
> 
> That means that something like,
> 
>   HOMEPAGE="branding? ( https://www.mozilla.org/ )
>!branding? ( https://www.gentoo.org/ )"
> 
> would be valid. It's a little crazy, but there it is.
> 
> If you can figure out a way to parse a dependency spec (this has to
> exist somewhere in repoman/portage), then you can run your check against
> the URLs at the leaf nodes. At that point, it should be relatively easy
> to update the regex to match the RFC =)
> 
>   https://tools.ietf.org/html/rfc3986#section-3.1

This will return a flat list:

portage.dep.use_reduce(ebuild.metadata["HOMEPAGE"], matchall=True,
flat=True)
-- 
Thanks,
Zac

Re: [gentoo-portage-dev] [PATCH] man/emaint.1: Add sync to synopsis and fix its in sync --auto

2017-01-08 Thread Zac Medico 
On 01/07/2017 09:24 AM, Chris Mayo wrote:
> Signed-off-by: Chris Mayo 
> ---
>  man/emaint.1 | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/man/emaint.1 b/man/emaint.1
> index 24e4744..4617ef8 100644
> --- a/man/emaint.1
> +++ b/man/emaint.1
> @@ -5,7 +5,7 @@ emaint \- performs package management related system health 
> checks and maintenan
>  .BR emaint
>  [\fIoptions\fR]
>  [\fBall\fR | \fBbinhost\fR | \fBcleanresume\fR | \
> -\fBmerges\fR | \fBmovebin\fR | \fBmoveinst\fR | \fBworld\fR]
> +\fBmerges\fR | \fBmovebin\fR | \fBmoveinst\fR | \fBsync\fR | \fBworld\fR]
>  .SH DESCRIPTION
>  The emaint program provides a command line interface to package
>  management health checks and maintenance.
> @@ -85,7 +85,7 @@ deleted.
>  .SH OPTIONS sync command only
>  .TP
>  .B \-a, \-\-auto
> -Sync repositories which have its auto\-sync setting set yes, true.
> +Sync repositories which have their auto\-sync setting set yes, true.
>  .TP
>  .B \-A, \-\-allrepos
>  Sync all repositories which have a sync\-uri specified.
> 

Thanks, applied:

https://gitweb.gentoo.org/proj/portage.git/commit/?id=e567328c17d7b03d9f773661d03673b76054570d
-- 
Thanks,
Zac

[gentoo-dev] Last rites: app-office/openproj-bin

2017-01-08 Thread Chris Reffett 
# Chris Reffett  (08 Jan 2017)
# Superseded by projectlibre-bin, please migrate to that.
# Masked for removal in 30 days.
app-office/openproj-bin



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] News item: KDE Workspaces 4.11 and KDE profile removal

2017-01-08 Thread Vadim A. Misbakh-Soloviov 
> Display-If-Profile: <...>

How about arm64, amd64-fbsd and so on? :)

Re: [gentoo-dev] Commit signing for metadata/* repos

2017-01-08 Thread Luis Ressel 
On Sun, 8 Jan 2017 10:40:15 -0500
Mike Gilbert  wrote:

> The content of gentoo-news.git should already be covered by the
> detached signatures that are required to be present for each file.
> What is the benefit to requiring the commits themselves be signed?

Oh, I didn't know about those file signatures. But I think signing the
commits would make sense nonetheless, as this offers some advantages:

* Commit signatures are easy to verify: Everyone who is interested in
  verifying their /usr/portage image will already have an infrastructure
  in place to verify commit signatures, because that's how things are
  done for repo/gentoo.git.

* The detached news signatures are nontrivial to verify (in an
  automated fashion): Just looping over all news files in the repo and
  verifying their signatures is not an option, because some of the
  signatures on older news items can't be verified anymore (expired
  keys, signatures by retired devs, etc.). Hence, one will have to
  write some code to verify just the new news items introduced after a
  git pull.

* Commit signatures have slightly better security guarantees: If we
  only verify the detached signatures, attackers can still mess around
  with the commit graph; in particular, an MITM attacker could silently
  drop some of the news during a pull. With commit signatures, the only
  way for the attacker to achieve this is to pretend there aren't any
  new commits at all (something the user would probably notice after a
  while).

At the same time, I don't see any disadvantages to requiring commit
signatures; does anyone else?

Regards,
Luis Ressel

[gentoo-dev] News item: KDE Workspaces 4.11 and KDE profile removal

2017-01-08 Thread Andreas Sturmlechner 
Hi,

KDE team intends to remove unsupported KDE Workspaces 4.11 from tree, so 
please review the news item below.

Best regards,
Andreas


Title: KDE Workspaces 4.11 and KDE profile removal
Author: Andreas Sturmlechner 
Content-Type: text/plain
Posted: 2017-01-08
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: kde-plasma/kdebase-startkde
Display-If-Installed: kde-plasma/kdm
Display-If-Profile: default/linux/amd64/13.0/desktop/kde
Display-If-Profile: default/linux/amd64/13.0/desktop/kde/systemd
Display-If-Profile: default/linux/arm/13.0/desktop/kde
Display-If-Profile: default/linux/arm/13.0/desktop/kde/systemd
Display-If-Profile: default/linux/x86/13.0/desktop/kde
Display-If-Profile: default/linux/x86/13.0/desktop/kde/systemd

KDE Workspaces 4.11 has reached end of life in Portage. It was unsupported by
upstream since 19th August 2015, meaning no security bugs have been fixed since
then. It is therefore required for all users to upgrade to KDE Plasma 5.

If you normally use KDM to launch a session, this is being removed as well.
Upstream recommends x11-misc/sddm instead which is pulled in by plasma-meta by
default. OpenRC users should edit /etc/conf.d/xdm and update DISPLAYMANAGER.
Systemd users should run: systemctl reenable sddm.service

Part of the cleanup will also be the KDE desktop subprofile, which is 
superseded by the Plasma desktop profile. A detailed upgrade guide is 
available[1] and recommended for its conflict removal advice.

KDE Workspaces 4.11 packages will be moved to kde-sunset overlay.[2]

[1] https://wiki.gentoo.org/wiki/KDE/Plasma_5_upgrade
[2] https://wiki.gentoo.org/wiki/Overlay:Kde-sunset

Re: [gentoo-dev] Commit signing for metadata/* repos

2017-01-08 Thread Mike Gilbert 
On Sat, Jan 7, 2017 at 4:24 PM, Luis Ressel  wrote:
> Hello,
>
> there are some additional git repositories which need to be added to
> metadata/ subdirectories to make the 'gentoo' git repository usable
> for /usr/portage. Specifically, those are dtd, glsa, news and
> xml-schema.
>
> It'd be great if developers could sign their commits in these repos,
> too. (I don't really care about dtd and xml-schema, but for the other
> two, I think this would make much sense.)
>
> Currently, it looks like commits to xml-schema aren't signed at all,
> all commits to glsa are signed, and commits to the other two repos are
> partly signed.

The content of gentoo-news.git should already be covered by the
detached signatures that are required to be present for each file.
What is the benefit to requiring the commits themselves be signed?

[gentoo-dev] Re: Commit signing for metadata/* repos

2017-01-08 Thread Michael Palimaka 
On 08/01/17 08:24, Luis Ressel wrote:
> Hello,
> 
> there are some additional git repositories which need to be added to
> metadata/ subdirectories to make the 'gentoo' git repository usable
> for /usr/portage. Specifically, those are dtd, glsa, news and
> xml-schema.
> 
> It'd be great if developers could sign their commits in these repos,
> too. (I don't really care about dtd and xml-schema, but for the other
> two, I think this would make much sense.)
> 
> Currently, it looks like commits to xml-schema aren't signed at all,
> all commits to glsa are signed, and commits to the other two repos are
> partly signed.

I agree, and think we should enforce this with a server-side hook the
same way we do for gentoo.git.

It could also be interesting to see the bot commits in
repo/sync/gentoo.git signed.