Re: [gentoo-dev] [PATCH] verify-sig.eclass: Fix the example to use BROOT
> On 18 Jul 2021, at 19:44, Michał Górny wrote: > > Signed-off-by: Michał Górny > --- > eclass/verify-sig.eclass | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > [snip] > # BDEPEND=" > # verify-sig? ( app-crypt/openpgp-keys-example )" > # > -# VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/example.asc > +# VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/example.asc > # @CODE > > case ${EAPI} in > -- > 2.32.0 > > lgtm, but consider fixing up existing ebuilds in the tree? best, sam signature.asc Description: Message signed with OpenPGP
Re: [gentoo-dev] [PATCH] optfeature.eclass: Drop support for EAPIs 0,1,2,3,4,5
> On 23 Jul 2021, at 07:44, Andreas Sturmlechner wrote: > > Signed-off-by: Andreas Sturmlechner > --- > eclass/optfeature.eclass | 8 > 1 file changed, 4 insertions(+), 4 deletions(-) > [snip] lgtm. best, sam signature.asc Description: Message signed with OpenPGP
Re: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults
> On 27 Jul 2021, at 13:32, David Seifert wrote: > > Signed-off-by: David Seifert > --- > .../2021-08-01-tcpd-disabled.en.txt | 62 +++ > 1 file changed, 62 insertions(+) > create mode 100644 2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt > > diff --git a/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt > b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt > new file mode 100644 > index 000..3631de3 > --- /dev/null > +++ b/2021-08-01-tcpd-disabled/2021-08-01-tcpd-disabled.en.txt > @@ -0,0 +1,62 @@ > +Title: USE=tcpd no longer globally enabled > +Author: David Seifert > +Posted: 2021-08-01 > +Revision: 1 > +News-Item-Format: 2.0 > [snip] > + > +On 2021-11-01, we will remove USE="tcpd" from the globally default > +enabled USE flags. USE="tcpd" usually enables sys-apps/tcp-wrappers > +for an adhoc firewall based on /etc/hosts.allow and /etc/hosts.deny. > + This lgtm overall and thanks for working on it. Some minor comments below. Could you file and reference a bug within the news item (and in the commit message for the news item) to allow issues to be raised in one place by users? > +The base system project has come to the conclusion that 24 years after s/base system/Base System/. > +the last upstream release, tcp-wrappers is not relevant in 2021 anymore. How about: "tcp-wrappers is not suitable for a default configuration in 2021 anymore."? > +Other distributions have completely removed support at this point. If > +you rely on tcp-wrappers, you can re-enable the flag. We strongly > +recommend you switch to more modern packet filters, such as BPF, > +nftables or iptables. Let's add that we recommend users who specifically rely on functionality, including tcpd, can and should enable it specifically for that package via their package manager's configuration? (make.conf/package.use for Portage). We'll link to https://wiki.gentoo.org/wiki//etc/portage/package.use. best, sam signature.asc Description: Message signed with OpenPGP
Re: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults
> On Wed, 28 Jul 2021, Thomas Deutschmann wrote: > On 2021-07-27 16:07, Ulrich Mueller wrote: >>> +Display-If-Installed: net-analyzer/argus-clients >> IIUC this won't affect users who have already disabled the flag, >> so maybe add a [tcpd] use dependency here (and to all other >> Display-If-Installed lines below)? > Looks like we cannot target USE flags in GLEP 42 news items: That looks like a bug in Portage. News item format 2.0 should support EAPI 5 dependency specifications. In either case, it doesn't error out, so adding [tcpd] the the news item won't harm. Ulrich signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH] 2021-08-01-tcpd-disabled: Remove USE=tcpd from make.defaults
On 2021-07-27 16:07, Ulrich Mueller wrote: +Display-If-Installed: net-analyzer/argus-clients IIUC this won't affect users who have already disabled the flag, so maybe add a [tcpd] use dependency here (and to all other Display-If-Installed lines below)? Looks like we cannot target USE flags in GLEP 42 news items: # equery uses mail-mta/postfix | grep cdb -cdb # eselect news list News items: [...] [20] 2021-07-23 migrating from glibc[crypt] to libxcrypt in ~arch # eselect news unread 20 Add Display-If-Installed: mail-mta/postfix[cdb] to /var/db/repos/gentoo/metadata/news/2021-07-23-libxcrypt-migration/2021-07-23-libxcrypt-migration.en.txt # emerge -p mail-mta/postfix [...] > * IMPORTANT: 1 news items need reading for repository 'gentoo'. > * Use eselect news read to view new items. -- Regards, Thomas Deutschmann / Gentoo Linux Developer fpr: C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 OpenPGP_signature Description: OpenPGP digital signature