[gentoo-dev] Re: OT: Precedence: bulk

[Eray Aslan]

On 06.08.2008 11:11, Thilo Bangert wrote:
> "Robin H. Johnson" <[EMAIL PROTECTED]> said:
>> Please do NOT use out-of-office, vacation or any other auto-responders
>> on the lists. It's bad list etiquette.
> 
> decent vacation mail software ignores mail marked with a 'Precedence: 
> bulk' header, as mailing list mail usually is (including mails sent by 
> gentoo lists)...
> 
> I wish somebody would finally write up a RFC for this.

They already did:
http://tools.ietf.org/html/rfc3834

Eray

Re: [gentoo-dev] An official Gentoo wiki

[Eray Aslan]

On 12.11.2008 11:44, Michael Hammer wrote:
> * Mark Loeser <[EMAIL PROTECTED]> [081112 00:46]: 
>> What are others feelings on this?  
> 
> I like the idea!
> 
>> What issues do you see with having a wiki?  
> 
> Pages of poor quality with wrong informations.
> 
>> Do you see anyway to resolve the issue you see with us having a
>> wiki?
> 
> We should develop some kind of review process 

Ugh, got lots of free time?  If you want to help, provide hosting or
such.  A hands off approach should be preferred for wiki.  We know it is
written by users and some poor quality and even wrong info is expected.
 Wikis are good for pointers and ideas only.  We know that and act
accordingly.  Moreover, we have official gentoo docs anyway.

Developer time is better spent doing, well, developer stuff rather than
reviewing some wiki.  If you insist on review, it will be at best a
stale small site and at worst will cut into your developer time.

For what it is worth, as a user I vote you spend time developing gentoo.
-- 
Eray

> and at least the
> possiblity to lock and hide pages of poor quality. In the most cases
> the howtos are related to some herds. What if we have a "reviewed
> section" where herds can approve pages and user can be sure that the
> infos provided have a minimum of quality.
> 
> g, mueli
> 

Re: [gentoo-dev] UEFI secure boot and Gentoo

[Eray Aslan]

On 2012-06-15 7:56 AM, Greg KH wrote:
> Distributing a first-stage bootloader blob, that is signed by Microsoft,
> or someone, seems to be the only way to easily handle this.

Fedora agrees:
http://mjg59.dreamwidth.org/12368.html

Other distros haven't decided yet afaik although there have been some
discussions.

> Also, some people might really want to sign their own bootloader and
> kernel, and kernel modules (myself included)

Yes, that is the goal we should try to achieve, i.e. to give the option
to our users to sign all the way to userland.

> Oh, and on the first-stage bootloader front, I already know of 2 simple,
> and open source, examples that will work for Linux, so getting something
> like that signed might not be very tough.  It's the "where does the
> chain-of-trust stop" question that gets tricky...

Exactly.  Do you have any concrete proposals?

-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

[gentoo-dev] news item: upgrading to postfix-2.9

[Eray Aslan]

I'd like to commit the following news item on 2012-07-21.  Any comments?

-- 
Eray Aslan 


Title: Upgrading to postfix-2.9
Author: Eray Aslan 
Content-Type: text/plain
Posted: 2012-07-17
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: =mail-mta/postfix-2.9 are installed under
/usr/libexec/postfix.  Please do not forget to adjust your main.cf by
running etc-update/dispatch-conf or similar and accepting the new
daemon_directory setting.  Otherwise, postfix will not be able to find
the binaries it is looking for.

Re: [gentoo-dev] news item: upgrading to postfix-2.9

[Eray Aslan]

On 07/17/2012 01:34 PM, Agostino Sarubbo wrote:
> Imho, no need a news for it.
> emerge -DuN world;revdep-rebuild;dispatch-conf is what you normally do.

Well, the sysadmin runs dispatch-conf, a new daemon_directory setting
comes up and he goes WTF?  I am trying to avoid that WTF moment.

There was a few complaints in gentoo-user ML and a bug report when it
was introduced to ~arch.  It seems people do not pay too much attention
to ewarn messages.

Having said that, I am not sure if it is really news-item material.  If
the general consensus is that a news item is not needed, I will follow
along.

-- 
Eray Aslan 

Re: [gentoo-dev] news item: upgrading to postfix-2.9

[Eray Aslan]

On 07/17/2012 02:00 PM, Dirkjan Ochtman wrote:
> It may be a small issue, but since the potential pain is quite large,

Yes, that's the idea.

> since postfix config file changes are usually
> pretty hard to review for merges.

Hmm, that's a failure on our part.  >=postfix-2.9 ebuilds is better in
this regard.  Ideally, only readme_directory and html_directory settings
should come up in dispatch.conf.  If you are still having problems
during upgrades in postfix-2.9.x versions, please let me know.

-- 
Eray Aslan 

Re: [gentoo-dev] news item: upgrading to postfix-2.9

[Eray Aslan]

On 07/17/2012 05:49 PM, Michael Orlitzky wrote:
> Do we really need to include them in main.cf?

Yes, as long as we want the docs under /usr/share/doc/${PF}/ - the
Gentoo norm.  Alternative might be not to install the readme|html files
via the doc USE flag.

Not that I mind, but this is getting off-topic.
-- 
Eray Aslan 

[gentoo-dev] default mta

[Eray Aslan]

The current default mta in gentoo - ssmtp - has a more or less dead
upstream and has some outstanding bugs.  It is prudent to change our
default mta.

Both mail-mta/nullmailer and mail-mta/msmtp are lightweight good mtas.
Both packages have active development and provide AUTH and SSL/TLS
support.

Our current mta list is:
mail-mta/ssmtp
mail-mta/courier
rest of the list
...

As net-mail herd, we would like to have the following mta list:
mail-mta/nullmailer
mail-mta/msmtp
mail-mta/ssmtp
rest of the list
...

If there are no objections, the above change will be committed in ~10
days.

-- 
Eray Aslan 


pgp7zvCneOR9E.pgp
Description: PGP signature

Re: [gentoo-dev] default mta

[Eray Aslan]

On Wed, Dec 26, 2012 at 06:42:36AM -0500, Mike Pagano wrote:
> Would it be prudent to coordinate Gentoo documentation changes with the above?

Ugh, I wasn't aware of any documentation that needs to be changed and a
quick look/search did not turn out anything.  But if there are any,
sure, I will open the bugs and have it block the move.

-- 
Eray Aslan 


pgpstzpk2Z0nR.pgp
Description: PGP signature

Re: [gentoo-dev] Re: [gentoo-dev-announce] please sign your manifests

[Eray Aslan]

On Wed, Feb 13, 2013 at 09:35:56AM -0700, Denis Dupeyron wrote:
> If you want people to handle security properly you have to tell them
> how to. In details. If not everybody will figure it out in his or her
> own way, all of them wrong. Get off your high horse and write
> documentation if you know how things work.

Amen.  I know it's not sexy but please document / help with
documentation if you can.

-- 
Eray Aslan 

Re: [gentoo-dev] Re: [gentoo-dev-announce] please sign your manifests

[Eray Aslan]

On Wed, Feb 13, 2013 at 05:22:14PM +, Aaron W. Swenson wrote:
> I agree. This is officially documented by GnuPG. [1] That would be the
> best source to use. It details everything one needs to do to manage a
> key pair.

Good luck having people find and read it.  Similar to (or perhaps
linking to) something along the lines of

http://keyring.debian.org/creating-key.html

might be appropriate (by adding an expiry date section perhaps).

This is not about expiry dates or even gnupg in particular.  Our
documentation is not up to par anymore.  We need to spend more effort in
documentation in general.  Please do so if you can.

-- 
Eray Aslan 

Re: [gentoo-dev] RFC: Gentoo GPG key policies

[Eray Aslan]

On Mon, Feb 18, 2013 at 11:27:46PM +, Robin H. Johnson wrote:
> Bare minimum requirements:
> --
[...]
> 3. Key expiry: 5 years.

I am assuming we are requiring a maximum of 5 years for key expiry.  We
might want to make it explicit.  On first reading, it sounded like key
expiry >= 5 years as a bare minimum.

Thanks for the write-up.

-- 
Eray Aslan 


pgpa5Y0CBt3i2.pgp
Description: PGP signature

Re: [gentoo-dev] kerberos, virtuals, rattling cages

[Eray Aslan]

On Sun, Feb 24, 2013 at 09:25:37PM -0500, Michael Mol wrote:
> 2) Is it possible to slot mit-krb5 and heimdal instead of pulling them
> through a virtual? My suspicion is "no", but I don't know enough about
> kerberos to say whether or not it would work, even as a hack.

You can't eselect the kerberos implementation under an application.
These two packages do provide different symbols.

And you can't just make both packages installable concurrently and hope
everything works out.  There are too many assumptions built into too
many applications about what library from which package provides what
symbol.  That way lies madness.

The bugs you mantion are old ones.  I suggest you (and net-fs and samba
herds) to check if they still apply and if they do see what prevents the
said package from using the alternative implementation and solve it
there - where it really belongs anyway.

-- 
Eray Aslan 


pgpAQ4UcXnyKi.pgp
Description: PGP signature

Re: [gentoo-dev] kerberos, virtuals, rattling cages

[Eray Aslan]

On Sun, Feb 24, 2013 at 11:43:06PM -0800, Alec Warner wrote:
> This is incorrect, or at least, was incorrect last time I looked
> (circa...uhh..2009?)
> 
> They work 'ok' together. Heimdal clients could talk to MIT servers at
> least.

and vice-versa.

> Of course, there were quirks, and incompatible command line
> syntax, hence my fierce recommendation to 'not do that.'

Yes.

> > I don't think samba will support MIT, since it's kinda windows focused.

Ugh, no.  MIT is not windows focused (although it does ship a windows
client for better integration with *nix kdcs).  Apple uses heimdal in
recent macos'es and employs some main developers of heimdal and samba
(hence samba - heimdal tight integration).  There was some work from red
hat to make samba4 work with mit-krb5 but it stalled and did not go
anywhere (yet?) afaik.

-- 
Eray Aslan 


pgpXAuWmotvL_.pgp
Description: PGP signature

Re: [gentoo-dev] =net-fs/samba-4* vs. dev-libs/openssl[kerberos]

[Eray Aslan]

On 06/12/13 19:14, "Paweł Hajdan, Jr." wrote:
> Now for a better solution: make samba also work with MIT Kerberos, and
> make OpenSSL work with Heimdal.

That's a big effort.

If we decide not to serve the bundled heimdal libraries, we can declare
samba4 server components and openssl[kerberos] unsupported.

-- 
Eray Aslan 

[gentoo-dev] Last rites: net-mail/fetchyahoo

[Eray Aslan]

# Eray Aslan  (26 Apr 2014)
# Non-functional and no longer needed - bug #450116
# Removal in 30 days
net-mail/fetchyahoo


pgpairzkrJI3T.pgp
Description: PGP signature

Re: [gentoo-dev] The request to abolish games team policy

[Eray Aslan]

On Mon, Jul 07, 2014 at 11:45:02PM +0200, Michał Górny wrote:
> I would like to ask the Council to abolish the following policies that
> have been established by the games team:

Why?  What's the use case?  Or in other words, what has ticked you off
to request the abolishment of status-quo?

> The most notable issues with the specific use of games group include:

While undoubtedly serious, I do not feel that these issues call for such
a radical change.  What's the background for this change request?  Is
this a multilib issue?

Need more info.  Thanks.

-- 
Eray

Re: [gentoo-dev] Packages up for grabs

[Eray Aslan]

On Wed, Jan 07, 2015 at 03:06:08PM +0100, Pacho Ramos wrote:
> Done, this packages are now up for grabs:
> net-libs/libecap

Got it.  Need it as a dependency for net-proxy/squid.  Help is always
welcome.

-- 
Eray

Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail

[Eray Aslan]

On Mon, May 11, 2015 at 04:26:01AM +, Robin H. Johnson wrote:
> TL;DR: As of May 17, @gentoo.org will drop incoming spammy mail instead of
> delivering it. Speak now or hold your peace.

Believe me I understand your pain.  Been there done that.  However,
dropping mail is never a good idea.  You are mucking with the
dependebility of the email.  I would never be able to trust my gentoo
mail if you start dropping spammy mails.  There will always be false
positives.  I suggest:

- Stop forwarding mail.  Have devs pop their mails to whatever account
  they like.  I believe gmail -biggest complainer?- provides this
  option.

- If the above option is not OK for whatever reason, at least let us
  opt-out of the proposed policy of dropping mails provided we do not
  forward our emails.

-- 
Eray

Re: [gentoo-dev] Anti-spam changes: proposal to drop spammy mail

[Eray Aslan]

On Mon, May 11, 2015 at 04:47:31PM -0400, Michael Orlitzky wrote:
> On 05/11/2015 04:08 PM, Robin H. Johnson wrote:
> > By drop, I will clarify that they should ideally be rejected at SMTP
> > time, not silently dropped.
> 
> I believe those logs show a rejection after the message has been
> accepted initially (if I'm wrong, you can ignore the rest of this).

The analysis is correct.  Pre-queue filtering will help as we can safely
-meaning without causing backscatter- lower the threshold we reject spam
at.  There will still be some spam making its way to gmail but perhaps
it will be low enough to stay under gmail's radar.

The correct solution is to stop forwarding spam and the easiest way is
just stopping forwarding.  There are valid policy reasons for not going
that route but continuing forwarding because it is too difficult to
configure gmail is, well, not something I'd be comfortable with.  I do
expect more from gentoo devs.

In this case (in most cases?), infra should not be looking for consensus
but rather do what is right.

Anyway, I believe infra has all the info it needs at this point and I am
fine with whatever decision they make.

-- 
Eray

Re: [gentoo-dev] samba (and related) packages are in desperate need of help

[Eray Aslan]

On Tue, Sep 01, 2015 at 03:24:05PM +0200, Lars Wendler wrote:
> * We should really get heimdal and mit-krb5 packages in a shape where
>   we can install them in parallel [2]. Using the bundled heimdal from
>   samba is no valid option [3]

While bundling a copy of a kerberos implementation is certainly not
ideal, I think this is the only sensible option at the moment.

Re-evaluate when samba's changes end up in a heimdal release we can
package.  Some of the changes landed upstream in July, so there has been
some progress recently.

-- 
Eray

Re: [gentoo-dev] About XFCE, renames, eclass, etc

[Eray Aslan]

On 03.09.2009 05:38, Jeremy Olexa wrote:
> - xfce4-meta : former name xfce-base/xfce4. Renamed to reflect reality.
> This meta package is the *core* of XFCE, it *only* has in it what is
> required to run. Thus, returning XFCE to a minimalistic status in Gentoo
> Linux. This is desired because most XFCE users are looking for a
> lightweight WM, not a heavy DE. So, users will have to add a terminal,
> orage, thunar, etc to the world file instead of relying on a meta package.

Thanks a lot for the update and for the awesome work.  One note for the
future:

An ewarn would have been nice for the above point.  emerge --depclean
output was a surprise (wanted to unmerge terminal etc) and surprise is
bad.  We don't want any surprises.

Thanks again.
-- 
Eray

Re: [gentoo-dev] openrc-0.5.1 arrived in the tree

[Eray Aslan]

On 14.10.2009 03:17, Mike Frysinger wrote:
> On Tuesday 13 October 2009 19:30:52 Joshua Saddler wrote:
>> All that to say, Tommy (et al), is that the idea of expecting users to
>>  magically know everything and not to offer any documentation *in advance*
>>  . . . is a silly idea. Good lord, can you imagine the shitstorm the X11
>>  team would have gone through if they'd tried *that* without first writing
>>  up xserver 1.5 and 1.6 migration guides?!
> 
> we arent talking migrations that are forced onto everyone.  we're talking 
> about new code that users have to *opt in* for ("new net") that is only 
> available in unstable.  expecting everything in testing to be documented up 
> front is unreasonable.

While true in general, I cannot agree with you in this case.  This is
not some random app we are talking about.  It is a change in init
scripts that might render our servers inaccessible if things go wrong.
Please bear in mind that we have servers operating in datacenters in
other countries and network loss is the worst kind of bug you can
inflict upon us.

There is no documantation upstream.  At least we have some docs in g.o
(kudos to whomever wrote it) but it is old (there is no mention of
oldnet USE flag for example).  And IUSE="... +oldnet ..." is too fragile
a solution.

All I am saying is that this is a so important change that we should
have gotten it right from the beginning.  Openrc should not have been
unmasked without proper documentation.

-- 
Eray

Re: [gentoo-dev] [Gentoo Phoenix] recruitment process

[Eray Aslan]

Just replying randomly.

On 05.04.2010 04:33, Tobias Heinlein wrote:
> I think this is a good starting point to get rid of the "some important
> questions are too hard to answer" dilemma that can be implemented
> relatively fast. On top of that I like Sebastian's idea to order the
> quizzes by difficulty -- this means just ordering by the categories I
> just mentioned would be sufficient: 1 first, then 2, then 3.

I am not against this idea but frankly, I do not understand what is so
demotivating about the ebuild quiz.  If you get demotivated because of a
single exam, perhaps the problem is with the motivation and not with the
exam itself.  I took the published quiz just for the fun of it and to
see where I missed.  It is not that long.

What is demotivating is a) lack of response from your
mentor/proxy-maintainer etc.  It is demotivating when you have to wait
for days for each question you ask.  b) infighting and name calling one
sees on irc, gentoo-dev etc.  "Do I really want to be a part of this?"
pops into mind.

Suggestions:
1. Bring your responsibilities in line with your capabilities.  If you
are always falling behind, either increase the time you spend on Gentoo
or decrease your responsibilities.  It is no fun playing catch-up.
2. Streamline the recruitment process so that existing devs do not spend
too much time and effort during mentoring.  Objective is to make
recruitment not a burden on the dev, i.e streamline for the dev not for
the candidate.
3. Take it down a notch in gentoo-dev, irc.  No ad hominem attacks and
no flame wars please.  You are supposed to enjoy this.  Easier said than
done I suppose.

-- 
Eray

Re: Notify people about empty herds (Was: Re: [gentoo-dev] FTR: media-opti...@g.o has no developers)

[Eray Aslan]

On Thu, Jun 03, 2010 at 04:28:57PM +0200, "Paweł Hajdan, Jr." wrote:
> 1) kerberos herd is empty :(

FWIW, I proxy maintain app-crypt/heimdal, app-crypt/mit-krb5,
app-crypt/mit-krb5-appl and sys-auth/pam_krb5.  Thanks to darkside and
flameeyes for their help.

-- 
Eray

[gentoo-dev] /bin and /sbin to /usr

[Eray Aslan]

[Following a similar discussion in another mailing list]

As you know, only a few directories can be assumed to be available after
boot[1].  Notably, /usr and /var are not among them.  Binaries in /bin
and /sbin should be enough to do basic maintanence/repair and to mount
other volumes.  Since we are using the binaries in /bin and /sbin to
potentially mount /usr, they should not depend on them.  Or can they?

On my laptop:
# for f in /bin/* /sbin/*; do if [ "$(file $f | grep ELF)" != "" ] ;
then if [ "$(ldd $f | grep /usr)" != "" ] ; then echo $(equery belongs
$f) $f; ldd $f; fi; fi; done
net-firewall/iptables-1.4.6 /sbin/iptables-multi
linux-vdso.so.1 =>  (0x7fffc77e8000)
libip4tc.so.0 => /usr/lib/libip4tc.so.0 (0x7f27e4781000)
libxtables.so.4 => /usr/lib/libxtables.so.4 (0x7f27e4579000)
libm.so.6 => /lib/libm.so.6 (0x7f27e42f8000)
libc.so.6 => /lib/libc.so.6 (0x7f27e3f9f000)
libdl.so.2 => /lib/libdl.so.2 (0x7f27e3d9b000)
/lib64/ld-linux-x86-64.so.2 (0x7f27e4988000)
sys-apps/hal-0.5.14-r2 /sbin/umount.hal
linux-vdso.so.1 =>  (0x7fff6b5f3000)
libhal.so.1 => /usr/lib/libhal.so.1 (0x7fd52e637000)
libhal-storage.so.1 => /usr/lib/libhal-storage.so.1 (0x7fd52e42c000)
libdbus-1.so.3 => /usr/lib/libdbus-1.so.3 (0x7fd52e1ec000)
libc.so.6 => /lib/libc.so.6 (0x7fd52de93000)
libpthread.so.0 => /lib/libpthread.so.0 (0x7fd52dc77000)
librt.so.1 => /lib/librt.so.1 (0x7fd52da6e000)
/lib64/ld-linux-x86-64.so.2 (0x7fd52e848000)

Questions:
1. Is this OK or should we file bugs against binaries in {/bin,/sbin} linking
against libraries in /usr/lib? Fix is relatively easy in general (give
--libdir=/lib against the config script)

2. Is the below acceptable? (symlinking from /bin to /usr/bin)
# ls -l $(find {/bin,/sbin}/ -type l)|grep /usr
lrwxrwxrwx 1 root root 20 Oct 28  2008 /bin/igawk ->
/usr/bin/igawk-3.1.6
lrwxrwxrwx 1 root root 14 Aug 10 13:29 /bin/mail -> /usr/bin/mailx
lrwxrwxrwx 1 root root 20 Oct 28  2008 /bin/pgawk ->
/usr/bin/pgawk-3.1.6

Corollary to both:  If yes, tinderbox/buildbot against other packages
are probably in order as well.

Thanks
-- 
Eray

[1]
/dev
/etc
/lib
/bin
/sbin
/proc (Linux)
/sys (Linux-2.6)
/libexec (*BSD)

Re: [gentoo-dev] /bin and /sbin to /usr

[Eray Aslan]

On 11.08.2010 00:00, Mike Frysinger wrote:
> file a bug.

Done.  Thanks for looking into it.

-- 
Eray

[gentoo-dev] keepdir /var/run/package/?

[Eray Aslan]

It is perfectly legal to clear /var/run across reboots.  Below is a bug
from a user that ran into some trouble because an init script assumes that
/var/run/package/ exists for its PID file:

http://bugs.gentoo.org/show_bug.cgi?id=332397

A quick grep through the tree shows 73 packages that keepdirs
/var/run/package/.  Perhaps not all of them are bugs but they are
certainly redundant.

A mass bug-filing is probably not the correct thing to do but perhaps we
should document somewhere (devmanual?) that keepdir'ing a temp location
should be avoided.  Suggestion:

--- a/ebuild-writing/common-mistakes/text.xml
+++ b/ebuild-writing/common-mistakes/text.xml
@@ -41,6 +41,18 @@ elog "They are listed in the INSTALL file in 
/usr/share/doc/${PF}"
 
 
 
+
+Invalid use of keepdirin src_install
+
+The keepdir function should only be used to prevent directory removal
+during uninstallation.  In particular, using keepdir for a temporary
+location - such as /var/run/package/ for a PID file - should be avoided.  In
+such a case, init script either should make sure that /var/run/package/ exists
+or the package should use /var/run directly.  Please note that /var/run can and
+will be cleaned across reboots.
+
+
+
 
 
 

-- 
Eray

Re: [gentoo-dev] keepdir /var/run/package/?

[Eray Aslan]

On Thu, Aug 12, 2010 at 02:36:40PM -0400, Michael Sterrett wrote:
> What you're saying doesn't agree with
> http://www.pathname.com/fhs/pub/fhs-2.3.html#VARRUNRUNTIMEVARIABLEDATA

I do not understand.  In the above link, it says:

"/var/run:
[...]Files under this directory must be cleared (removed or truncated as
appropriate) at the beginning of the boot process."

So we cannot assume that a directory exists under /var/run during boot.
Hence, keepdiring a dir that will most probably be cleared during boot
is pointless.

Am I missing something?

-- 
Eray

Re: [gentoo-dev] keepdir /var/run/package/?

[Eray Aslan]

On 08/12/2010 09:48 PM, Samuli Suominen wrote:

It says "Files under this directory", not "Files and directories under
this directory."


Fair enough.

So our policy basically is "tmpfs is not supported for /var/run" (and 
also for /var/lock I suppose).


It will be somewhat more work but instead of the above, we can say 
"tmpfs might be used for /var/run and /var/lock and the init scripts 
should handle this correctly".  It feels (for want of a better word) better.


--
Eray

[gentoo-dev] sys-libs/db and dll hell

[Eray Aslan]

Hi,

app-crypt/heimdal looks for db header files in db4/db.h db3/db.h db.h 
db_185.h - in that order - and links with ldb.  In Gentoo, we do not 
have a db4 directory but rather db3 db4.7 db4.8 db5.0 etc.


Consequently, when both sys-libs/db-3 and sys-libs/db-4 are present, 
heimdal links against libdb, which is a symlink against libdb-4.x, but 
uses headers from db-3.  Result is a segfault in heimdal - serves it 
right for mixing it up :) .


* I am guessing this is not the first time.  Any pointers on how to 
solve this gracefully?  inheriting db-use in ebuild and sedding works but

- is ugly
	- there is a bunch of #ifdef db4/db.h's in the source so sedding the 
configure script is not enough

- this is a security related package so I try to refrain from patching
* I can submit upstream a proper patch that will make the code look at 
db.h first and db4/db.h db3/db.h later.  Is there a (unwritten?) rule 
that says look at db.h first? Any links?
* All linuxes I checked work correctly if the code looks at db.h first. 
 What's the case in *BSD, Solaris, etc?  Is Linux a special case in 
this regard?


Thanks
--
Eray

Re: [gentoo-dev] sys-libs/db and dll hell

[Eray Aslan]

On 01.09.2010 00:05, Robin H. Johnson wrote:
> Unfortunately there isn't really any graceful fix. The buildsystem needs
> to be patched, ideally to allow explicit passing of the DB include
> directory

Patch for the above accepted by upstream [1].  So, all is good.  Nice to
have a responsive upstream.

Thanks for the pointers.
-- 
Eray

[1]
http://github.com/heimdal/heimdal/commit/a1c14b231996ebd72de69df1de472f08e82c2288

Re: [gentoo-dev] openrc stabilization update

[Eray Aslan]

On 20.09.2010 16:37, Richard Freeman wrote:
> One argument I've heard against newnet is that you can't bring
> individual interfaces up and down.

openrc[newnet] used to have problems with ppp interfaces.  I do not know
if it is still the case but there are some open bugs on bugzilla.g.o
regarding ppp and openrc.

This is a serious show stopper for newnet.  So, either 1. both oldnet
and newnet or 2. oldnet only would be the prudent alternatives (again,
assuming problems with newnet and ppp exist).

-- 
Eray

Re: [gentoo-dev] Re: .la files removal news item (GLEP 42)

[Eray Aslan]

On Fri, Oct 01, 2010 at 05:04:15PM +0200, Diego Elio Pettenò wrote:
> Il giorno ven, 01/10/2010 alle 17.31 +0400, Peter Volkov ha scritto:
> > It's better to avoid suggesting this as such things tend to stay for a
> > very long time on user's systems and since this'll became redundant
> > once
> > portage 2.1.9 will go stable soon it'll la files will be "fixed" twice
> > for no reason. 
> 
> It won't hurt anyway, and it'll definitely avoid people having to re-run
> lafilefixer manually from time to time.

Stabilize 2.1.9 and get rid of the post_src_install() stuff alltogether in
the news item?  A distro should not ask its users to fiddle with package
management software lightly.

Besides, if it is such a good idea -and it is- it should be part of
portage.

Why not push for stabilization of 2.1.9 and then do the news item?  Am I
missing something?

-- 
Eray

Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in app-cdr/cdemu: metadata.xml ChangeLog cdemu-1.3.0.ebuild

[Eray Aslan]

On 21.10.2010 07:57, Peter Volkov wrote:
> Why unwanted? I remember there was never consensus... 

Well, in that case there is a discrepency with the devmanual:
http://devmanual.gentoo.org/general-concepts/use-flags/index.html#noblah-use-flags

-- 
Всего доброго
Эрай

Re: [gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in app-cdr/cdemu: metadata.xml ChangeLog cdemu-1.3.0.ebuild

[Eray Aslan]

On 21.10.2010 10:30, Peter Volkov wrote:
> Nothing there applies here, since this USE flag has nothing to do with
> archs/profiles...

which will force some users to use double negative (-nocdemud, i.e. no
no cdemud) which is rather convulated and should be avoided imho.  While
at it, we should try to make the wording on the devmanual clearer, that
it only applies to arches/profiles

or

just don't use noblah USE flags.

This is just a friendly suggestion and the decision is yours to make.
Over and out.
-- 
Eray

[gentoo-dev] [PATCH] openrc: make exit codes comply with Linux Standard Base

[Eray Aslan]

Linux Standard Base[1] states that for init scripts:

* status command for a stopped service should have a return code of 3
* starting an already started service or stopping an already stopped
service should be considered as successful

The trivial patch below makes openrc comply with LSB.  I am not aware of
any service depending on the changed behaviour.

Use case:  One can use Gentoo init scripts with cluster management
software - such as sys-cluster/pacemaker - instead of writing a resource
agent or trying to work around their limitations for each managed
service.

[1]
http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html


Signed-off-by: Eray Aslan 
---
 sh/runscript.sh.in |2 +-
 src/rc/runscript.c |   12 
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/sh/runscript.sh.in b/sh/runscript.sh.in
index 3d7252a..ea40573 100644
--- a/sh/runscript.sh.in
+++ b/sh/runscript.sh.in
@@ -89,7 +89,7 @@ _status()
return 0
else
einfo "status: stopped"
-   return 1
+   return 3
fi
 }
 
diff --git a/src/rc/runscript.c b/src/rc/runscript.c
index f3f0517..a264535 100644
--- a/src/rc/runscript.c
+++ b/src/rc/runscript.c
@@ -596,8 +596,10 @@ svc_start_check(void)
fcntl(exclusive_fd, F_SETFD,
fcntl(exclusive_fd, F_GETFD, 0) | FD_CLOEXEC);
 
-   if (state & RC_SERVICE_STARTED)
-   ewarnx("WARNING: %s has already been started", applet);
+   if (state & RC_SERVICE_STARTED) {
+   einfo("%s has already been started", applet);
+   exit(EXIT_SUCCESS);
+   }
else if (state & RC_SERVICE_INACTIVE && !in_background)
ewarnx("WARNING: %s has already started, but is inactive",
applet);
@@ -845,8 +847,10 @@ svc_stop_check(RC_SERVICE *state)
fcntl(exclusive_fd, F_SETFD,
fcntl(exclusive_fd, F_GETFD, 0) | FD_CLOEXEC);
 
-   if (*state & RC_SERVICE_STOPPED)
-   ewarnx("WARNING: %s is already stopped", applet);
+   if (*state & RC_SERVICE_STOPPED) {
+   einfo("%s is already stopped", applet);
+   exit(EXIT_SUCCESS);
+   }
 
rc_service_mark(service, RC_SERVICE_STOPPING);
hook_out = RC_HOOK_SERVICE_STOP_OUT;
-- 
1.7.3.4


pgpUIPqeqKJny.pgp
Description: PGP signature

Re: [gentoo-dev] [PATCH] openrc: make exit codes comply with Linux Standard Base

[Eray Aslan]

On Sat, Jan 08, 2011 at 05:09:21PM -0500, Mike Frysinger wrote:
> this belongs in bugzilla, not the gentoo-dev mailing list

Well, this is the upstream ML but anyway, no big deal:

https://bugs.gentoo.org/show_bug.cgi?id=351160

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgp0j1t4ekdHW.pgp
Description: PGP signature

[gentoo-dev] masking mailwrapper

[Eray Aslan]

Only virtual/mta remains as an old style virtual in the net-mail herd.
I will be changing it to a new style virtual in a few days.

While at it, I would like to get rid of mailwrapper USE flag and finally
mask net-mail/mailwrapper for removal - bug #158003.

If there are any objections, hold requests, don't-touch-my-package
notices etc regarding net-mail/mailwrapper, please let me know.
-- 
Eray Aslan



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] rejecting unsigned commits

[Eray Aslan]

On 2011-03-25 1:59 PM, Dane Smith wrote:
> Having said that, for those that just use "keys" for e-mails (most of
> us), it would make more sense to use full blow SSL certs in the long run.

Please no.  PKI is a naive design and for all intents and purposes will
remain a pipe-dream.  All security relationships that is worth anything
is bilateral and no trusted third party is willing to accept enough risk
to warrent full trust.

Using public keys for auth is a good security model and the rest of x509
certs is just unnecessary overhead.  Let's not go there.  GPG is good
enough.
-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] Re: rejecting unsigned commits

[Eray Aslan]

On 2011-03-28 2:54 PM, Rich Freeman wrote:
>> 3. If I'm going to start using GPG, I might as well use it for a few things.
>> Anyone got pointers for cross-platform use, i.e., Thunderbird on Windows?
> 
> Enigmail.  Haven't actually used it on windows but it is pretty
> transparent and I believe it supports windows.  

Aye, enigmail and thunderbird works on windows.  And gpg4win if you have
to use outlook and/or claws.

> No graceful solution
> to keyring management that I know of

WinPT is our preferred solution on windows.

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org

[gentoo-dev] lastrite: net-mail/mailwrapper net-mail/mailer-config

[Eray Aslan]

# Eray Aslan  (29 Mar 2011)
# Abandoned project.  Last release in 2005.  Bugs #158003, #97589,
# #359411.
# Removal in 90 days
net-mail/mailwrapper
net-mail/mailer-config

Re: [gentoo-dev] Please enhance your USE descriptions!

[Eray Aslan]

On Wed, Mar 30, 2011 at 04:41:25PM -0500, Dale wrote:
> +1  Some descriptions may as well not have one at all.  May as well 
> Google the flag and the package and see what, if anything, it returns.

I would say working as intended.  If you do not know what a package
does, chances are you don't need to enable it.  And if you do want
to tinker, USE flags gives you enough of a hint to start googling.

Having said that, we should at least have gramatically correct
English in descriptions.  One might also lean towards more verbosity
in end-user oriented packages (versus server/backend/toolchain
packages).  In any case, 10-15 words should be more than enough to
explain what a USE flag does.

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org

[gentoo-dev] RDEPENDing on packages from overlays?

[Eray Aslan]

https://bugs.gentoo.org/show_bug.cgi?id=364445
https://bugs.gentoo.org/show_bug.cgi?id=364401

Basically, there are requests to add packages to RDEPEND in virtual/mda
and virtual/mta that are not in the official tree but in sunrise.

On one side, *DEPENDing on a package outside the tree doesn't seem
right.  Additionally, keeping track of all the overlays and their
package versions, USE flags and flag changes are potentially too much to
track.  We will be making changes to a virtual package without testing
whether it works.

On the other hand, we are making life (unneccesarily?) difficult for
overlay users by not incorporating the requested changes to the official
tree.

Comments on how to proceed?  Is it OK for a virtual to list a package
which is in an overlay in RDEPEND?

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org

Re: [gentoo-dev] RDEPENDing on packages from overlays?

[Eray Aslan]

Replying randomly

On Sat, Apr 23, 2011 at 08:24:59AM -0700, Zac Medico wrote:

The consensus seems to be to leave it for the package maintainer to
decide.

I, for one, will be making the necessary changes to include packages
from overlays until, for whatever reason, it either

* becomes too burdensome
* hinders the main tree

Thanks for the feedback.

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgpox9djzdHzo.pgp
Description: PGP signature

Re: [gentoo-dev] RDEPENDing on packages from overlays?

[Eray Aslan]

On Sun, Apr 24, 2011 at 07:39:55AM +0200, Ulrich Mueller wrote:
> I can live with that, as long as the responsibility that packages work
> with dependencies from overlays stays entirely with the overlay's
> maintainer.

Good point.  Agreed.

> But could you please add a comment in the virtual's ebuild where (i.e.
i> in which overlay) the additional dependencies can be found?

Done.

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgpDvU1shNxas.pgp
Description: PGP signature

Re: [gentoo-dev] Camellia?

[Eray Aslan]

On Wed, Apr 27, 2011 at 03:38:16PM -0400, James Cloos wrote:
> Is there any specific reason why smtp.gentoo and pigeon.gentoo use
> camellia for their outbound smtp starttls connections?

Probably it is the strongest cipher supported.  One can do

$ openssl ciphers -v 'ALL:@STRENGTH'

on those machines and see what comes up top.  An upgrade might be in
order.
-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org

Re: [gentoo-dev] Camellia?

[Eray Aslan]

On Thu, Apr 28, 2011 at 09:14:07AM -0400, Dane Smith wrote:
> I find it somewhat hard to believe that they are using a version of
> OpenSSL that doesn't have AES-256. It's been around since 0.9.7.

It does have AES256 just lower in the list:

eras@woodpecker ~ $ openssl ciphers -v ALL:@STRENGTH | head -n5
ADH-CAMELLIA256-SHA SSLv3 Kx=DH   Au=None Enc=Camellia(256)
Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH   Au=RSA  Enc=Camellia(256)
Mac=SHA1
DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH   Au=DSS  Enc=Camellia(256)
Mac=SHA1
CAMELLIA256-SHA SSLv3 Kx=RSA  Au=RSA  Enc=Camellia(256)
Mac=SHA1
ADH-AES256-SHA  SSLv3 Kx=DH   Au=None Enc=AES(256)  Mac=SHA1
eras@woodpecker ~ $ openssl version
OpenSSL 0.9.8o 01 Jun 2010

Presumably smtp.g.o and pigeon.g.o has the same setup.
ssl_create_cipher_list() makes the above list if you want to check its
history.

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org

Re: [gentoo-dev] Camellia?

[Eray Aslan]

On Thu, Apr 28, 2011 at 06:59:05PM +0300, Panagiotis Christopoulos wrote:
> Please, can you continue this somewhere more privately? I wouldn't like it if
> I were a sysadmin and someone was posting information about versions of
> software of production machines publicly. I hope you understand.

Security through obscurity does not work.  It especially will not work for the
infrastructure of a Linux distribution.

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org

[gentoo-dev] git? [was: Re: Devmanual text on ChangeLogs]

[Eray Aslan]

On Sun, May 01, 2011 at 12:06:47PM +0300, Samuli Suominen wrote:
> ... the time alone if you have to stop on each package to wait for
> echangelog to get done just doubles the amount of time you have to put
> into committing them. That's just not worth the effort.

Won't moving the tree to git will make this a moot discussion?  These and
similar solutions look more and more lika a band-aid to the defecencies
of cvs.

What is it really that is holding us up?  A dev to spearhead the move?

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org

Re: [gentoo-dev] rfc: use of the /run directory

[Eray Aslan]

On Wed, May 18, 2011 at 03:36:48AM +0200, Jeroen Roovers wrote:
> wrt /var/run on tmpfs, I recall packages installing daemons that expect
> their specific directories to be present in /var/run, and that do not
> play nice when that directory turns out empty, but we should be able to
> work around that by creating the directory in the init.d script before
> we execute the daemon.

Yes.  Some examples:

https://bugs.gentoo.org/show_bug.cgi?id=332633
https://bugs.gentoo.org/show_bug.cgi?id=334245
https://bugs.gentoo.org/show_bug.cgi?id=334437
https://bugs.gentoo.org/show_bug.cgi?id=342049
https://bugs.gentoo.org/show_bug.cgi?id=333783

Basically, if we are going to to do the move to /run, we should have a
policy of "/var/run and /var/lock can and will be on tmpfs and init
scripts should handle this correctly" or something similar.

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgpq76fWyxOul.pgp
Description: PGP signature

Re: [gentoo-dev] Re: RFC: better policy for ChageLogs

[Eray Aslan]

On 2011-06-02 8:09 AM, Peter Volkov wrote:
> ChangeLog files are text to be distributed to our users so they are
> completely independent of vcs we use.

Just ditch the Changelogs and be done with it.  The only objection I
know is that changelogs act as a NEWS file.  Well, it is not a good
enough reason in my humble opionion.  Find another way to present NEWS
if it is deemed necessary.

> Is git faster then rsync? I've never done any checks but it'll be
> surprising if it will.

Git usually is faster - except the initial clone.  Basically, rsync
protocol scales with the project size not with change size.

And lastly, while I don't really care either way, I think at least some
of the push back is the result of unfamiliarity with git.  And my
impression is that unless a dev with enough political capital spearheads
the move, this issue will continue to come up for a long time yet.

-- 
Eray



signature.asc
Description: OpenPGP digital signature

[gentoo-dev] Last rites: net-mail/gml

[Eray Aslan]

# Eray Aslan  (4 June 2011)
# Dead upstream. Not needed as Google supports
# IMAP access to mailboxes now. Bug #151470
# Removal in 30 days
net-mail/gml


pgpgHNAuXmazo.pgp
Description: PGP signature

[gentoo-dev] Last rites: net-mail/vm-pop3d

[Eray Aslan]

# Eray Aslan  (14 Jun 2011)
# Dead upstream. Does not work properly - bug #179497 #370145.
# Several good alternatives, including dovecot, cyrus, mailutils.
# Removal in 30 days
net-mail/vm-pop3d

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgpQaNUw77DfL.pgp
Description: PGP signature

[gentoo-dev] Last rites: net-mail/signature

[Eray Aslan]

# Eray Aslan  (14 Jun 2011)
# Last release in 2000. Possible buffer overflow - bug #349786.
# Alternative net-mail/signify but better still most mail
# clients provide this service now.
# Removal in 30 days
net-mail/signature

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgpKkasWF2FyE.pgp
Description: PGP signature

[gentoo-dev] Last rites: net-mail/teapop

[Eray Aslan]

# Eray Aslan  (18 Jun 2011)
# No upstream. Does not work correctly. Bugs #275764 #370171.
# Several working alternatives, including dovecot, cyrus, mailutils.
# Removal in 30 days
net-mail/teapop

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgp6NX2fNKZ50.pgp
Description: PGP signature

[gentoo-dev] Last rites: mail-client/smtpclient

[Eray Aslan]

# Eray Aslan  (18 Jun 2011)
# Dead upstream.  Lots of alternatives including mailx,
# nail, ssmtp, postfix...
# Removal in 30 days
mail-client/smtpclient

-- 
Eray Aslan
Developer, Gentoo Linux   eras  gentoo.org


pgp2bU8jMnaZR.pgp
Description: PGP signature

[gentoo-dev] Last rites: net-mail/freepops

[Eray Aslan]

# Eray Aslan  (20 Jul 2011)
# Dead upstream.  Does not compile.  Bugs 205442, 354865, 370459.
# Removal in 30 days.
net-mail/freepops
-- 
Eray Aslan 


signature.asc
Description: Digital signature

Re: [gentoo-dev] Warn users not to do separate /usr partition without proper initramfs in the handbook?

[Eray Aslan]

On 2011-08-01 10:23 AM, Samuli Suominen wrote:
> that's my impression now too since nobody has managed to provide useful
> case for separate /usr, or they have been very vague

I will switch if I have to but saying / and /usr on the same filesystem
is the better technical solution just annoys me.

I understand if going against upstream and keeping them seperate is not
worth the hassle and noone steps up to do it.  But then we should say
so.  Please don't kid yourself (or others).
-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] /usr vs. initramfs redux

[Eray Aslan]

On 2011-08-11 12:56 AM, Robin H. Johnson wrote:
> The problem of filling up
> / is PEBKAC primarily, and can happen equally for / (think /root), /usr
> on /, /var on /.

This does not match with my experience.  Over the years, I have seen
/var filling up several times on servers, but not /.  Please be careful
with where you are going with this.

As a side note, I do admire BSD now and then.  Simplicity is good.
-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] rfc: using /libexec

[Eray Aslan]

On 2011-09-08 11:19 AM, Joshua Kinard wrote:
> Whoever said we had to do what everyone else did?  We're Gentoo, not a
> pack of lemmings.  If we have to, we should be able to create an
> entirely new solution, never thought of before, that fixes the problem
> for all parties involved, yet allows us to keep the bit in our security
> guide about keeping /usr (and other partitions) separate.

I also certainly do not like this systemd crusade and having initramfs
and friends forced down our throats.  Solving it properly would give
Gentoo an advantage over other distros and I feel that this is the road
we should take.  Problem is this is more or less a doacracy.  We are
governed by the doers.  Choices come down to:

* Voice your concern and then hush up if noone takes it up
* Spend some non-trivial brain and cpu cycles, not to mention time, to
get to a proper solution
* Search for alternative, possibly non-Linux, solutions

> PS, yell if using PGP/MIME messes this message up.  Thunderbird +
> Enigmail apparently is very unfriendly to inlined PGP for some odd
> reason.  The two fight over the bloody line-wrapping mechanics.

Looks good.
-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] rfc: using /libexec

[Eray Aslan]

On 2011-09-08 6:58 PM, Michał Górny wrote:
> Could you stick to facts rather than pointless accusations?

It is not an accusation and it is not pointless.  For the last time:

Seperate /usr without initramfs used to work.  Now it doesn't.  What you
are proposing is going to make it well neigh impossible to correct later
on.  We could have done a proper fix instead of going with the flow.
But I am not the one doing the coding (or employ the one who does).  So,
it is not my call.  So, I am shutting up.

Please do not rehash the same arguments in every email.  Having an
opinion is fine but being opiniated is not.  And it is getting tiresome.
-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] rfc: using /libexec

[Eray Aslan]

On 2011-09-09 1:15 AM, Joshua Kinard wrote:
> Under what setup does it not work now?  I would very much like to know
> if some recent OpenRC thing just hosed something.  I'm dealing with
> torrential rain here, thunderstorms, and I cannot predict when my next
> power outage will be.  Last thing I need on my plate is a Linux box not
> coming back online because separate /usr was suddenly deprecated.

Sorry, I should have qualified it as "it doesn't work reliably for all
use cases now".  Nothing to do with OpenRC.  Mostly, it is udev or
rather the binaries that its rules want to run that are in /usr or
linked against libraries in /usr before /usr is mounted.  Check the
archives.  There was a discussion I believe.

As a side note, most of this discussion seems to result from different
paradigms of end users (and companies that cater to them) vs server
admins.  Priorities and what is important hence their solutions differ.
-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

[gentoo-dev] Lastrites: mail-filter/libdomainkeys

[Eray Aslan]

Abandoned project.  Historical standard.  Use one of the DKIM
implementations, which provide domainkeys verification as well, instead.
mail-filter/opendkim is a good alternative.
Removal in 30 days.

-- 
Eray Aslan 


signature.asc
Description: Digital signature

Re: [gentoo-dev] rfc: locations of binaries and separate /usr

[Eray Aslan]

On 2012-01-01 11:50 PM, Olivier Crête wrote:
> systemd/dracut/etc handles /usr on its own filesystem just fine. What is
> required is that /usr must be mounted before the pivot_root away from
> the initramfs.

Nitpick:  I don't think pivot_root is used anymore.  It is basically
unlink, mount, chroot and exec now (i.e. switch_root).

RedHat made some bad design decisions on RPM (.rpmnew files anyone?) and
udev.  Udev was probably salvagable before systemd but noone has the
motivation or the man-power to manage the huge delta that would result
now.  It would probably amount to forking udev.  So people are following
along even if they are unhappy.

Plus Redhat did not support in-place upgrades last time I checked.  So
they don't really care for a lot of problems that are important for us.

Regarding the original question, I belive there are 2 issues here:
1. Requiring initramfs (or dracut or whatever) for separate /usr
2. Migrating /bin to /usr/bin, /sbin to /usr/sbin etc.

For the first point, we should start requiring initramfs of some sort
for separate /usr now.  That train has passed.

For the second point, we should hold on as long as we deem appropriate.
Then reconsider and -most probably- move ahead with the migration.  Main
point is not to break existing installations by making the move too
quickly.  Give sysadmins time to to adjust, resize partitions if
necessary etc.  Do not go for half way solutions (i.e. number 2 in the
original email).

As a side note, thank you and keep up your good work on OpenRC.  I find
it is easier, cleaner and in general superior to systemd especially in
server settings.  And for my laptop, I don't really care which init
system is used anyway.

-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] rfc: locations of binaries and separate /usr

[Eray Aslan]

On Tue, Jan 03, 2012 at 01:50:25PM -0500, Olivier Crête wrote:
> On Mon, 2012-01-02 at 10:41 +0200, Eray Aslan wrote:
> > RedHat made some bad design decisions on RPM (.rpmnew files anyone?) and
> > udev.  Udev was probably salvagable before systemd but noone has the
> > motivation or the man-power to manage the huge delta that would result
> > now.  It would probably amount to forking udev.  So people are following
> > along even if they are unhappy.
> 
> This is completely unrelated to RPMs.

The same packages are moving towards a system where config files reside
under /usr/lib with users overriding the defaults in /etc
(/usr/lib/udev/rules.d/ and /etc/udev/rules.d).  I doubt this would have
come about if RPM had a sensible way of dealing with config files -if
they had etc-update/dispatch-conf for example.

-- 
Eray Aslan 


signature.asc
Description: Digital signature

Re: [gentoo-dev] rfc: locations of binaries and separate /usr

[Eray Aslan]

On Wed, Jan 04, 2012 at 07:26:05PM +0100, Marc Schiffbauer wrote:
> For example, to make that FHS definition be reality there are (can
> be) runlevels that will only boot a system with all basic stuff
> required to mount the rootfs and make root being able to login to
> the local text console. These are the things that make a unixoid
> system valuable over other kind of systems.

There are benefits to the proposed changes, especially for rpm based
distros and especially for non-server settings.  Are they good enough?
No, I don't think they are.  But since forking all those packages is
not a realistic proposition, we will have to follow along.  We should
try and not break existing installations when we do though.

> I do not like the idea to throw away all those benefits just because
> so many (younger/newer) people do not know about the possibilities
> an "old fashioned" unix system tends to have.

Hey, this is web 2.0 era.  Being mostly right most of the time is good
enough.

-- 
Eray Aslan 


signature.asc
Description: Digital signature

Re: [gentoo-dev] Packages up for grabs

[Eray Aslan]

On Thu, Mar 01, 2012 at 10:17:12PM +, Markos Chandras wrote:
>   mail-client/nmh

net-mail will co-maintain it.

-- 
Eray Aslan 


pgpw6E6otB0aq.pgp
Description: PGP signature

Re: [gentoo-dev] RFD: EAPI specification in ebuilds

[Eray Aslan]

On Fri, Mar 09, 2012 at 08:15:11AM -0800, Zac Medico wrote:
> They may or may not have issues. Our goal is to minimize our
> vulnerability to these kinds of issues as much as possible. Being able
> to obtain the ebuild EAPI without the expense of sourcing it is one
> small step toward this goal.

EAPI is metadata and is best treated as such.  In other words, history
aside, it does not belong inside an ebuild.  Making EAPI info part of
the filename does look like a reasonable solution - similar to
seen/replied flags in the filenames in maildir directories.  Heck, even
version numbers in an ebuild filename is similar.

I don't understand why there is a strong objection to it.

But anyway, it is Friday night and I am out of here.  Have fun.

-- 
Eray Aslan 


pgpgziRXSe880.pgp
Description: PGP signature

Re: [gentoo-dev] RFC: Change mail-mta/msmtp to be the default in virtual/mta instead of mail-mta/ssmtp ?

[Eray Aslan]

On 2012-03-12 10:20 PM, Robin H. Johnson wrote:
> One of the greatest things that bugs me about ssmtp is that if the
> mailserver is not available, it hangs for a while, and then it loses the
> email. 

To be fair, a queue-less design does keep it simple.

> Where I need a simple mail relay, I've gone with nullmailer instead,
> because it supports the features, and it explicitly has a lightweight
> daemon mode that queues mail to send.

msmtp: TLS/SSL and AUTH support.  Config can be easier.  No queue.
nullmailer:  AUTH support.  No TLS/SSL.  Easy to configure and use.  Has
a queue.

I like nullmailer better but usually go with msmtp.  TLS/SSL is usually
mandatory for login when emails go to some central mail hub and not
directly to MX hosts - which is pretty much guaranteed nowadays.  I am
not sure if we should install a TLS-less mailer by default.

Some documantation would be nice in either case.

-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

[gentoo-dev] Last rites: mail-filter/dk-milter mail-filter/dkim-milter

[Eray Aslan]

# Eray Aslan  (10 Apr 2012)
# Dead upstream. Use mail-filter/opendkim instead.
# Removal in 30 days - bug 411429
mail-filter/dkim-milter

# Eray Aslan  (10 Apr 2012)
# Dead standard.  Dead upstream.
# Use mail-filter/opendkim instead.
# Removal in 30 days - bug 411427
mail-filter/dk-milter

-- 
Eray Aslan 


pgp0PF8mOXPQQ.pgp
Description: PGP signature

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Eray Aslan]

On 2012-05-16 12:13 PM, Andreas K. Huettel wrote:
>>> make.conf(5) man page:
>>>   This causes the CONFIG_PROTECT behavior to be skipped for files that
>>>   have not been modified since they were installed.
> 
> +1 very good idea

Hmm, does that mean that when a default changes in (or some new setting
is added to) an app config file, I'll get no prompt and no warning
assuming I go with the default settings in the app?  That presumes that
the new default or the new setting does not break my setup.  That is a
big assumption.

Even if we go with enabling it by default, please have a news item so
that one can turn it off if necessary.  Even then, new installs will
have to remember to turn it off.

-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Eray Aslan]

On 2012-05-16 12:56 PM, Fabio Erculiani wrote:
> Generally, several PMS (I think apt does it as well) make this assumption:
> if config file C owned by package P has never been modified, meaning
> that md5 or whatever is the same, the old C of P was fine, so is the
> new C.

Yep, and I always thought that Gentoo way of dealing with config files
was much better -both compared to .deb and .rpm land- in this regard.
Presenting the diff is a quick and efficient way to highlight the
changes and ask the sysadmin to make the necessary changes if any.

I am not bothered with the (frequency of?) diffs but I guess people are.

> This also helps a lot in the scenario where critical configuration
> files are not updated before reboot, which might result in an
> unbootable system (ouch!).

Well, that is true.  If you forget to dispatch-conf, it might bite you.

Anyway, no big deal either way though I prefer the status quo.  If we
make the change, make it with enough fanfare that users notice.

-- 
Eray Aslan 



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] Re: [gentoo-commits] repo/gentoo:master commit in: net-libs/courier-unicode/

[Eray Aslan]

On Wed, Nov 18, 2015 at 11:07:50PM +0100, Michał Górny wrote:
> This version is required by courier-imap-4.16.0 [1], so you've caused
> a depgraph breakage. Please either revert this,

Done.  Thanks for the email.

-- 
Eray

Re: [gentoo-dev] EGO_SUM (was: [gentoo-project] Gentoo Council Election 202306 ... Nominations Open in Just Over 24 Hours.)

[Eray Aslan]

On Fri, Jun 30, 2023 at 03:38:11AM -0600, Tim Harder wrote:
> Why do we have to keep exporting the related variables that generally
> cause these size issues to the environment?

I really do not want to make a +1 response but this is an excellent
question that we need to answer before implementing EGO_SUM.

-- 
Eray

Re: [gentoo-dev] RFC: Setting default HOME_MODE in /etc/login.defs

[Eray Aslan]

On Sun, Feb 11, 2024 at 10:10:13AM +, Sam James wrote:
> I'm in favour, although I'd be curious as to why upstream shadow don't
> just set it. It would be interesting to see if the discussion already
> happened there at some point (surely it has?) and find out their
> reasoning. (But that's not a blocker for proceeding.)

I believe it is for historical reasons. Computer networks and terminals
used to be much friendlier places.

> I want to hear more opinions first though. Thanks for raising this,
> it's been in the back of my head.

Even though I do not really care either way, what problem exactly are we
trying to solve? Better security is just too vague an argument. I can
see the argument if we were selling to business (*cough*red hat*cough*)
but on the other hand, an argument can also be made for keeping to the
roots of computer networks and their naivete (keep information free and
all that stuff). In this regard, it is telling that only debian and
gentoo keep 022.

Consider taking it upstream as someone else (ulm?) already mentioned in
the discussion.

Thanks
-- 
Eray

[gentoo-dev] net-mail/cyrus-imap-admin dev-libs/cyrus-imap-dev Mask for removal

[Eray Aslan]

# Eray Aslan  (17 May 2017)
# Functionality merged to cyrus-imapd-2.5.x series.
# cyrus-imapd-2.5.10 was stabilized in Jan 2017.  Upgrade
# if you haven't already done so.  Removal in 30 days.
net-mail/cyrus-imap-admin
dev-libs/cyrus-imap-dev
# Masking for end-user convenience.  Will be dropped once
# net-mail/cyrus-imap-admin and dev-libs/cyrus-imap-dev
# are tree cleaned.
=net-mail/cyrus-imapd-2.4*

https://bugs.gentoo.org/show_bug.cgi?id=618716

-- 
Eray

Re: [gentoo-dev] Upcoming posting restrictions on the gentoo-dev mailing list

[Eray Aslan]

On Tue, Jan 09, 2018 at 10:20:56PM +0100, Andreas K. Huettel wrote:
> * Posting to the list will only be possible to Gentoo developers and
>   whitelisted additional participants.

This is so contrary to what I and I thought Gentoo stands for:
openness, transparency, inclusiveness even when these require a rather
thick skin and result in high noise.  It's a price worth paying.

I guess I should a) pay more attention to council elections b) consider
the idea that the whole council thing as it stands now is just not
working.

-- 
Eray

Re: [gentoo-dev] Upcoming posting restrictions on the gentoo-dev mailing list

[Eray Aslan]

On Wed, Jan 10, 2018 at 08:55:11AM +0100, Lars Wendler wrote:
> Seems we're turning into an elitist club or something... 

Elitist seems too kind a word.  Knee-jerk reaction, petty vendetta,
impulsive emotional reaction comes to mind - instead of articulating and
implementing a vision for the distribution, principled action, making
all devs work together towards the goals that have been set.  Not day to
day reactions and bad ones at that.  Council is failing its one main
task - it prolly has been for some time, this one also fails "first, do
no harm" test.

Mind you they are not harming willingly.  I am pretty sure they are all
well intentioned.  They, as a group, just do not have, I dont know, the
vision, the experience, the personality to lead a distro.

We need a change as otherwise I am afraid the future is not bright.  I
think with this last straw I lost faith in the current setup.  Death by
a committee.  Yey.

-- 
Eray

Re: [gentoo-dev] Mailing list moderation and community openness

[Eray Aslan]

On Tue, Mar 20, 2018 at 10:28:48AM -0500, Matthew Thode wrote:
> While I personally do no agree with mailing list moderation infra has
> been tasked with moving forward on it.

You can always resign from infra.

That was a somewhat tongue-in-cheek comment but not wholly.  You cant
cop out by saying it was an order from council.  I understand if you
dont but do consider it.  Fight the good fight.

-- 
Eray

Re: [gentoo-dev] Mailing list moderation and community openness

[Eray Aslan]

On Wed, Mar 21, 2018 at 10:44:48AM -0400, Alec Warner wrote:
> [1] Which isn't to say that I would accept 'orders' to commit crimes, or
> other obviously bad things.

This is the crux of the problem.  There are certain lines you will not
cross.  I am saying that my line is different and by voicing that,
hopefully, making you re-consider yours.

> I'm again asserting that this idea is not
> fundamentally bad. The community has a 'toxic people problem' and our
> previous attempts at resolution have not really produced great results.
> Will this also produce great results? Not sure. But willing to try it.

Openness, transparency, inclusiveness.  Those are some pretty
fundemental values.  Reconsider.  But if you decide to go ahead, I am
not going to judge you.  You (or the council members who voted yes) are
not bad persons.  Just somewhat different values - which is surprising
in a sad way.

-- 
Eray

[gentoo-dev] package up for grabs: net-proxy/squid

[Eray Aslan]

Hi,

net-proxy/squid is a populer web proxy cache.

I do not use squid for a while now and cannot really test any changes.
Package needs some love but we have a responsive upstream.

Feel free to take it if you are interested.  I have removed myself from
metadata and assigned the bugs to maintainer-needed.

Thanks
-- 
Eray

Re: [gentoo-dev] (Lots of) Packages up for grabs due to net-mail@ project disbanding

[Eray Aslan]

On Tue, Mar 26, 2019 at 04:24:07PM -0500, William Hubbs wrote:
> On Tue, Mar 26, 2019 at 09:02:07PM +0100, Michał Górny wrote:
> > mail-mta/postfix
> 
> I have an interest in this one since my employer uses it.
> I don't know how fast I'll work the bugs right now, but I'll take a
> look. :-)
> 
> Eray, go ahead and co-maintain with me if you still want to.

I've maintainer postfix for the last several years and I will continue
maintaining it.  Anyone is more than welcome to co-maintain if they
wish.

Cheers,
-- 
Eray

[gentoo-dev] RFC: UID/GID assignment for postfix (207)

[Eray Aslan]

I would like to reserve UID/GID 207 for postfix (mail-mta/postfix).

This fixed ID is what we have provided historically and differs from
Arch (73) and RedHat (89).

-- 
Eray


signature.asc
Description: PGP signature

[gentoo-dev] RFC: GID assignment for postdrop (208)

[Eray Aslan]

I would like to reserve GID 208 for postdrop (mail-mta/postfix)

This fixed ID is what we have provided historically and differs from
Arch (75) and RedHat (90).

-- 
Eray


signature.asc
Description: PGP signature

[gentoo-dev] RFC: UID/GID assignment for dovecot (97)

[Eray Aslan]

I would like to reserve UID/GID 97 for dovecot (net-mail/dovecot)

This fixed ID is what we have provided historically and is the same as
RedHat but differs from Arch (76).

-- 
Eray


signature.asc
Description: PGP signature

[gentoo-dev] RFC: UID/GID assignment for dovenull (484)

[Eray Aslan]

I would like to reserve UID/GID 484 for dovenull (net-mail/dovecot).

Arch uses uid 74 for dovenull while Redhat uses next available.

-- 
Eray


signature.asc
Description: PGP signature

Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (97)

[Eray Aslan]

On Wed, Aug 07, 2019 at 11:32:48AM +0300, Alexander Tsoy wrote:
> В Ср, 07/08/2019 в 09:29 +0300, Eray Aslan пишет:
> > I would like to reserve UID/GID 97 for dovecot (net-mail/dovecot)
> 
> This GID is currently used by the input group (sys-apps/baselayout and
> acct-group/input).
> 
> https://bugs.gentoo.org/688390

So do we ask acct-group/input to change their GID? why add an already
used fixed gid to baselayout in the first place (and one that is used on
other distros as well)?  whats the thinking here?

or we can change dovecot uid/gid.  I dont mind but how do we decide?

-- 
Eray


signature.asc
Description: PGP signature

Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (97)

[Eray Aslan]

On Wed, Aug 07, 2019 at 10:59:48AM +0200, Ulrich Mueller wrote:
> Historically dovecot came first, but OTOH the ID was added to baselayout
> five years ago, and changing baselayout requires some effort. So I'd
> suggest to change dovecot.
> 
> The UIDs and GIDs used by Arch might be good:
>dovenull  74
>dovecot   76

Alright.  I'll re-send the emails with the revized IDs

Thanks
-- 
Eray


signature.asc
Description: PGP signature

[gentoo-dev] RFC: UID/GID assignment for dovecot (76)

[Eray Aslan]

I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot)

This id differs from what we have provided historically (97) but gid/97
is used by acct-group/input.  So use 76 instead.

This id is the same in Arch (76) but differs from Redhat (97).

-- 
Eray



signature.asc
Description: PGP signature

[gentoo-dev] RFC: UID/GID assignment for dovenull (74)

[Eray Aslan]

I would like to reserve UID/GID 74 for dovenull (net-mail/dovecot).

Arch also uses uid 74 for dovenull while Redhat uses next available.

-- 
Eray


signature.asc
Description: PGP signature

Re: [gentoo-dev] RFC: UID/GID assignment for dovecot (76)

[Eray Aslan]

On Thu, Aug 15, 2019 at 02:58:17PM -0400, Michael Orlitzky wrote:
> On 8/7/19 5:24 AM, Eray Aslan wrote:
> > I would like to reserve UID/GID 76 for dovecot (net-mail/dovecot)
> > 
> > This id differs from what we have provided historically (97) but gid/97
> > is used by acct-group/input.  So use 76 instead.
> > 
> > This id is the same in Arch (76) but differs from Redhat (97).
> 
> Can we please go back to posting the patches for these new packages?
> Personally, I couldn't care less what integer people pick out of a hat.
> I review these to prevent situations like this:

For the record, it wasnt me who wrote those acct-user ebuilds.

>   # acct-user/postmaster
>   DESCRIPTION="Postmaster user"
>   ACCT_USER_ID=14
>   ACCT_USER_HOME=/var/spool/mail
>   ACCT_USER_HOME_OWNER=root:mail
>   ACCT_USER_HOME_PERMS=03775
>   ACCT_USER_GROUPS=( mail )
> 
>   # acct-user/mail
>   DESCRIPTION="Mail program user"
>   ACCT_USER_ID=8
>   ACCT_USER_HOME=/var/spool/mail
>   ACCT_USER_HOME_OWNER=root:mail
>   ACCT_USER_HOME_PERMS=03775
>   ACCT_USER_GROUPS=( mail )
> 
> These two now need to be kept in-sync forever, because otherwise one is
> going to clobber the permissions on the other's home directory. Not
> having to worry about that was an explicit goal of GLEP81.
> 
> Given that both of those users are pulled in only by net-mail/mailbase
> at the moment, you probably want to set those permissions in the ebuild

I dont want to set permissions in the ebuild if possible.  Thats not a
proper solution.

Why do we need a postmaster account at all?  Does anyone have a clue?

> and leave those two users' home directories at the default. The
> net-mail/mailbase package certainly doesn't need their home directories
> set to anything in particular. (It doesn't need the user at all, but
> that's probably a larger issue with mailbase.)

Getting rid of mailbase is certainly another option.

-- 
Eray

Re: [gentoo-dev] [PATCH v2 4/6] app-crypt/openpgp-keys-miniupnp: Package keys used by miniupnp upst

[Eray Aslan]

On Tue, Oct 06, 2020 at 06:17:23PM +, Robin H. Johnson wrote:
> I'm worried about the proliferation of tiny packages just to convey the
> keys; and how versioning should work if upstream rotates their keys.

That was my initial reaction as well.  The app-crypt/openpgp-keys-* will
potentially double the number of packages in the tree.  We can probably
come up with a better design.

I agree with the need to make it easier for developers to check sigs
before signing the manifest btw.  Thanks for that

-- 
Eray

[gentoo-dev] last rite: mail-filter/dovecot_deleted_to_trash

[Eray Aslan]

# Eray Aslan  (2020-12-14)
# Dead. Last release in 2014. Only works with vulnerable dovecot version.
# Recent Outlook versions should have this functionality built in.  Switch to a
# better mail client if you are still using this package. Removal in 30 days.
# Bug #756217
mail-filter/dovecot_deleted_to_trash

-- 
Eray

Re: [gentoo-dev] RFC: new category for container related packages, instead of app-emulation

[Eray Aslan]

On Sat, Aug 07, 2021 at 01:17:00AM -0400, Ionen Wolkens wrote:
> On Sat, Aug 07, 2021 at 05:56:55AM +0100, Sam James wrote:
> > 
> > 
> > > On 6 Aug 2021, at 23:27, Louis Sautier  wrote:
> > > 
> > > On 06/08/2021 02:57, Alec Warner wrote:
> > >> Do people actually care what category things are in? I just use
> > >> --search or eix or whatever and the category is just this...bad
> > >> concept we attach to packages for silly historical reasons..
> > > 
> > > I also care about categories: if I want to find a Python MySQL library, 
> > > I'll run "eix -C dev-python mysql" (3 results) instead of a plain "eix 
> > > mysql" (33 results). And, as William said, they really help with 
> > > ambiguous package names such as docker.
> > 
> > This is definitely my approach too.
> > 
> > Anyway, I'm supportive of the new category. If it makes things clearer for 
> > people, why not?
> 
> While it wouldn't hurt to consider revisiting the system eventually
> (mostly to avoid pkgmoves), I feel that's not a debate that needs to
> come up every time consider new categories given they're still cheap
> to add and a system change wouldn't happen overnight.

Categories are just one piece of metadata about the package and
incorporating - one somewhat arbitrary - metadata in a name is in
general not a good idea. I think that was all Alec was saying and I tend
to agree.

But it is not an easy fix so go ahead afaic.

-- 
Eray

[gentoo-dev] [PATCH] ssl-cert.eclass: EAPI 8 support and add guard

[Eray Aslan]

---
 eclass/ssl-cert.eclass | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass
index 36945be3cd6..e5dfbbb141c 100644
--- a/eclass/ssl-cert.eclass
+++ b/eclass/ssl-cert.eclass
@@ -6,7 +6,7 @@
 # maintainer-nee...@gentoo.org
 # @AUTHOR:
 # Max Kalika 
-# @SUPPORTED_EAPIS: 1 2 3 4 5 6 7
+# @SUPPORTED_EAPIS: 1 2 3 4 5 6 7 8
 # @BLURB: Eclass for SSL certificates
 # @DESCRIPTION:
 # This eclass implements a standard installation procedure for installing
@@ -19,13 +19,15 @@ case "${EAPI:-0}" in
0)
die "${ECLASS}.eclass: EAPI=0 is not supported.  Please upgrade 
to EAPI >= 1."
;;
-   1|2|3|4|5|6|7)
+   1|2|3|4|5|6|7|8)
;;
*)
die "${ECLASS}.eclass: EAPI=${EAPI} is not supported yet."
;;
 esac
 
+if [[ ! ${_SSL_CERT_ECLASS} ]]; then
+
 # @ECLASS-VARIABLE: SSL_CERT_MANDATORY
 # @PRE_INHERIT
 # @DESCRIPTION:
@@ -283,3 +285,6 @@ install_cert() {
ewarn "Some requested certificates were not generated"
fi
 }
+
+_SSL_CERT_ECLASS=1
+fi
-- 
2.33.0

[gentoo-dev] [PATCH 2/2] ssl-cert.eclass: drop support for EAPI < 6

[Eray Aslan]

Thank you for the comment. Dropped EAPI < 6 support.

Signed-off-by: Eray Aslan 
---
 eclass/ssl-cert.eclass | 17 +
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass
index e5dfbbb141c..428956a4290 100644
--- a/eclass/ssl-cert.eclass
+++ b/eclass/ssl-cert.eclass
@@ -6,7 +6,7 @@
 # maintainer-nee...@gentoo.org
 # @AUTHOR:
 # Max Kalika 
-# @SUPPORTED_EAPIS: 1 2 3 4 5 6 7 8
+# @SUPPORTED_EAPIS: 6 7 8
 # @BLURB: Eclass for SSL certificates
 # @DESCRIPTION:
 # This eclass implements a standard installation procedure for installing
@@ -14,16 +14,9 @@
 # @EXAMPLE:
 # "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
 
-# Guard against unsupported EAPIs.  We need EAPI >= 1 for slot dependencies.
-case "${EAPI:-0}" in
-   0)
-   die "${ECLASS}.eclass: EAPI=0 is not supported.  Please upgrade 
to EAPI >= 1."
-   ;;
-   1|2|3|4|5|6|7|8)
-   ;;
-   *)
-   die "${ECLASS}.eclass: EAPI=${EAPI} is not supported yet."
-   ;;
+case "${EAPI}" in
+   6|7|8) ;;
+   *) die "EAPI=${EAPI:-0} is not supported" ;;
 esac
 
 if [[ ! ${_SSL_CERT_ECLASS} ]]; then
@@ -55,7 +48,7 @@ if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then
fi
 
case "${EAPI}" in
-   1|2|3|4|5|6)
+   6)
DEPEND="${SSL_DEPEND}"
;;
*)
-- 
2.33.0

[gentoo-dev] [PATCH v2] ssl-cert.eclass: add EAPI 8 support

[Eray Aslan]

- drop support for EAPI < 6
- add guard

Signed-off-by: Eray Aslan 
---
 eclass/ssl-cert.eclass | 22 ++
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/eclass/ssl-cert.eclass b/eclass/ssl-cert.eclass
index 36945be3cd6..9d01fd10f50 100644
--- a/eclass/ssl-cert.eclass
+++ b/eclass/ssl-cert.eclass
@@ -6,7 +6,7 @@
 # maintainer-nee...@gentoo.org
 # @AUTHOR:
 # Max Kalika 
-# @SUPPORTED_EAPIS: 1 2 3 4 5 6 7
+# @SUPPORTED_EAPIS: 6 7 8
 # @BLURB: Eclass for SSL certificates
 # @DESCRIPTION:
 # This eclass implements a standard installation procedure for installing
@@ -14,18 +14,14 @@
 # @EXAMPLE:
 # "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
 
-# Guard against unsupported EAPIs.  We need EAPI >= 1 for slot dependencies.
-case "${EAPI:-0}" in
-   0)
-   die "${ECLASS}.eclass: EAPI=0 is not supported.  Please upgrade 
to EAPI >= 1."
-   ;;
-   1|2|3|4|5|6|7)
-   ;;
-   *)
-   die "${ECLASS}.eclass: EAPI=${EAPI} is not supported yet."
-   ;;
+case "${EAPI}" in
+   6|7|8) ;;
+   *) die "EAPI=${EAPI:-0} is not supported" ;;
 esac
 
+if [[ ! ${_SSL_CERT_ECLASS} ]]; then
+_SSL_CERT_ECLASS=1
+
 # @ECLASS-VARIABLE: SSL_CERT_MANDATORY
 # @PRE_INHERIT
 # @DESCRIPTION:
@@ -53,7 +49,7 @@ if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then
fi
 
case "${EAPI}" in
-   1|2|3|4|5|6)
+   6)
DEPEND="${SSL_DEPEND}"
;;
*)
@@ -283,3 +279,5 @@ install_cert() {
ewarn "Some requested certificates were not generated"
fi
 }
+
+fi
-- 
2.33.0

Re: [gentoo-dev] [PATCH v2] ssl-cert.eclass: add EAPI 8 support

[Eray Aslan]

On Wed, Sep 15, 2021 at 09:26:59AM +0300, Eray Aslan wrote:
> - drop support for EAPI < 6
> - add guard
> 
> Signed-off-by: Eray Aslan 

Committed.

-- 
Eray

Re: [gentoo-dev] Don't use UIDs and GIDs below 100 without QA approval

[Eray Aslan]

On Sun, Nov 14, 2021 at 09:15:36PM +0100, Thomas Deutschmann wrote:
> On 2021-11-11 11:59, Ulrich Mueller wrote:
> > We could:
> > 
> > - Open some part of the range between 500 and 1000. For example,
> >500..799, which would leave 200 IDs for dynamic allocation.
> > 
> > - Open part of the range 60001..65533. Not sure if all software will be
> >happy with that.
> > 
> > - Admit that the concept of static allocation has failed, and return to
> >dynamic allocation.
> 
> Only the third option is really possible.

FWIW, I agree with this sentiment.

1/ Static allocation does not really solve a problem. Not really not
nowadays
2/ We cant keep adding new IDs to a distribution as new software gets
added - one side is unbounded.  This is losing game.

Switching back to dynamic allocation seems to be the best option.

-- 
Eray