| 1 |
On 07/16/2011 12:55 PM, "Paweł Hajdan, Jr." wrote: |
| 2 |
> On 7/15/11 3:51 AM, Anthony G. Basile wrote: |
| 3 |
>> So, here's the glitch. For example, in dev-lang/mono, following the |
| 4 |
>> above plan, we would drop the "hardened" flag, remove |
| 5 |
>> |
| 6 |
>> DEPEND=" ... hardened? ( sys-apps/paxctl )" |
| 7 |
> In the cited scenario, if you're not inheriting the pax-utils eclass, |
| 8 |
> you can keep paxctl undonditionally in DEPEND. It's a rather lightweight |
| 9 |
> dependency I think. |
| 10 |
> |
| 11 |
>> But this assumes that paxctl is on the user's system which is not |
| 12 |
>> guaranteed unless the users has emerged hardened-sources (which will |
| 13 |
>> depend on paxctl). scanelf would have to be the replacement in such |
| 14 |
>> cases because it is guaranteed to be there by the profiles. |
| 15 |
> Yeah, I think the pax-utils eclass handles that fallback, it's just not |
| 16 |
> used by the ebuild (it seems a bit harder here because of the sed call). |
| 17 |
> |
| 18 |
|
| 19 |
Looks like the list discussion on this issues is petering out. I've |
| 20 |
opened up a tracker [1]. I'll start going through the tree an opening |
| 21 |
up bugs against ebuilds that should be discussed. I'm leaning towards |
| 22 |
Mike's suggestion and avoiding another global use flag. Let's see where |
| 23 |
the discussion goes on the bugs. |
| 24 |
|
| 25 |
|
| 26 |
Ref. |
| 27 |
|
| 28 |
[1] https://bugs.gentoo.org/show_bug.cgi?id=375561 |
| 29 |
|
| 30 |
-- |
| 31 |
Anthony G. Basile, Ph.D. |
| 32 |
Gentoo Linux Developer [Hardened] |
| 33 |
E-Mail : blueness@g.o |
| 34 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 35 |
GnuPG ID : D0455535 |
Archives