Gentoo Archives: gentoo-dev

From:	"Paweł Hajdan
To:	gentoo-dev@l.g.o
Subject:	Re: [gentoo-dev] RFC: Disambiguation of "hardened" use flag and proposal for a new global flag "pax_kernel"
Date:	Sat, 16 Jul 2011 16:58:03
Message-Id:	`4E21C296.20708@gentoo.org`
In Reply to:	Re: [gentoo-dev] RFC: Disambiguation of "hardened" use flag and proposal for a new global flag "pax_kernel" by "Anthony G. Basile"

1	On 7/15/11 3:51 AM, Anthony G. Basile wrote:
2	> So, here's the glitch. For example, in dev-lang/mono, following the
3	> above plan, we would drop the "hardened" flag, remove
4	>
5	> DEPEND=" ... hardened? ( sys-apps/paxctl )"
6
7	In the cited scenario, if you're not inheriting the pax-utils eclass,
8	you can keep paxctl undonditionally in DEPEND. It's a rather lightweight
9	dependency I think.
10
11	> But this assumes that paxctl is on the user's system which is not
12	> guaranteed unless the users has emerged hardened-sources (which will
13	> depend on paxctl). scanelf would have to be the replacement in such
14	> cases because it is guaranteed to be there by the profiles.
15
16	Yeah, I think the pax-utils eclass handles that fallback, it's just not
17	used by the ebuild (it seems a bit harder here because of the sed call).

File name	MIME type
signature.asc	application/pgp-signature

Subject	Author
Re: [gentoo-dev] RFC: Disambiguation of "hardened" use flag and proposal for a new global flag "pax_kernel"	"Anthony G. Basile" <blueness@g.o>