1 |
On 10/19/2013 08:29 PM, Anthony G. Basile wrote: |
2 |
> |
3 |
> Can you check to see if the || die is required only on packages before |
4 |
> EAPI = 5? Or is it on all EAPI versions? |
5 |
|
6 |
It's required anywhere you want the ebuild to die when pax-mark fails. |
7 |
AFAIK, the EAPI >= 4 auto-die behavior only applies to the commands |
8 |
listed in the PMS under "Ebuild-specific Commands". |
9 |
|
10 |
|
11 |
> Having said that, I'm not sure we want the ebuild to fail just because |
12 |
> pax-mark fails. People on vanilla profiles without xattr support will |
13 |
> be annoyed. |
14 |
|
15 |
Can this be done in the profiles instead of the eclass? |
16 |
|
17 |
Right now, the eclass sets PAX_MARKINGS="PT" for everyone when the |
18 |
variable is unset. On hardened, we probably want PAX_MARKINGS="PT" for |
19 |
now, PAX_MARKINGS="PT XT" later, and PAX_MARKINGS="XT" eventually. |
20 |
|
21 |
Non-hardened users don't care about the markings[1], so it doesn't |
22 |
matter to them whether or not pax-mark fails. But for hardened users, |
23 |
the package will be broken, so the ebuild should die. |
24 |
|
25 |
What would happen it we changed the line, |
26 |
|
27 |
PAX_MARKINGS=${PAX_MARKINGS:="PT"} |
28 |
|
29 |
in the eclass, to, |
30 |
|
31 |
PAX_MARKINGS=${PAX_MARKINGS:="none"} |
32 |
|
33 |
and added, |
34 |
|
35 |
PAX_MARKINGS="PT" |
36 |
|
37 |
to the hardened make.defaults? |
38 |
|
39 |
|
40 |
|
41 |
[1] There may be exceptions to this rule, but if we remove the PT |
42 |
default for non-hardened users, they can still set PAX_MARKINGS in |
43 |
make.conf if they want the markings. |