| 1 |
Walter Dnes posted on Mon, 31 Dec 2012 01:44:25 -0500 as excerpted: |
| 2 |
|
| 3 |
> Moving USE flags from local to global status is frequently discussed |
| 4 |
> here, so this seems to be the right forum to raise the issue... |
| 5 |
> |
| 6 |
> [d531][waltdnes][~] grep suid /usr/portage/profiles/use.desc |
| 7 |
> suid - Enable setuid root program, with potential security risks |
| 8 |
> |
| 9 |
> [d531][waltdnes][~] grep :suid /usr/portage/profiles/use.local.desc |
| 10 |
> [several package hits] |
| 11 |
|
| 12 |
This is now routine. Try it with the "bindist" USE flag (and see the |
| 13 |
current thread), for instance. |
| 14 |
|
| 15 |
Promoting a flag to global does mean it gets a global description in |
| 16 |
use.desc, but per package descriptions (as now maintained in the per- |
| 17 |
package metadata.xml files, but there's a tree maintenance script that |
| 18 |
keeps use.local.desc current based on the metadata files, to keep the |
| 19 |
tools using it working) continue to be encouraged where they are useful, |
| 20 |
as they can often provide much more detailed per-package descriptions of |
| 21 |
what the flag actually does in that specific package, than the global |
| 22 |
description can. |
| 23 |
|
| 24 |
> BTW, I would've appreciated a headsup (news item) on Xorg getting the |
| 25 |
> "suid" USE flag. I use startx, and I couldn't start X <G>. |
| 26 |
|
| 27 |
OTOH, I followed the gentoo recommendation to do a dry run (emerge -- |
| 28 |
pretend or --ask) and actually LOOK at what's changing in terms of USE |
| 29 |
flags, etc, look any of the new ones up I'm not sure on (equery uses |
| 30 |
<pkg> in another terminal works), then if necessary, say "no" to the -- |
| 31 |
ask and make USE flag changes, etc, before going ahead with the "live" |
| 32 |
run. |
| 33 |
|
| 34 |
As such, I saw the change (which is even colored differently so it's easy |
| 35 |
to pick out), did a quick equery uses xorg-server in a different window |
| 36 |
to see what was going on, and decided to go ahead. In my case, I didn't |
| 37 |
have USE=suid set at all in make.conf, so the xorg-server ebuild's use- |
| 38 |
default to ON was in effect, and I didn't have a problem. |
| 39 |
|
| 40 |
(I was curious, however, as I'd been reading about running X as non-root, |
| 41 |
and after seeing that the upgrade did work with the same SUID executable |
| 42 |
it had before, I remerged without SUID to try it out, much faster the |
| 43 |
second time with ccache and since I wasn't doing other builds at the same |
| 44 |
time. THEN I ran into the problem you did, but that was the only change |
| 45 |
I made and it was deliberate, so I knew the problem and could immediately |
| 46 |
undo it.) |
| 47 |
|
| 48 |
Gentoo isn't a hand-holding distro. The changes were there to be seen in |
| 49 |
the recommended emerge --pretend or --ask, and adjusted if needed before |
| 50 |
hand, and you chose not to take advantage of that. I guess some people |
| 51 |
just have to find out the hard way why such recommendations are there. |
| 52 |
|
| 53 |
Of course, if you prefer a distro that makes such decisions (and takes |
| 54 |
responsibility for them accordingly) for you, there's plenty of distros |
| 55 |
around that offer more of that than gentoo does. If you don't have the |
| 56 |
time or patience to do the dry-runs and check changes before going thru |
| 57 |
with them, perhaps one of those would be more appropriate. There's no |
| 58 |
shame in deciding that gentoo's simply not an appropriate distro for your |
| 59 |
needs, and choosing one of the others instead. |
| 60 |
|
| 61 |
All that said, more documentation and warning wouldn't have hurt, and the |
| 62 |
news feature was designed for exactly this sort of thing. Except that |
| 63 |
the package maintainer has to think of it, and I guess they didn't in |
| 64 |
this case. But it still shouldn't have been a problem as a responsible |
| 65 |
admin had plenty of warning already, via the USE flag change itself. |
| 66 |
|
| 67 |
> Fortunately, |
| 68 |
> that was on my netbook, and I was able to Google the solution on my |
| 69 |
> desktop machine... http://en.spontex.org/forum/thread/561/1/ I'm |
| 70 |
> posting a heads up on the user list. |
| 71 |
|
| 72 |
-- |
| 73 |
Duncan - List replies preferred. No HTML msgs. |
| 74 |
"Every nonfree program has a lord, a master -- |
| 75 |
and if you use the program, he is your master." Richard Stallman |
Archives