Gentoo Archives: gentoo-dev

From: "Michał Górny" <mgorny@g.o>
To: gentoo-dev <gentoo-dev@l.g.o>
Subject: [gentoo-dev] cdrom.eclass vs KEYWORDS
Date: Wed, 25 Sep 2019 20:14:56
1 Hi,
3 I'm wondering if we're doing the right things by adding KEYWORDS to
4 packages using cdrom.eclass. After all, it's somewhat similar to live
5 ebuilds. That is, data is fetched outside regular PM mechanisms (though
6 not implicitly through Internet, arguably) and it is not covered by any
7 checksums.
9 This creates a somewhat gaping security hole to anyone using those
10 packages. After all, the ebuilds are going to happily install any
11 malware you might have on that CD without even thinking twice about it.
12 In fact, with construction of many ebuilds it is entirely plausible that
13 additional unexpected files may end up being installed.
15 To be honest, I don't think this is a problem that could be fixed.
16 Technically, we could add some kind of, say, b2sum lists to ebuilds
17 and verify installed files against them. However, the way I understand
18 we frequently aim to support different releases of the same product,
19 that may have wildly differing checksums.
21 So maybe the most obvious solution would be to remove KEYWORDS from
22 ebuilds unconditionally using cdrom.eclass (and their reverse
23 dependencies), and mask USE=cdinstall on the rest.
25 WDYT?
27 --
28 Best regards,
29 Michał Górny


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-dev] cdrom.eclass vs KEYWORDS Mike Gilbert <floppym@g.o>
Re: [gentoo-dev] cdrom.eclass vs KEYWORDS "Robin H. Johnson" <robbat2@g.o>
Re: [gentoo-dev] cdrom.eclass vs KEYWORDS James Le Cuirot <chewi@g.o>