1 |
On Saturday 16 August 2003 11:46, Karsten Schulz wrote: |
2 |
> Hi all, |
3 |
> |
4 |
> At bugs.gentoo.org I attached an tarball with my version of an ebuild, |
5 |
> which automatically will install *only* those security updates, which are |
6 |
> relevant to your system (see |
7 |
> <http://bugs.gentoo.org/show_bug.cgi?id=5835>). |
8 |
> |
9 |
> The trick is the following code in the ebuild: |
10 |
> DEPEND=" |
11 |
> $(has_version 'nfs-utils' && echo '>=nfs-utils-1.0.4') |
12 |
> $(has_version 'gnupg' && echo '>=gnupg-1.2.2-r1') |
13 |
> " |
14 |
> this will create dependencies on the fly: Only if you have nfs-utils |
15 |
> installed, the new version with the bugfix will appear as a dependency. |
16 |
> Same with gnupg. |
17 |
> There is no need for new 'emerge' options or KEYWORDS. |
18 |
> |
19 |
> For his own system, the admin has to type in only: |
20 |
> emerge rsync |
21 |
> emerge security |
22 |
> |
23 |
> or, if he is interested in this stuff: |
24 |
> emerge rsync |
25 |
> emerge -p security |
26 |
> and followed by 'emerge security', if necessary. |
27 |
> |
28 |
> The only drawback at the moment is, that there is no automated way to |
29 |
> generate the value of the DEPEND variable by the GLSAs. Maybe here can |
30 |
> Marius' XML format help. With GLSAs in such a format, a simple script can |
31 |
> generate the security-ebuilds, the postings at forums.gentoo.org and the |
32 |
> mails in gentoo-announce! I would love to hear from some core developers |
33 |
> and others what you think (is it critical to use an ebuild, which does not |
34 |
> compile and install its own sourcecode, because it has none?). |
35 |
> |
36 |
> I know, that this can (and must) be improved in the future (more |
37 |
> information, references to advisories, signing the ebuild, a.s.o.), but at |
38 |
> the moment, this way seems to me to be an easy one, isn't it? |
39 |
> |
40 |
> Comments? |
41 |
|
42 |
Unfortunately dynamic dependencies in this style are not possible. I also |
43 |
believe that a more fundamental solution should be implemented. Probably in |
44 |
emerge itself. It should not really be hard. It should basically do what you |
45 |
propose from a dynamically generated list of insecure ebuilds. |
46 |
|
47 |
Paul |
48 |
|
49 |
-- |
50 |
Paul de Vrieze |
51 |
Gentoo Developer |
52 |
Mail: pauldv@g.o |
53 |
Homepage: http://www.devrieze.net |