1 |
Jason Stubbs writes: |
2 |
| |
3 |
| Unfortunately, that is *too* correct. Unfortunate in that both |
4 |
| --depclean and --update only consider USE flags defined in make.conf and |
5 |
| package.use (and embedded in .tbz2s when using binaries). This means |
6 |
| that if package "foo" depends on package "bar" due to USE flag "baz" |
7 |
| being enabled at install time and "baz" is subsequently disabled, "bar" |
8 |
| becomes an orphaned package as far as the graph goes - even though it is |
9 |
| still required. |
10 |
| |
11 |
| What does this mean in terms of security? The "only install what you |
12 |
| need" rule is twice as important. Until portage is a little smarter, I |
13 |
| would consider a "healthy" system to be one where `emerge -uDNvp world` |
14 |
| shows no differing USE flags and both `emerge -p --depclean` and |
15 |
| `revdep-rebuild -p` show no packages. |
16 |
| |
17 |
|
18 |
|
19 |
eeek! depclean wants to remove portmap and screen and all this other |
20 |
stuff I need. Ah, because it isnt in /var/lib/portage/world I |
21 |
guess... it seems Ive overestimated emerge's work. |
22 |
|
23 |
|
24 |
Ok, so just to get this _totally_ clear, I should: |
25 |
|
26 |
|
27 |
* manally place package names I need in /var/lib/portage/world |
28 |
|
29 |
* check my install with |
30 |
emerge sync |
31 |
emerge -uDNpv world |
32 |
revdep-rebuild -p |
33 |
glsa-check -l |& grep '\[N\]' |
34 |
|
35 |
* update any packages listed by those last 3 commands |
36 |
|
37 |
|
38 |
Maybe Im just too lazy, but there must be a set of 'best' commands |
39 |
to update/check a system documented/written down somewhere? Hopefully |
40 |
in a possibly automated way. If there isnt, then lets try and cobble |
41 |
one together. :) |
42 |
|
43 |
|
44 |
Ah, the simple days when I'd get a list of packages I wanted to keep, |
45 |
remove them from an rpm -qa and then keep trying to remove every |
46 |
package left until there was no change (and depend on dependancy |
47 |
trees to keep stuff that I need). :) |
48 |
|
49 |
|
50 |
cheers, |
51 |
cam |
52 |
|
53 |
|
54 |
-- |
55 |
/ `Rev Dr' cam at darkqueen.org Roleplaying, virtual goth \ |
56 |
< http://darkqueen.org Poly, *nix, Python, C/C++, genetics, ATM > |
57 |
\ [+61 3] 9809 1523[h] skeptic, Evil GM(tm). Sysadmin for hire / |
58 |
---------- Random Quote ---------- |
59 |
Rev. Jim: What does an amber light mean? |
60 |
Bobby: Slow down. |
61 |
Rev. Jim: What... does... an... amber... light... mean? |
62 |
Bobby: Slow down. |
63 |
Rev. Jim: What.... does.... an.... amber.... light.... |
64 |
-- |
65 |
gentoo-security@g.o mailing list |