Gentoo Archives: gentoo-security

From: Cameron Blackwood <korg@×××××××××.org>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernels and GLSAs
Date: Thu, 22 Sep 2005 03:51:32
Jason Stubbs writes:
  | Unfortunately, that is *too* correct. Unfortunate in that both 
  | --depclean and --update only consider USE flags defined in make.conf and 
  | package.use (and embedded in .tbz2s when using binaries). This means 
  | that if package "foo" depends on package "bar" due to USE flag "baz" 
  | being enabled at install time and "baz" is subsequently disabled, "bar" 
  | becomes an orphaned package as far as the graph goes - even though it is 
  | still required.
  | What does this mean in terms of security? The "only install what you 
  | need" rule is twice as important. Until portage is a little smarter, I 
  | would consider a "healthy" system to be one where `emerge -uDNvp world` 
  | shows no differing USE flags and both `emerge -p --depclean` and 
  | `revdep-rebuild -p` show no packages.

eeek! depclean wants to remove portmap and screen and all this other
stuff I need.  Ah, because it isnt in /var/lib/portage/world I
guess... it seems Ive overestimated emerge's work.

Ok, so just to get this _totally_ clear, I should: 

   * manally place package names I need in /var/lib/portage/world

   * check my install with
        emerge sync
        emerge -uDNpv world
        revdep-rebuild -p
        glsa-check -l |& grep '\[N\]'

   * update any packages listed by those last 3 commands

Maybe Im just too lazy, but there must be a set of 'best' commands 
to update/check a system documented/written down somewhere? Hopefully
in a possibly automated way. If there isnt, then lets try and cobble
one together. :)

Ah, the simple days when I'd get a list of packages I wanted to keep,
remove them from an   rpm -qa   and then keep trying to remove every
package left until there was no change (and depend on dependancy
trees to keep stuff that I need). :)


 / `Rev Dr'   cam  at            Roleplaying, virtual goth \
<        Poly, *nix, Python, C/C++, genetics, ATM  >
 \  [+61 3] 9809 1523[h]         skeptic, Evil GM(tm). Sysadmin for hire /
                      ---------- Random Quote ----------
Rev. Jim:	What does an amber light mean?                                 
Bobby:		Slow down.
Rev. Jim:	What...   does...  an...  amber...  light...  mean?
Bobby:		Slow down.
Rev. Jim:	What....     does....     an....     amber....     light....
gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Kernels and GLSAs Kevin Bryan <bryank@××××××.edu>