date:20190808

[gentoo-dev] RFC: UID/GID assignment for logstash (270)

2019-08-08 Thread Tomas Mozes

I would like to reserve UID/GID 270 for logstash (app-admin/logstash-bin).

I haven't found the ID in other databases.

Pending PR:
https://github.com/gentoo/gentoo/pull/12375

Thanks,
Tomas

Re: [gentoo-dev] dynamic groups and users

2019-08-08 Thread Ulrich Mueller

> On Wed, 07 Aug 2019, Michał Górny wrote:

> On Tue, 2019-08-06 at 13:41 +0200, Jaco Kroon wrote:
>> Attaching.  It seems for some reason if I inline the patches they don't 
>> come through.  If I mail to myself only it works just fine.

> Actually, I think it should be changed the other way around.

enewuser() checks for EUID being 0 before it even enters that code.
So you can only create the root user if you are the root user already.

> I don't see any reason to prohibit having a user/group package for
> root.

Is creation of (additional) users with UID 0 a good idea from a
security point of view? Maybe it is better to explicitly forbid it?

Ulrich

signature.asc
Description: PGP signature

Re: [gentoo-dev] dynamic groups and users

2019-08-08 Thread Jaco Kroon


Hi Ulrich,


> >> I don't see any reason to prohibit having a user/group package for
>> root. > > Is creation of (additional) users with UID 0 a good idea
from a > security point of view? Maybe it is better to explicitly forbid
it? > I believe the current code already prevents re-use of an already
used UID value.  So this concern, whilst valid, is already addressed I
believe.

Kind Regards,
Jaco

[gentoo-dev] [PATCH] toolchain.eclass (do_gcc_CYGWINPORTS_patches): avoid bash-4.4ism

2019-08-08 Thread Michael Haubenwallner

Closes: https://bugs.gentoo.org/690686
---
 eclass/toolchain.eclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
index 6bc04b4cbfe..40d46ed0707 100644
--- a/eclass/toolchain.eclass
+++ b/eclass/toolchain.eclass
@@ -687,9 +687,9 @@ do_gcc_CYGWINPORTS_patches() {
[[ -n ${CYGWINPORTS_GITREV} ]] || return 0
use elibc_Cygwin || return 0
 
-   local -a patches
local p d="${WORKDIR}/gcc-${CYGWINPORTS_GITREV}"
-   readarray -t patches < <(sed -e '1,/PATCH_URI="/d;/"/,$d' < 
"${d}"/gcc.cygport)
+   # readarray -t is available since bash-4.4 only, #690686
+   local patches=( $(sed -e '1,/PATCH_URI="/d;/"/,$d' < 
"${d}"/gcc.cygport) )
for p in ${patches[*]}; do
epatch "${d}/${p}"
done
-- 
2.21.0

Re: [gentoo-dev] RFC: UID/GID assignment for logstash (270)

2019-08-08 Thread Michael Orlitzky

On 8/8/19 3:37 AM, Tomas Mozes wrote:
> 
> Pending PR:
> https://github.com/gentoo/gentoo/pull/12375
> 

Is the group-writability really needed here?

>  ACCT_USER_HOME_PERMS=0770

I don't think the existing ebuilds change the permissions on that
directory. In any case,

> keepdir "/var/lib/${MY_PN}"

is no longer needed because the user package will keepdir it.

Re: [gentoo-dev] [PATCH] toolchain.eclass (do_gcc_CYGWINPORTS_patches): avoid bash-4.4ism

2019-08-08 Thread Sergei Trofimovich

On Thu,  8 Aug 2019 12:53:37 +0200
Michael Haubenwallner  wrote:

> Closes: https://bugs.gentoo.org/690686
> ---
>  eclass/toolchain.eclass | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Looks good!

> diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
> index 6bc04b4cbfe..40d46ed0707 100644
> --- a/eclass/toolchain.eclass
> +++ b/eclass/toolchain.eclass
> @@ -687,9 +687,9 @@ do_gcc_CYGWINPORTS_patches() {
>   [[ -n ${CYGWINPORTS_GITREV} ]] || return 0
>   use elibc_Cygwin || return 0
>  
> - local -a patches
>   local p d="${WORKDIR}/gcc-${CYGWINPORTS_GITREV}"
> - readarray -t patches < <(sed -e '1,/PATCH_URI="/d;/"/,$d' < 
> "${d}"/gcc.cygport)
> + # readarray -t is available since bash-4.4 only, #690686
> + local patches=( $(sed -e '1,/PATCH_URI="/d;/"/,$d' < 
> "${d}"/gcc.cygport) )
>   for p in ${patches[*]}; do
>   epatch "${d}/${p}"
>   done
> -- 
> 2.21.0
> 
> 


-- 

  Sergei

[gentoo-dev] [PATCH] skel.ebuild: Use relative paths for directories.

2019-08-08 Thread Ulrich Müller

/usr/portage is no longer the default repository location.

Signed-off-by: Ulrich Müller 
---
This looks larger than it is, because most of it is caused by
rewrapping of paragraphs. The only text changes are:
"/usr/portage/eclass/"   -> "the eclass/ directory"
"/usr/portage/licenses/" -> "the licenses/ directory"
"/usr/portage/profiles/" -> "the profiles/ directory"

skel.ebuild | 25 +
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/skel.ebuild b/skel.ebuild
index 77337142ec36..9c9e6b366eb9 100644
--- a/skel.ebuild
+++ b/skel.ebuild
@@ -19,8 +19,8 @@ EAPI=7
 # without the following line:
 #inherit autotools
 #
-# eclasses tend to list descriptions of how to use their functions properly.
-# take a look at /usr/portage/eclass/ for more examples.
+# Eclasses tend to list descriptions of how to use their functions properly.
+# Take a look at the eclass/ directory for more examples.
 
 # Short one-line description of this package.
 DESCRIPTION="This is a sample skeleton ebuild file"
@@ -33,8 +33,8 @@ HOMEPAGE="https://foo.example.org/";
 SRC_URI="ftp://foo.example.org/${P}.tar.gz";
 
 
-# License of the package.  This must match the name of file(s) in
-# /usr/portage/licenses/.  For complex license combination see the developer
+# License of the package.  This must match the name of file(s) in the
+# licenses/ directory.  For complex license combination see the developer
 # docs on gentoo.org for details.
 LICENSE=""
 
@@ -52,14 +52,15 @@ LICENSE=""
 SLOT="0"
 
 # Using KEYWORDS, we can record masking information *inside* an ebuild
-# instead of relying on an external package.mask file.  Right now, you should
-# set the KEYWORDS variable for every ebuild so that it contains the names of
-# all the architectures with which the ebuild works.  All of the official
-# architectures can be found in the arch.list file which is in
-# /usr/portage/profiles/.  Usually you should just set this to "~amd64".
-# The ~ in front of the architecture indicates that the package is new and
-# should be considered unstable until testing proves its stability.  So, if
-# you've confirmed that your ebuild works on amd64 and ppc, you'd specify:
+# instead of relying on an external package.mask file.  Right now, you
+# should set the KEYWORDS variable for every ebuild so that it contains
+# the names of all the architectures with which the ebuild works.
+# All of the official architectures can be found in the arch.list file
+# which is in the profiles/ directory.  Usually you should just set this
+# to "~amd64".  The ~ in front of the architecture indicates that the
+# package is new and should be considered unstable until testing proves
+# its stability.  So, if you've confirmed that your ebuild works on
+# amd64 and ppc, you'd specify:
 # KEYWORDS="~amd64 ~ppc"
 # Once packages go stable, the ~ prefix is removed.
 # For binary packages, use -* and then list the archs the bin package
-- 
2.22.0



signature.asc
Description: PGP signature

[gentoo-dev] RFC: UID/GID assignment for logstash (270)

Re: [gentoo-dev] dynamic groups and users

Re: [gentoo-dev] dynamic groups and users

[gentoo-dev] [PATCH] toolchain.eclass (do_gcc_CYGWINPORTS_patches): avoid bash-4.4ism

Re: [gentoo-dev] RFC: UID/GID assignment for logstash (270)

Re: [gentoo-dev] [PATCH] toolchain.eclass (do_gcc_CYGWINPORTS_patches): avoid bash-4.4ism

[gentoo-dev] [PATCH] skel.ebuild: Use relative paths for directories.

7 matches

Site Navigation

Mail list logo

Footer information