Installation of SSL certificates in src_install might expose the secret keys when building binary packages (bug 174759). Please update the package mentioned in this bug's title to use the new "install_cert" function of ssl-cert.eclass, and use it only in your pkg_postinst or pkg_config. This bug is for keeping track of specific changes to your ebuilds and stabling, general questions about this should be discussed in bug 174759. Our aim is to have fixed ebuilds in the tree by Dec. 23rd, otherwise we will commit this minor change. Stabling should be done two weeks after the commit, at last around Jan, 6th.
Fixed in cyrus-imapd-2.3.9-r1.
NB, install_cert takes care of ROOT and creates directories if necessary. - dodir "${ROOT:-/}"etc/ssl/cyrus - insinto "${ROOT:-/}"etc/ssl/cyrus/ - install_cert "${ROOT:-/}"etc/ssl/cyrus/server + install_cert /etc/ssl/cyrus/server > This bug is for keeping track of specific changes to your ebuilds > and stabling, [...] Please leave this bug open since 2.3.9-r1 has to be stabilised.
(In reply to comment #2) > NB, install_cert takes care of ROOT and creates directories if necessary. > > - dodir "${ROOT:-/}"etc/ssl/cyrus > - insinto "${ROOT:-/}"etc/ssl/cyrus/ > - install_cert "${ROOT:-/}"etc/ssl/cyrus/server > + install_cert /etc/ssl/cyrus/server Fixed.
Please stabilise =net-mail/cyrus-imapd-2.3.9-r1.
ppc and ppc64 done
x86 stable
(In reply to comment #4) > Please stabilise =net-mail/cyrus-imapd-2.3.9-r1. > plus the following ones: =net-mail/cyrus-imap-admin-2.3.9 =dev-libs/cyrus-imap-dev-2.3.9
ppc64 on both the extra pkgs
sparc stable except =dev-libs/cyrus-imap-dev-2.3.9 which was never stable
dev-libs/cyrus-imap-dev-2.3.9 (snmp ssl tcpd) net-mail/cyrus-imap-admin-2.3.9 (ssl) net-mail/cyrus-imapd-2.3.9-r1 (idled pam snmp ssl tcpd) 1. Packages emerge on AMD64. 2. No collisions. 3. Packages include no tests emerge --info: Portage 2.1.3.19 (selinux/2007.0/amd64/hardened, gcc-3.4.6, glibc-2.6.1-r0, 2.6.20-hardened-r5 x86_64) ================================================================= System uname: 2.6.20-hardened-r5 x86_64 Intel(R) Xeon(TM) CPU 3.20GHz Timestamp of tree: Thu, 03 Jan 2008 04:46:01 +0000 app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.61-r1 sys-devel/automake: 1.7.9-r1, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -fforce-addr" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild/etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -fforce-addr" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages loadpolicy metadata-transfer parallel-fetch sandbox selinux sesandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.gentoo-pt.org/pub/gentoo ftp://mirrors1.netvisao.pt/gentoo/ http://trumpetti.tut.atm.fi/gentoo/" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="amd64 berkdb bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm hardened iconv ipv6 isdnlog logrotate midi mmx mudflap ncurses nls nptl nptlonlyopenmp pam pcre perl pic pppd python readline reflection selinux session spl sse sse2 ssl tcpd test truetype truetype-fonts type1-fonts unicode vhosts xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i810 mach64 mga neomagic nv r128 radeon rendition s3 s3virge savagesiliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Stable for HPPA.
amd64 stable
ppc stable, closing
Hm, cyrus-imapd-2.2.13-r1 should be punted, since we want to remove "docert" from ssl-cert.eclass.
(In reply to comment #15) > Hm, cyrus-imapd-2.2.13-r1 should be punted, since we want to remove "docert" > from ssl-cert.eclass. > i'll remove it in a few days.
> > Hm, cyrus-imapd-2.2.13-r1 should be punted, since we want to remove > > "docert" from ssl-cert.eclass. > > i'll remove it in a few days. Reopening until then.
(In reply to comment #17) > > > Hm, cyrus-imapd-2.2.13-r1 should be punted, since we want to remove > > > "docert" from ssl-cert.eclass. > > > > i'll remove it in a few days. > > Reopening until then. > Done and closed again. bugspam++
