Bug 187594 - net-misc/openssh-4.6_p1-r2 needs an updated ldap patch
|
Bug#:
187594
|
Product: Gentoo Linux
|
Version: 2007.0
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: normal
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: base-system@gentoo.org
|
Reported By: tjzero@126.com
|
|
Component: Ebuilds
|
|
|
URL:
|
|
Summary: net-misc/openssh-4.6_p1-r2 needs an updated ldap patch
|
|
Keywords:
|
|
Status Whiteboard:
|
|
Opened: 2007-08-03 14:17 0000
|
hese are the packages that would be merged, in order:
000004
000005 Calculating dependencies ..... ..... ..... done!
000006 [ebuild U ] net-misc/openssh-4.6_p1-r2 [4.5_p1-r1] USE="X kerberos
ldap pam tcpd -X509 -chroot -hpn -libedit (-selinux) -skey -smartcard -static"
945 kB
000007
000008 Total: 1 package (1 upgrade), Size of downloads: 945 kB
000009
000010 >>> Verifying ebuild Manifests...
000011
000012 >>> Emerging (1 of 1) net-misc/openssh-4.6_p1-r2 to /
000013 >>> Downloading 'http://61.135.158.199/distfiles/openssh-4.6p1.tar.gz'
000014 --22:00:20-- http://61.135.158.199/distfiles/openssh-4.6p1.tar.gz
000015 => `/usr/portage/distfiles/openssh-4.6p1.tar.gz'
000016 Connecting to 61.135.158.199:80...
000017 HTTP ... 200 OK
000018 967,395 (945K) [application/x-gzip]
000019
000020 100%[====================================>] 967,395 22.57K/s
ETA 00:00
000021
000022 22:00:58 (24.61 KB/s) - `/usr/portage/distfiles/openssh-4.6p1.tar.gz'
saved [967395/967395]
000023
000024 * checking ebuild checksums ;-) ...
[ ok ]
000025 * checking auxfile checksums ;-) ...
[ ok ]
000026 * checking miscfile checksums ;-) ...
[ ok ]
000027 * checking openssh-4.6p1.tar.gz ;-) ...
[ ok ]
000028 * Sorry, but this version does not yet support features
000029 * that you requested: ldap
000030 * Please mask openssh-4.6_p1-r2 for now and check back later:
000031 * # echo '=net-misc/openssh-4.6_p1-r2' >> /etc/portage/package.mask
000032
000033 !!! ERROR: net-misc/openssh-4.6_p1-r2 failed.
000034 Call stack:
000035 ebuild.sh, line 1648: Called dyn_setup
000036 ebuild.sh, line 714: Called qa_call 'pkg_setup'
000037 ebuild.sh, line 44: Called pkg_setup
000038 openssh-4.6_p1-r2.ebuild, line 64: Called die
000039
000040 !!! booooo
000041 !!! If you need support, post the topmost build error, and the call
stack if relevant.
000042 !!! A complete build log is located at
'/var/tmp/portage/net-misc/openssh-4.6_p1-r2/temp/build.log'.
000043
vanessz: Please actually write a decent summary next time you file a bug.
While there is indeed the error message, in the best of all worlds it should
never happen that an ebuild errors out this way. Especially since the ldap use
flag is set by default in our profiles. I don't know who chose to do so, but it
was a very bad choice.
Better actions would have been not to mark the ebuild stable until the issue is
sorted out or to place a message in the appropriate channels (GWN, announcement
list, forums) and remove the ldap use flag.
Removal of the ldap USE flag is not a proper solution, unless it is done on a
per-package basis. If we can't get the LDAP patch ported in a timely manner,
maybe we should really revisit why we're deviating from upstream in the first
place.
public announcements mean squat when someone upgrades their openssh only to
find they cant log in anymore ... that is exactly what happens when something
like USE=ldap gets silently dropped from a core package like openssh
See my comment
http://bugs.gentoo.org/show_bug.cgi?id=183958#c13
Stabilizing everything up to -4.5* seems to be OK, but 4.6* simply doesn't
work with "ldap" in USE which is a profile default ...
// default-linux/x86/2007.0/desktop/make.defaults
Of course I can either mask 4.6* or add "-ldap" to "package.use",
but I simply can't understand the strategy behind this "stabilizing all".
I guess that currently quite a lot of "gentoo users" will get a "booo"
when "updating world".
Could someone explain, whether this is by intention, i. e. a method
to inform users that they should remove "ldap" from openssh USE,
or not.
Axel
maybe if you read this bug (comment #3) you'd find all your questions already
answered
user convenience loses here
Can you please explain better comment #3? I am not sure I understand what you
are suggesting with that
(In reply to comment #6)
> Can you please explain better comment #3? I am not sure I understand what you
> are suggesting with that
That removing USE=ldap to avoid this issue is a Bad Idea (TM) :P
(In reply to comment #8)
> (In reply to comment #6)
> > Can you please explain better comment #3? I am not sure I understand what you
> > are suggesting with that
>
> That removing USE=ldap to avoid this issue is a Bad Idea (TM) :P
>
Yeah I think that for example the Gentoo infra runs openssh with LDAP support.
I still don't get ist.
If updating to 4.6* would solve a security issue, I would understand
the need/pressure to stabilize it.
But actually most users will get "booo-ed", because of "ldap" in USE
and will furthermore get the suggestion to mask 4.6*.
So it can't be a security issue.
The obvious question is
Why are you stabilizing 4.6*, althought it is known to not build
for almost everyone?"
and not
Should "ldap" be removed from openssh USE?
Axel
Andrea: remind me to stab you next time i see you
added updated patch to 4.6_p1-r3
