Bug 201673 - net-firewall/nufw: use install_cert in pkg_postinst
|
Bug#:
201673
|
Product: Gentoo Linux
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: VERIFIED
|
Severity: normal
|
Priority: P3
|
|
Resolution: FIXED
|
Assigned To: cedk@gentoo.org
|
Reported By: rbu@gentoo.org
|
|
Component: Ebuilds
|
|
|
URL:
|
|
Summary: net-firewall/nufw: use install_cert in pkg_postinst
|
|
Keywords: SECURITY
|
|
Status Whiteboard:
|
|
Opened: 2007-12-08 14:38 0000
|
Installation of SSL certificates in src_install might expose the secret
keys when building binary packages (bug 174759).
Please update the package mentioned in this bug's title to use the new
"install_cert" function of ssl-cert.eclass, and use it only in
your pkg_postinst or pkg_config.
This bug is for keeping track of specific changes to your ebuilds
and stabling, general questions about this should be discussed in
bug 174759.
Our aim is to have fixed ebuilds in the tree by Dec. 23rd, otherwise
we will commit this minor change. Stabling should be done two weeks after the
commit, at last around Jan, 6th.
> Our aim is to have fixed ebuilds in the tree by Dec. 23rd, otherwise
> we will commit this minor change.
Just a reminder; I would prefer if package maintainers fixed this for their
packages. So I'll wait for another week before committing the change myself.
(In reply to comment #2)
> Fix in cvs
Not really... The final goal is that we remove docert() from ssl-cert.eclass.
So I guess it should be something like the following:
pkg_postinst() {
install_cert /etc/nufw/{nufw,nuauth}
}
Reopening.
> Fix again in cvs
Thank you.
@security: Package was never stable.
