hese are the packages that would be merged, in order: 000004 000005 Calculating dependencies ..... ..... ..... done! 000006 [ebuild U ] net-misc/openssh-4.6_p1-r2 [4.5_p1-r1] USE="X kerberos ldap pam tcpd -X509 -chroot -hpn -libedit (-selinux) -skey -smartcard -static" 945 kB 000007 000008 Total: 1 package (1 upgrade), Size of downloads: 945 kB 000009 000010 >>> Verifying ebuild Manifests... 000011 000012 >>> Emerging (1 of 1) net-misc/openssh-4.6_p1-r2 to / 000013 >>> Downloading 'http://61.135.158.199/distfiles/openssh-4.6p1.tar.gz' 000014 --22:00:20-- http://61.135.158.199/distfiles/openssh-4.6p1.tar.gz 000015 => `/usr/portage/distfiles/openssh-4.6p1.tar.gz' 000016 Connecting to 61.135.158.199:80... 000017 HTTP ... 200 OK 000018 967,395 (945K) [application/x-gzip] 000019 000020 100%[====================================>] 967,395 22.57K/s ETA 00:00 000021 000022 22:00:58 (24.61 KB/s) - `/usr/portage/distfiles/openssh-4.6p1.tar.gz' saved [967395/967395] 000023 000024 * checking ebuild checksums ;-) ... [ ok ] 000025 * checking auxfile checksums ;-) ... [ ok ] 000026 * checking miscfile checksums ;-) ... [ ok ] 000027 * checking openssh-4.6p1.tar.gz ;-) ... [ ok ] 000028 * Sorry, but this version does not yet support features 000029 * that you requested: ldap 000030 * Please mask openssh-4.6_p1-r2 for now and check back later: 000031 * # echo '=net-misc/openssh-4.6_p1-r2' >> /etc/portage/package.mask 000032 000033 !!! ERROR: net-misc/openssh-4.6_p1-r2 failed. 000034 Call stack: 000035 ebuild.sh, line 1648: Called dyn_setup 000036 ebuild.sh, line 714: Called qa_call 'pkg_setup' 000037 ebuild.sh, line 44: Called pkg_setup 000038 openssh-4.6_p1-r2.ebuild, line 64: Called die 000039 000040 !!! booooo 000041 !!! If you need support, post the topmost build error, and the call stack if relevant. 000042 !!! A complete build log is located at '/var/tmp/portage/net-misc/openssh-4.6_p1-r2/temp/build.log'. 000043
vanessz: Please actually write a decent summary next time you file a bug. While there is indeed the error message, in the best of all worlds it should never happen that an ebuild errors out this way. Especially since the ldap use flag is set by default in our profiles. I don't know who chose to do so, but it was a very bad choice. Better actions would have been not to mark the ebuild stable until the issue is sorted out or to place a message in the appropriate channels (GWN, announcement list, forums) and remove the ldap use flag.
Removal of the ldap USE flag is not a proper solution, unless it is done on a per-package basis. If we can't get the LDAP patch ported in a timely manner, maybe we should really revisit why we're deviating from upstream in the first place.
public announcements mean squat when someone upgrades their openssh only to find they cant log in anymore ... that is exactly what happens when something like USE=ldap gets silently dropped from a core package like openssh
See my comment http://bugs.gentoo.org/show_bug.cgi?id=183958#c13 Stabilizing everything up to -4.5* seems to be OK, but 4.6* simply doesn't work with "ldap" in USE which is a profile default ... // default-linux/x86/2007.0/desktop/make.defaults Of course I can either mask 4.6* or add "-ldap" to "package.use", but I simply can't understand the strategy behind this "stabilizing all". I guess that currently quite a lot of "gentoo users" will get a "booo" when "updating world". Could someone explain, whether this is by intention, i. e. a method to inform users that they should remove "ldap" from openssh USE, or not. Axel
maybe if you read this bug (comment #3) you'd find all your questions already answered user convenience loses here
Can you please explain better comment #3? I am not sure I understand what you are suggesting with that
New patch is available. http://dev.inversepath.com/openssh-lpk/openssh-lpk-4.6p1-0.3.9.patch Re-assigning since I really don't have time for it.
(In reply to comment #6) > Can you please explain better comment #3? I am not sure I understand what you > are suggesting with that That removing USE=ldap to avoid this issue is a Bad Idea (TM) :P
(In reply to comment #8) > (In reply to comment #6) > > Can you please explain better comment #3? I am not sure I understand what you > > are suggesting with that > > That removing USE=ldap to avoid this issue is a Bad Idea (TM) :P > Yeah I think that for example the Gentoo infra runs openssh with LDAP support.
I still don't get ist. If updating to 4.6* would solve a security issue, I would understand the need/pressure to stabilize it. But actually most users will get "booo-ed", because of "ldap" in USE and will furthermore get the suggestion to mask 4.6*. So it can't be a security issue. The obvious question is Why are you stabilizing 4.6*, althought it is known to not build for almost everyone?" and not Should "ldap" be removed from openssh USE? Axel
Andrea: remind me to stab you next time i see you added updated patch to 4.6_p1-r3