Gnupg does not need to be suid since kernel 2.6.9. It is possilbe since this version of the kernel to lock the required 32kb of memory without root privileges. See this thread on lkml: http://marc.theaimsgroup.com/?l=linux-kernel&m=109167907532562&w=2 The patch went into the kernel here: http://linux.bkbits.net:8080/linux-2.6/diffs/include/linux/resource.h@1.3?nav=index.html|src/|src/include/linux|hist/include/linux/resource.h and was shipped with 2.6.9 after that: http://linux.bkbits.net:8080/linux-2.6/cset@1.1938.156.17?nav=index.html|tags This means that the ebuild could check for kernel version >= 2.6.9 and not suid the executable then. This might make a few sysadmins happier.
this is a good idea. I'm struggling to work out a good way to implement. All the kernel test functions from the linux-info seem to die if the kernel is not configured.
I had a bit of a rough time with it too. Perhaps using linux-mod helps?
Created attachment 66442 [details] gnupg ebuild with version check for kernel >= 2.6.9 simple check for version >= 2.6.9 as suggested using kernel-mod eclass (linux-mod deprecated)
Created attachment 66470 [details] gnupg-1.4.2.ebuild - Updated the proposed ebuild to match the current gnupg-1.4.2-r2.ebuild in tree. - Simplified kernel version matching (basing on already parsed values by kernel-mod)
k - fixed kernel-mod is deprecated and replaced with linux-mod. These are realy for modules For general kernel info use linux-info.