407503 – pax-utils.eclass: try to downgrade from elog to einfo (or eqa) pax-mark info on non-hardened systems

Bug 407503 - pax-utils.eclass: try to downgrade from elog to einfo (or eqa) pax-mark info on non-hardened systems

Summary: pax-utils.eclass: try to downgrade from elog to einfo (or eqa) pax-mark info ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-03-09 07:49 UTC by Pacho Ramos
Modified:	2012-04-06 19:26 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pacho Ramos gentoo-dev

2012-03-09 07:49:10 UTC

Hello

I am a bit tired of seen my /var/log/portage/elog/summary.log flooded of pax marking messages when updating, for example, icedtea-bin. Are that messages really useful for people not using hardened at all? Could them be downgraded to "eqa" or "einfo" for non-hardened systems?

Thanks a lot :-)

Reproducible: Always

Comment 1 Anthony Basile gentoo-dev

2012-03-09 11:05:22 UTC

(In reply to comment #0)
> Hello
> 
> I am a bit tired of seen my /var/log/portage/elog/summary.log flooded of pax
> marking messages when updating, for example, icedtea-bin. Are that messages
> really useful for people not using hardened at all? Could them be downgraded
> to "eqa" or "einfo" for non-hardened systems?
> 
> Thanks a lot :-)
> 
> Reproducible: Always

Okay I'll look at that.  However, your request isn't as simple as just adding a "if use hardened; then" because its really about a pax_kernel --- hardened refers to the toolchain, pax_kernel refers to the kernel.  That's a relatively new flag and not global.  Would just downgrading to einfo for everyone be sufficient?

Comment 2 Pacho Ramos gentoo-dev

2012-03-09 19:25:56 UTC

I think so since, if I don't misremember, einfo messages aren't logged by default

Comment 3 Pacho Ramos gentoo-dev

2012-04-02 22:27:13 UTC

Do you want me to downgrade it to "einfo" for all the cases? (would be enough for me :))

Comment 4 Anthony Basile gentoo-dev

2012-04-03 07:45:45 UTC

(In reply to comment #3)
> Do you want me to downgrade it to "einfo" for all the cases? (would be
> enough for me :))

I've been meaning to test this for a while.  I'll do it first thing tomorrow :)

Comment 5 Anthony Basile gentoo-dev

2012-04-03 13:33:20 UTC

(In reply to comment #3)
> Do you want me to downgrade it to "einfo" for all the cases? (would be
> enough for me :))

I'll commit the following in a few days after email gentoo-dev@.  I drops all elog's to einfo's.

--- pax-utils.eclass.orig	2012-04-03 09:29:41.000000000 -0400
+++ pax-utils.eclass	2012-04-03 09:30:49.000000000 -0400
@@ -58,8 +58,8 @@
 	# Try paxctl, then scanelf.  paxctl is preferred.
 	if type -p paxctl > /dev/null && has PT ${PAX_MARKINGS}; then
 		# Try paxctl, the upstream supported tool.
-		elog "PT PaX marking -${flags}"
-		_pax_list_files elog "$@"
+		einfo "PT PaX marking -${flags}"
+		_pax_list_files einfo "$@"
 		for f in "$@"; do
 			# First, try modifying the existing PAX_FLAGS header
 			paxctl -q${flags} "${f}" && continue
@@ -91,8 +91,8 @@
 	elif type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then
 		# Try scanelf, the Gentoo swiss-army knife ELF utility
 		# Currently this sets PT if it can, no option to control what it does.
-		elog "Fallback PaX marking -${flags}"
-		_pax_list_files elog "$@"
+		einfo "Fallback PaX marking -${flags}"
+		_pax_list_files einfo "$@"
 		scanelf -Xxz ${flags} "$@"
 	elif [[ ${PAX_MARKINGS} != "none" ]]; then
 		# Out of options!

Comment 6 Anthony Basile gentoo-dev

2012-04-06 19:14:37 UTC

Committed.

Comment 7 Pacho Ramos gentoo-dev

2012-04-06 19:26:00 UTC

Nice :)