the current version of kmod.eclass has an information message that could cause frustration if someone actually followed it. It is useful to use kmod in ebuilds right now. But most current ebuilds won't work if a user follows the recommended directions and changes the kernel output directory. So I propose temporarily changing the wording. Once more of the ebuilds are migrated over to kmod then the original wording can be restored. The current wording is: "Due to the 2.6 kernel build system, external module compilation" "with a normal setup requires write access to ${KERNEL_DIR}" "There are several ways to fix/prevent this." "Users can willingly let portage make this writable by doing" "# config-kernel --allow-writable yes" "However, this is considered a security risk!" "" "The prefered method is to enable Gentoo's new 'koutput' method" "for kernel modules. See the doc" "http://www.gentoo.org/doc/en/2.6-koutput-user.xml" "To enable this, you'll need to run" "# config-kernel --output-dir /var/tmp/kernel-output" "and then install a new kernel" I propose changing it to: "Due to the 2.6 kernel build system, external module compilation" "with a normal setup requires write access to ${KERNEL_DIR}" "There is a secure way to handle these external modules being" "worked on, but it isn't ready yet." "" "In the meantime, for this ebuild and a few others you can make" "${KERNEL_DIR} writable by doing" "# config-kernel --allow-writable yes" "This is considered a security risk!" "" "Many other kernel module ebuilds don't have support for" "config-kernel --allow-writable so if you see sandbox errors" "while building other kernel modules you'll need to disable the" "sandbox by doing" "# FEATURES='-sandbox' emerge" "This is a even larger security risk!" Reproducible: Always Steps to Reproduce:
More info on this can be found here: bug #32737 bug #40933 http://dev.gentoo.org/~latexer/files/koutput/ http://www.gentoo.org/doc/en/2.6-koutput.xml http://www.gentoo.org/doc/en/2.6-koutput-user.xml ebuilds currently using or considering kmod: # find -name "*.ebuild" -exec grep -H -e 'inherit.*kmod' "{}" \; media-video/nvidia-kernel/nvidia-kernel-1.0.5336-r3.ebuild:inherit eutils kmod sys-fs/lufs/lufs-0.9.7-r1.ebuild:inherit kmod eutils sys-fs/submount/submount-0.9.ebuild:inherit kmod x11-base/xfree-drm/xfree-drm-4.3.0-r8.ebuild:#inherit kmod
kmod.eclass is being re-written