Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 691376 - app-misc/pip3line[distorm]: tries to fetch over the network
Summary: app-misc/pip3line[distorm]: tries to fetch over the network
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-04 07:06 UTC by Michał Górny
Modified: 2019-09-30 12:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-08-04 07:06:06 UTC 
-- Configuring the Distorm plugin --
-- fetching distorm
Cloning into '/tmp/portage/app-misc/pip3line-3.6.0/work/pip3line-3.6.0/defaultplugins/distormplugin/../../ext/distorm'...
fatal: unable to access 'https://github.com/gdabah/distorm.git/': Could not resolve: github.com (Could not contact DNS servers)
CMake Error at defaultplugins/distormplugin/CMakeLists.txt:94 (message):
  git clone failed: 128

            
-- Configuring incomplete, errors occurred!
See also "/tmp/portage/app-misc/pip3line-3.6.0/work/pip3line-3.6.0_build/CMakeFiles/CMakeOutput.log".


1. Internet access is not guaranteed at build time.
2. You are not supposed to fetch stuff behind user's backs.
3. Fetching HEAD of git repos without any kind of checksum verification is a huge security hole.
Comment 1 Gabriel Caudrelier 2019-08-04 20:42:26 UTC 
So what's the solution ?

How do I download a second package from another github source ?

Having two SRC_URI is not documented, so this must be forbidden.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-08-04 20:51:48 UTC 
(In reply to Gabriel Caudrelier from comment #1)
> So what's the solution ?
> 
> How do I download a second package from another github source ?
> 
> Having two SRC_URI is not documented, so this must be forbidden.

There is a big difference between something not being documented, and you not bothering to search through the documentation.  Also, you are expected to be able to look through existing ebuilds for solutions, not expect everyone else to do everything for you.

https://devmanual.gentoo.org/ebuild-writing/variables/index.html#src_uri
https://projects.gentoo.org/pms/7/pms.html#x1-620007.3
Comment 3 Gabriel Caudrelier 2019-08-04 21:24:46 UTC 
(In reply to Michał Górny from comment #2)
> There is a big difference between something not being documented, and you
> not bothering to search through the documentation.  Also, you are expected
> to be able to look through existing ebuilds for solutions, not expect
> everyone else to do everything for you.
> 
> https://devmanual.gentoo.org/ebuild-writing/variables/index.html#src_uri
> https://projects.gentoo.org/pms/7/pms.html#x1-620007.3

This package was reviewed 4 times already by 3 different Gentoo developers.

At this point I assumed this was the correct way to do it, so there was no reason to look in to the documentation any further.

I was looking into this anyways, but never got the time to update it. I will come up with something more acceptable.
Comment 4 Gabriel Caudrelier 2019-08-04 22:06:58 UTC 
This package is going to be removed from the Gentoo tree.
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-08-05 03:33:41 UTC 
Don't close bugs as long as the package is there.