Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 946238 - hardened profile: dev-lang/python[gdbm] is redundant
Summary: hardened profile: dev-lang/python[gdbm] is redundant
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Profiles (show other bugs)
Hardware: All All
: Normal minor
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-12-11 04:05 UTC by zoning_idiom845
Modified: 2024-12-11 18:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zoning_idiom845 2024-12-11 04:05:26 UTC 
The hardened-profile package.use declares "dev-lang/python gdbm". USE="gdbm" is already part of the base-profile make.defaults, so it is no longer necessary for the hardened profile to declare it.

The problem arises when other profiles, such as musl, declare USE="-gdbm" and are overridden by the hardened-profile. This override does not seem intentional! It seems to stem from a python interaction that causes gdbm to be used over berkdb (the previous, less secure, default), therefore hardening it. However, as stated prior, this is no longer necessary and may cause regressions in a parent profile.

---

P.S. The musl-profile USE="-gdbm" itself might be outdated. It *may* have stemmed from a time where gdbm could not be compiled without glibc.