Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 310201

Summary: net-firewall/ipset: don't use epatch_user
Product: Gentoo Linux Reporter: Piotr Piróg <pirogpiotr>
Component: New packagesAssignee: Peter Volkov (RETIRED) <pva>
Status: RESOLVED NEEDINFO    
Severity: minor CC: robbat2
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Patch for ipset ebuild

Description Piotr Piróg 2010-03-19 12:21:45 UTC 
Ipset ebuild don’t apply user patches – src_unpack()/epatch_user is missing.

Reproducible: Always

Steps to Reproduce:
1. copy patch to /etc/portage/patches/net-firewall/ipset/
2. emerge ipset

Actual Results:  
user patches do not get applied

Expected Results:  
user patches should get applied
Comment 1 Piotr Piróg 2010-03-19 12:26:45 UTC 
Created attachment 224235 [details, diff]
Patch for ipset ebuild
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2010-03-24 13:31:56 UTC 
Please provide use case where this is useful. Some packages, e.g. iptables, really need this to enable third party modules, while for ipset it looks like unnecessary.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-03-25 20:20:07 UTC 
What user patches do you have for ipset?
Comment 4 Piotr Piróg 2010-03-26 11:13:33 UTC 
I write one (http://gigant.informel.pl/~pitek/ipset-4.2-matchall.patch).
There is any reason why epatch_user shouldn’t be enabled for all ebuilds?
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2010-03-26 14:36:51 UTC 
We intensionally limit use of epatch_user since it'll be impossible to support systems where users start to use patches we don't have. Actually epatch_user is just a hack until somebody introduces something better.

That said, if you want to have epatch_user or similar enabled for all ebuild, you may try to write your own bashrc script. e.g. sometime ago I did that and ended with http://dev.gentoo.org/~pva/bashrc but you may wish to modify it ...

So, I think this bug should be closed as WONTFIX, but I'll let Robin to do whatever he wants to do here :)
Comment 6 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-03-26 18:27:02 UTC 
piotr:
can you write up some docs for it and attach a newer version, and also send upstream? being able to require matching all of a set is a nice addition :-)

pva:
any objections to including his matchall patch directly once it's got some docs?
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2010-03-27 06:22:35 UTC 
(In reply to comment #6)
> pva:
> any objections to including his matchall patch directly once it's got some
> docs?

patch modifies kernel interface, so if somebody patched kernel manually with ipset sources this could became a problem. It's much better to send this patch upstream - Jozsef is rather fast and helpful.
Comment 8 Peter Volkov (RETIRED) gentoo-dev 2010-10-14 14:57:43 UTC 
Just noted this was submitted upstream and the only question left unanswered there: http://www.spinics.net/lists/netfilter-devel/msg12531.html Piotr, could you answer there, please?
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2010-11-11 08:47:42 UTC 
Resolving bug as NEEDINFO since there no feedback from Piotr.