Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 691376

Summary: app-misc/pip3line[distorm]: tries to fetch over the network
Product: Gentoo Linux Reporter: Michał Górny <mgorny>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: RESOLVED WONTFIX    
Severity: normal CC: proxy-maint, qa
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-08-04 07:06:06 UTC 
-- Configuring the Distorm plugin --
-- fetching distorm
Cloning into '/tmp/portage/app-misc/pip3line-3.6.0/work/pip3line-3.6.0/defaultplugins/distormplugin/../../ext/distorm'...
fatal: unable to access 'https://github.com/gdabah/distorm.git/': Could not resolve: github.com (Could not contact DNS servers)
CMake Error at defaultplugins/distormplugin/CMakeLists.txt:94 (message):
  git clone failed: 128

            
-- Configuring incomplete, errors occurred!
See also "/tmp/portage/app-misc/pip3line-3.6.0/work/pip3line-3.6.0_build/CMakeFiles/CMakeOutput.log".


1. Internet access is not guaranteed at build time.
2. You are not supposed to fetch stuff behind user's backs.
3. Fetching HEAD of git repos without any kind of checksum verification is a huge security hole.
Comment 1 Gabriel Caudrelier 2019-08-04 20:42:26 UTC 
So what's the solution ?

How do I download a second package from another github source ?

Having two SRC_URI is not documented, so this must be forbidden.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-08-04 20:51:48 UTC 
(In reply to Gabriel Caudrelier from comment #1)
> So what's the solution ?
> 
> How do I download a second package from another github source ?
> 
> Having two SRC_URI is not documented, so this must be forbidden.

There is a big difference between something not being documented, and you not bothering to search through the documentation.  Also, you are expected to be able to look through existing ebuilds for solutions, not expect everyone else to do everything for you.

https://devmanual.gentoo.org/ebuild-writing/variables/index.html#src_uri
https://projects.gentoo.org/pms/7/pms.html#x1-620007.3
Comment 3 Gabriel Caudrelier 2019-08-04 21:24:46 UTC 
(In reply to Michał Górny from comment #2)
> There is a big difference between something not being documented, and you
> not bothering to search through the documentation.  Also, you are expected
> to be able to look through existing ebuilds for solutions, not expect
> everyone else to do everything for you.
> 
> https://devmanual.gentoo.org/ebuild-writing/variables/index.html#src_uri
> https://projects.gentoo.org/pms/7/pms.html#x1-620007.3

This package was reviewed 4 times already by 3 different Gentoo developers.

At this point I assumed this was the correct way to do it, so there was no reason to look in to the documentation any further.

I was looking into this anyways, but never got the time to update it. I will come up with something more acceptable.
Comment 4 Gabriel Caudrelier 2019-08-04 22:06:58 UTC 
This package is going to be removed from the Gentoo tree.
Comment 5 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-08-05 03:33:41 UTC 
Don't close bugs as long as the package is there.