Summary: | net-dns/bind-9.16.48, net-dns/bind-tools-9.16.48: security stabilisation | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sam James <sam> |
Component: | Stabilization | Assignee: | Patrick McLean <chutzpah> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chicago, hlein, proxy-maint |
Priority: | Normal | Keywords: | CC-ARCHES, PullRequest, SECURITY |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/35429 | ||
Whiteboard: | |||
Package list: |
net-dns/bind-9.16.48
net-dns/bind-tools-9.16.48
sec-keys/openpgp-keys-isc-20240213
|
Runtime testing required: | --- |
Bug Depends on: | 924995 | ||
Bug Blocks: | 914365, 924447 |
Description
Sam James
2024-02-18 10:50:34 UTC
Sanity check failed:
> net-dns/bind-tools-9.16.48
> bdepend amd64 dev profile default/linux/amd64/17.0/musl (50 total)
> sec-keys/openpgp-keys-isc
> bdepend amd64 stable profile default/linux/amd64/17.1 (80 total)
> sec-keys/openpgp-keys-isc
> net-dns/bind-9.16.48
> bdepend amd64 dev profile default/linux/amd64/17.0/musl (50 total)
> sec-keys/openpgp-keys-isc
> bdepend amd64 stable profile default/linux/amd64/17.1 (80 total)
> sec-keys/openpgp-keys-isc
ppc64 done amd64 done x86 done Hi, Are y'all testing this with the verify-sig USE flag enabled? >>> Emerging (3 of 4) net-dns/bind-9.16.48::gentoo * bind-9.16.48.tar.xz BLAKE2B SHA512 size ;-) ... [ ok ] * dyndns-samples.tbz2 BLAKE2B SHA512 size ;-) ... [ ok ] * bind-9.16.48.tar.xz.asc BLAKE2B SHA512 size ;-) ... [ ok ] >>> Unpacking source... * The following distfiles lack detached signatures: * dyndns-samples.tbz2 * ERROR: net-dns/bind-9.16.48::gentoo failed (unpack phase): * Unsigned distfiles found * * Call stack: * ebuild.sh, line 136: Called src_unpack * environment, line 3653: Called verify-sig_src_unpack * environment, line 4842: Called die * The specific snippet of code: * die "Unsigned distfiles found"; * * If you need support, post the output of `emerge --info '=net-dns/bind-9.16.48::gentoo'`, * the complete build log and the output of `emerge -pqv '=net-dns/bind-9.16.48::gentoo'`. * The complete build log is located at '/var/tmp/portage/net-dns/bind-9.16.48/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/net-dns/bind-9.16.48/temp/environment'. * Working directory: '/var/tmp/portage/net-dns/bind-9.16.48/work' * S: '/var/tmp/portage/net-dns/bind-9.16.48/work/bind-9.16.48' -Chicago (In reply to Chicago from comment #5) > Hi, > > Are y'all testing this with the verify-sig USE flag enabled? > Please file a new bug. Hi Sam, This is the stabilization ticket for net-dns/bind-9.16.48. If the package can't emerge with certain combinations of USE flags enabled on a particular arch or all of the archs, it would be a duplication of efforts to file a new bug in my humble opinion. Best Regards, -Chicago I forgot to add, it is a security concern. Created https://bugs.gentoo.org/924995, working on the verify-sig+doc problem. It's not a duplicate, as Hank has done, the correct thing is to make this bug depend on it. This makes sure the right person sees it and it also blocks any further automatic stabilisation. I only saw this by chance, as the stabilisation bugs are very noisy. Okay, thank you very much for everyone keeping Portage chugging along! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fec12a1db44041aa37ed5acc198ef70d8b265afa commit fec12a1db44041aa37ed5acc198ef70d8b265afa Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2024-02-19 17:45:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-02-19 20:22:14 +0000 net-dns/bind: Fix USE=doc+verify-sig Signed-off-by: Hank Leininger <hlein@korelogic.com> Closes: https://bugs.gentoo.org/924995 Bug: https://bugs.gentoo.org/924895 Closes: https://github.com/gentoo/gentoo/pull/35429 Signed-off-by: Sam James <sam@gentoo.org> net-dns/bind/bind-9.16.48.ebuild | 7 +++++++ 1 file changed, 7 insertions(+) arm64 done ppc done arm done sparc done all arches done |