Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 934666

Summary: dev-php/composer and friends: removal
Product: Gentoo Linux Reporter: Arthur Zamarin <arthurzam>
Component: Current packagesAssignee: Guillaume Seren <guillaumeseren>
Status: CONFIRMED ---    
Severity: normal CC: chris, esigra, fcool, guido.schmitz, jdavid.ibp, neb.semqen.ramesses, php-bugs, proxy-maint, sir_tuam, soap, treecleaner, victor.costache
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 572232, 573342, 696604, 738014, 738016, 838268, 877639, 900100    
Deadline: 2024-07-21   

Description Arthur Zamarin archtester Gentoo Infrastructure gentoo-dev Security 2024-06-21 17:19:57 UTC
Last dev-php/* EAPI=6 packages, and reverse dependencies of them.
composer has active security vulnerabilities. Others are waiting
for version bumps, and unbundling of dependencies.

package list:
dev-php/composer
dev-php/phpDocumentor
dev-php/phpcov
dev-php/phpdepend
dev-php/phpdocumentor-reflection-common
dev-php/phpdocumentor-reflection-docblock
dev-php/phpdocumentor-type-resolver
dev-php/stringparser_bbcode
dev-php/symfony-config
dev-php/symfony-console
dev-php/symfony-dependency-injection
dev-php/symfony-event-dispatcher
dev-php/symfony-yaml
Comment 1 Larry the Git Cow gentoo-dev 2024-06-21 17:23:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6cc0f51b2fcd7e652b8990021c7ca69de80499fc

commit 6cc0f51b2fcd7e652b8990021c7ca69de80499fc
Author:     Arthur Zamarin <arthurzam@gentoo.org>
AuthorDate: 2024-06-21 17:21:26 +0000
Commit:     Arthur Zamarin <arthurzam@gentoo.org>
CommitDate: 2024-06-21 17:21:26 +0000

    profiles: last-rite last EAPI=6 dev-php/*
    
    Bug: https://bugs.gentoo.org/934666
    Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>

 profiles/package.mask | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
Comment 2 Victor Costache 2024-06-22 07:34:53 UTC
dev-php/composer and other masked packages are needed for Magento 2 setup. What should I do once removed from the repository? Please advise.
Comment 3 Ferdinand Kuhl 2024-06-22 12:26:01 UTC
@victor:

There is an updated and curated version of composer and some other php related packages in https://github.com/gentoo-php-overlay/php-overlay
Comment 4 David Seifert gentoo-dev 2024-06-23 09:47:22 UTC
(In reply to Victor Costache from comment #2)
> dev-php/composer and other masked packages are needed for Magento 2 setup.
> What should I do once removed from the repository? Please advise.

Maintain it in ::gentoo?
Comment 5 Victor Costache 2024-06-24 05:31:57 UTC
Is there any plan to return these packages to the Gentoo official repository anytime soon, or should I use an overlay or maintain them myself (local repository)? I think I am not the only one using Gentoo for Magento.
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-06-25 05:25:16 UTC
If someone's willing to proxy-maintain it in ::gentoo, it can come back (but nobody's done that until now).