Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 352302 - dev-libs/libgcrypt - please add static-libs to IUSE defaults
Summary: dev-libs/libgcrypt - please add static-libs to IUSE defaults
Status: VERIFIED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Crypto team [DISABLED]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-01-21 01:15 UTC by Jorge Manuel B. S. Vicetto
Modified: 2011-02-25 11:54 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2011-01-21 01:15:16 UTC
The installcd-stage1 is failing to build because there is no ebuild to satisfy dev-libs/libgcrypt[static-libs]. Therefore, please add static-libs to IUSE defaults so that we can build new stages.

emerge --quiet --usepkg --buildpkg --newuse app-accessibility/brltty app-admin/hddtemp app-admin/passook app-admin/pwgen app-admin/syslog-ng app-arch/unzip app-arch/xz-utils app-crypt/gnupg app-editors/zile app-misc/screen app-misc/vlock app-portage/mirrorselect app-text/wgetpaste media-gfx/fbgrab net-analyzer/traceroute net-dialup/mingetty net-dialup/pptpclient net-dialup/rp-pppoe net-fs/mount-cifs net-fs/nfs-utils net-irc/irssi net-misc/dhcpcd net-misc/iputils net-misc/ntp net-misc/rdate net-misc/vconfig net-proxy/dante net-proxy/ntlmaps net-proxy/tsocks net-wireless/b43-fwcutter net-wireless/ipw2100-firmware net-wireless/ipw2200-firmware net-wireless/iwl3945-ucode net-wireless/iwl4965-ucode net-wireless/iwl5000-ucode net-wireless/prism54-firmware net-wireless/wireless-tools net-wireless/wpa_supplicant net-wireless/zd1201-firmware net-wireless/zd1211-firmware sys-apps/apmd sys-apps/eject sys-apps/ethtool sys-apps/fxload sys-apps/hdparm sys-apps/hwsetup sys-apps/iproute2 sys
 -apps/memtester sys-apps/netplug sys-block/parted sys-apps/sdparm sys-block/partimage sys-block/qla-fc-firmware sys-fs/cryptsetup sys-fs/dmraid sys-fs/dosfstools sys-fs/e2fsprogs sys-fs/evms sys-fs/hfsutils sys-fs/jfsutils sys-fs/lsscsi sys-fs/lvm2 sys-fs/mac-fdisk sys-fs/mdadm sys-fs/multipath-tools sys-fs/ntfsprogs sys-fs/reiserfsprogs sys-fs/xfsprogs sys-libs/gpm sys-power/acpid www-client/links app-misc/livecd-tools

 * IMPORTANT: 3 news items need reading for repository 'gentoo'.
 * Use eselect news to read news items.


emerge: there are no ebuilds built with USE flags to satisfy "dev-libs/libgcrypt[static-libs]".
!!! One of the following packages is required to complete your request:
- dev-libs/libgcrypt-1.4.6 (Change USE: +static-libs)
(dependency required by "sys-fs/cryptsetup-1.1.3-r3" [ebuild])
(dependency required by "sys-fs/cryptsetup" [argument])
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2011-01-21 02:11:48 UTC
InCVS.
Comment 2 Maciej Mrozowski gentoo-dev 2011-01-22 22:56:59 UTC
@release team
Is it possible to add 'dev-libs/libgcrypt static-libs' to /etc/portage/package.use of installcd-stage1 instead?
Comment 3 Maciej Mrozowski gentoo-dev 2011-01-22 23:02:38 UTC
Reopening.
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2011-01-22 23:24:03 UTC
Please next time provide a reasoning before reopening a bug assigned to another team, when said team was okay with the original resolution, as well as the reporter.
Comment 5 Maciej Mrozowski gentoo-dev 2011-01-22 23:38:27 UTC
Reasoning is obvious: said package configuration is required only for stage1 building and not for default end-user deployment. Enabling static libs for security library makes it possible for certain specific buildsystems to pick up static lib by default on emerge (when both static and shared are available), causing libgcrypt to be linked statically. Security fixes to libgrypt will not propagate to client software automatically in such case.
Comment 6 Diego Elio Pettenò (RETIRED) gentoo-dev 2011-01-22 23:53:00 UTC
Given that no difference applies from what we had _before_ introducing static-libs, your reasoning is way too general.

Do you have an example of one particular case of a package mistakenly linking to libgcrypt statically instead of dynamically? If not, I don't see any high risk in security.

Also, I'd like to point out to you that this is not the first package with a default-enabled static-libs USE flag; beside the high-number of packages that simply don't give you a choice and force you to install both.
Comment 7 Maciej Mrozowski gentoo-dev 2011-01-23 00:20:19 UTC
And number of those is gradually being reduced. Maybe it's better not to reintroduce static libs just in any case if there are simple means (provided there are that is, hence my question to release/catalyst team) to avoid requiring them.
Comment 8 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2011-01-23 14:14:20 UTC
We don't use a custom /etc/portage/* in stage building.
In this case, we might instead just enable the static-libs use flag globally for the install-cd.
Comment 9 Jorge Manuel B. S. Vicetto Gentoo Infrastructure gentoo-dev 2011-01-29 17:27:59 UTC
As requested by Arfrever, I'm adding a note here.

I remove my request in this bug to add static-libs to IUSE defaults as it doesn't work for the ISO building. I forgot we have USE="-*" on installcd-stage1 specs, so IUSE defaults end up being override by the specs.
To fix the issue caused by the dependency on dev-libs/libgcrypt[static-libs], I instead added static-libs to the list of USE flags in the installcd-stage1 specs.

Sorry for the extra work and thanks for your quick reaction.
Comment 10 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2011-01-29 17:33:15 UTC
I have reverted that change due to comment #9.
Comment 11 Melendro 2011-01-30 18:20:03 UTC
But then, users cannot emerge cryptsetup again. We can add statics-libs to the package.use file for libgcrypt, but then why not add it by default.

libgcrypt MUST be static until cryptsetup can be dynamic.

$ emerge -vp cryptsetup

These are the packages that would be merged, in order:

Calculating dependencies... done!

emerge: there are no ebuilds built with USE flags to satisfy "dev-libs/libgcrypt[static-libs]".                                                                 
!!! One of the following packages is required to complete your request:
- dev-libs/libgcrypt-1.4.6 (Change USE: +static-libs)
(dependency required by "sys-fs/cryptsetup-1.1.3-r3" [ebuild])
(dependency required by "cryptsetup" [argument])
Comment 12 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2011-01-30 19:39:15 UTC
(In reply to comment #11)
> users cannot emerge cryptsetup again.

Users should configure their systems in the way appropriate for them. Personally I use sys-fs/cryptsetup with USE="-static". Many users need dev-libs/libgcrypt not for sys-fs/cryptsetup, but for other packages (e.g. app-crypt/gnupg).
Comment 13 Melendro 2011-01-30 20:21:24 UTC
(In reply to comment #12)
> (In reply to comment #11)
> > users cannot emerge cryptsetup again.
> 
> Users should configure their systems in the way appropriate for them.
> Personally I use sys-fs/cryptsetup with USE="-static". Many users need
> dev-libs/libgcrypt not for sys-fs/cryptsetup, but for other packages (e.g.
> app-crypt/gnupg).

cryptsetup doesn't have "static" in stable version (1.1.3-r3), but "dynamic", which is unset by default. With unstable version of cryptsetup (1.2.0-r1) is even worse, as it has "+static", so you cannot disable it and you MUST enable "static-libs" in libgcrypt.

And almost everybody has cryptsetup installed, as it is needed by hal with the USE flag "crypt" (which is the default).

I think that if cryptsetup have +static, libgcrypt should also have it.
Comment 14 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2011-01-30 20:24:52 UTC
(In reply to comment #13)
> With unstable version of cryptsetup (1.2.0-r1) is even worse, as it has
> "+static", so you cannot disable it

# echo "sys-fs/cryptsetup -static" >> /etc/portage/package.use
Comment 15 Melendro 2011-01-30 20:43:05 UTC
(In reply to comment #14)
> (In reply to comment #13)
> > With unstable version of cryptsetup (1.2.0-r1) is even worse, as it has
> > "+static", so you cannot disable it
> 
> # echo "sys-fs/cryptsetup -static" >> /etc/portage/package.use
> 

You're right. I though "+static" has precedence over the package.use file, but I was wrong.

Anyway you cannot even do "emerge system" in an empty box without creating a package.use file. I think this is not good.