Portage 2.2.0_alpha116 (default/linux/amd64/10.0, gcc-4.7.1-asneeded, glibc-2.16.0, 3.4.4-hardened-r1 x86_64) ================================================================= System uname: Linux-3.4.4-hardened-r1-x86_64-AMD_Opteron-TM-_Processor_6272-with-gentoo-2.1 Timestamp of tree: Thu, 05 Jul 2012 11:30:01 +0000 ccache version 3.1.7 [disabled] app-shells/bash: 4.2_p29 dev-java/java-config: 2.1.12 dev-lang/python: 2.6.8, 2.7.3-r2, 3.2.3-r1 dev-util/ccache: 3.1.7 dev-util/cmake: 2.8.8-r3 sys-apps/baselayout: 2.1-r1 sys-apps/openrc: 0.10.5 sys-apps/sandbox: 2.6 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.4_p6-r1, 1.9.6-r3, 1.10.3, 1.11.5, 1.12.1 sys-devel/binutils: 2.22-r1 sys-devel/gcc: 4.5.3-r2, 4.6.3, 4.7.1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r3 sys-kernel/linux-headers: 3.4 (virtual/os-headers) sys-libs/glibc: 2.16.0 Repositories: gentoo ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -ggdb -march=native -ftracer -frecord-gcc-switches" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/entropy /opt/openjms/config /usr/lib64/tomoyo/conf /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.0/conf /usr/share/qpsmtpd/plugins /var/bind /var/lib/hsqldb" CONFIG_PROTECT_MASK="${EPREFIX}/etc/gconf /etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -ggdb -march=native -ftracer -frecord-gcc-switches" DISTDIR="/var/cache/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles news parallel-fetch parse-eapi-ebuild-head protect-owned sandbox sfperms strict test test-fail-continue unknown-features-warn unmerge-orphans userfetch userpriv usersandbox" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="en_US.utf8" LC_ALL="C" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j24" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/var/cache/tinderbox/tree" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowex acl amd64 berkdb bzip2 cli cracklib crypt cups cxx dri ffmpeg fortran gdbm gnutls gpm iconv ipv6 mmx modules mudflap multilib ncurses nls nptl openmp pam pax_kernel pcre plasma pppd qt3support readline semantic-desktop session sse sse2 sse3 sse4 ssl ssse3 tcpd unicode vhosts xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" RUBY_TARGETS="ruby18 ruby19 ree18" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Dupe of bug #398317 ? Did you try USE=system-libs?
No the problem is that it bundles lots of stuff, it shouldn't have an USE for this kind of stuff if it works with system libs (and if it doesn't, why the $* have an USE for it?). So please just fix it _properly_.
(In reply to comment #2) > No the problem is that it bundles lots of stuff, it shouldn't have an USE > for this kind of stuff if it works with system libs (and if it doesn't, why > the $* have an USE for it?). > > So please just fix it _properly_. The bundled stuff is not identical to our system libs, and it is precompiled, not source which we could deal with. They patch the libraries and they do not disclose what they do. Since upstream is a service (they provide encrypted cloud space) and they do not support "mangled" clients, I opted for this use flag to let the user decide. The conditional "if it works with system libs" is not definitely decideable. Recommendations?
So the reason to use system libs is reliability and security — if you don't know that the system libs are reliable for their use, don't use them! Honestly, in these cases, I would like to see the package being p.masked, or at least never ever ever go stable. I'd say drop the USE flag, and keep this bug _open_ for reference.
(In reply to comment #4) > So the reason to use system libs is reliability and security — if you don't > know that the system libs are reliable for their use, don't use them! That was my original gut reaction but after some discussion we went with the USE flag. > Honestly, in these cases, I would like to see the package being p.masked, or > at least never ever ever go stable. Never stable is fine here, in my opinion. We have tried to get upstream to open but they have not. > I'd say drop the USE flag, and keep this bug _open_ for reference. Let's see if there are any more points regarding this before we move in that direction.
@Dennis any comment on this? I really don't want to act without your ACK.
(In reply to comment #6) > @Dennis any comment on this? I really don't want to act without your ACK. I am still using spideroak with USE=system-libs and it works fine so far. I'd really like to unbundle even the rest of the included stuff (i.e. python packages), and hence press more on upstream to disclose what versions and patches to external libraries/packages were used. On the other hand I understand Diego's concerns from a packagers perspective that the bundled libs might be more stable in this case. Hence my vote: Mask the useflag for now and press on upstream again, while removing any stable keywords. Then remove the flag altogether, should we figure out that upstream is unwilling to move. How can we shutup the Tinderbox QA warning? I.e. tell the system that we are aware of the bundled libs?
You really can't shut up that warning (it's an extra one) — just keep the bug open as a reference if you don't mind, and that will be enough (I won't open any other). The rest of the plan sounds good to me.
In profiles/default/linux/package.use.mask: # Anthony G. Basile <blueness@gentoo.org> (23 Jul 2012) # USE=system-libs is potentially unreliable and insecure # Bug #426798 app-backup/spideroak-bin system-libs
!!! existing preserved libs: >>> package: net-libs/libssh2-1.4.2 * - /usr/lib64/libssh2.so.1 * - /usr/lib64/libssh2.so.1.0.1 * used by /opt/SpiderOak/libcurl.so.4 (app-backup/spideroak-bin-4.6.9945) * used by /opt/SpiderOak/pycurl.so (app-backup/spideroak-bin-4.6.9945) How do we fix this? libssh2.so.1 is present in /opt/SpiderOak - can we tell portage about that?
(In reply to comment #10) > !!! existing preserved libs: > >>> package: net-libs/libssh2-1.4.2 > * - /usr/lib64/libssh2.so.1 > * - /usr/lib64/libssh2.so.1.0.1 > * used by /opt/SpiderOak/libcurl.so.4 > (app-backup/spideroak-bin-4.6.9945) > * used by /opt/SpiderOak/pycurl.so (app-backup/spideroak-bin-4.6.9945) > > How do we fix this? libssh2.so.1 is present in /opt/SpiderOak - can we tell > portage about that? Oh, this is bug #402081 again.
