Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 524148 - net-dns/bind-9.10.1 sys-libs/libseccomp keyword request
Summary: net-dns/bind-9.10.1 sys-libs/libseccomp keyword request
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Keywording and Stabilization (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Christian Ruppert (idl0r)
URL:
Whiteboard:
Keywords: KEYWORDREQ
Depends on:
Blocks: CVE-2014-8500
  Show dependency tree
 
Reported: 2014-09-30 18:44 UTC by Christian Ruppert (idl0r)
Modified: 2014-12-11 14:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Ruppert (idl0r) archtester Gentoo Infrastructure gentoo-dev Security 2014-09-30 18:44:09 UTC
Hey guys,

I had to drop some/your arches due to the newly added sys-libs/libseccomp dependency. Please either mask the "seccomp" useflag in bind or keyword sys-libs/libseccomp.
Comment 1 Mike Gilbert gentoo-dev 2014-09-30 19:01:22 UTC
I believe the SECCOMP_FILTER kernel option is only implemented for arm, mips, s390 and x86, so I'm not sure keywording sys-libs/libseccomp on other archs makes any sense.

Perhaps we should add seccomp to use.mask in the base profile and unmask it for amd64, arm, mips, s390, x86? I already do that for sys-apps/systemd via package.use.mask.
Comment 2 Jeroen Roovers gentoo-dev 2014-09-30 19:47:25 UTC
arch.c:50:2: error: #error the arch code needs to know about your machine type

Masked USE=seccomp and marked ~hppa.
Comment 3 Anthony Basile gentoo-dev 2014-09-30 19:48:45 UTC
(In reply to Mike Gilbert from comment #1)
> I believe the SECCOMP_FILTER kernel option is only implemented for arm,
> mips, s390 and x86, so I'm not sure keywording sys-libs/libseccomp on other
> archs makes any sense.
> 
> Perhaps we should add seccomp to use.mask in the base profile and unmask it
> for amd64, arm, mips, s390, x86? I already do that for sys-apps/systemd via
> package.use.mask.

SECCOMP is in ppc/ppc64:

ppc64-64ul timberdoodle / # uname -a
Linux timberdoodle 3.12.20-gentoo #1 SMP Wed May 28 07:47:29 PDT 2014 ppc64 POWER7 (architected) CHRP IBM,8231-E2B GNU/Linux
ppc64-64ul timberdoodle / # zcat /proc/config.gz | grep SECCOMP
CONFIG_SECCOMP=y

do you also need SECCOMP_FILTER?
Comment 4 Mike Gilbert gentoo-dev 2014-09-30 19:54:28 UTC
(In reply to Anthony Basile from comment #3)

From what I understand, libseccomp is an interface built on top of SECCOMP_FILTER, so yes.
Comment 5 Mike Gilbert gentoo-dev 2014-09-30 19:55:54 UTC
Also, check out the #if block at the top of arch.c, as Jeroen pointed out.

http://sourceforge.net/p/libseccomp/libseccomp/ci/master/tree/src/arch.c
Comment 6 Anthony Basile gentoo-dev 2014-09-30 20:01:21 UTC
(In reply to Jeroen Roovers from comment #2)
> arch.c:50:2: error: #error the arch code needs to know about your machine
> type
> 
> Masked USE=seccomp and marked ~hppa.

Just so everyone's on board: Jer proceeded by masking it in arch/hppa/use.mask and not use.mask in the base profile.  I'll follow Jer's lead here.
Comment 7 Anthony Basile gentoo-dev 2014-10-02 11:22:27 UTC
Keyworded ~ppc ~ppc64
Comment 8 SpanKY gentoo-dev 2014-10-18 18:13:18 UTC
Commit message: Mask USE=seccomp until the kernel/library gets support
http://sources.gentoo.org/profiles/arch/alpha/use.mask?r1=1.91&r2=1.92
Comment 9 SpanKY gentoo-dev 2014-10-18 18:13:32 UTC
Commit message: Mask USE=seccomp until the kernel/library gets support
http://sources.gentoo.org/profiles/arch/arm64/use.mask?r1=1.12&r2=1.13
Comment 10 SpanKY gentoo-dev 2014-10-18 18:14:16 UTC
Commit message: Mask USE=seccomp until the kernel/library gets support
http://sources.gentoo.org/profiles/arch/ia64/use.mask?r1=1.111&r2=1.112
Comment 11 SpanKY gentoo-dev 2014-10-18 18:14:23 UTC
Commit message: Mask USE=seccomp until the kernel/library gets support
http://sources.gentoo.org/profiles/arch/m68k/use.mask?r1=1.28&r2=1.29
Comment 12 SpanKY gentoo-dev 2014-10-18 18:14:31 UTC
Commit message: Mask USE=seccomp until the library gets support
http://sources.gentoo.org/profiles/arch/mips/use.mask?r1=1.77&r2=1.78
Comment 13 SpanKY gentoo-dev 2014-10-18 18:14:46 UTC
Commit message: Mask USE=seccomp until the library gets support
http://sources.gentoo.org/profiles/arch/s390/use.mask?r1=1.57&r2=1.58
Comment 14 SpanKY gentoo-dev 2014-10-18 18:14:54 UTC
Commit message: Mask USE=seccomp until the kernel/library gets support
http://sources.gentoo.org/profiles/arch/sparc/use.mask?r1=1.119&r2=1.120
Comment 15 SpanKY gentoo-dev 2014-10-18 18:15:04 UTC
Commit message: Mask USE=seccomp until the kernel/library gets support
http://sources.gentoo.org/profiles/arch/sh/use.mask?r1=1.80&r2=1.81
Comment 16 SpanKY gentoo-dev 2014-10-18 18:15:39 UTC
Commit message: Drop systemd-specific seccomp mask since the USE flag itself is handled properly
http://sources.gentoo.org/profiles/base/package.use.mask?r1=1.615&r2=1.616
Comment 17 SpanKY gentoo-dev 2014-10-18 18:15:49 UTC
Commit message: Drop systemd-specific seccomp mask since the USE flag itself is handled properly
http://sources.gentoo.org/profiles/arch/amd64/package.use.mask?r1=1.190&r2=1.191
Comment 18 SpanKY gentoo-dev 2014-10-18 18:15:55 UTC
Commit message: Drop systemd-specific seccomp mask since the USE flag itself is handled properly
http://sources.gentoo.org/profiles/arch/arm/package.use.mask?r1=1.219&r2=1.220
Comment 19 SpanKY gentoo-dev 2014-10-18 18:16:00 UTC
Commit message: Drop systemd-specific seccomp mask since the USE flag itself is handled properly
http://sources.gentoo.org/profiles/arch/x86/package.use.mask?r1=1.141&r2=1.142
Comment 20 SpanKY gentoo-dev 2014-10-18 18:17:22 UTC
Commit message: Restore KEYWORDS for all arches
http://sources.gentoo.org/net-dns/bind/bind-9.10.1.ebuild?r1=1.3&r2=1.4
Comment 21 SpanKY gentoo-dev 2014-10-18 18:17:50 UTC
no real need to have 10 people make the same obvious change, so i've done it everywhere now