[gentoo-dev] How get ebuild provider virtual/category.

[gentoo-dev] How get ebuild provider virtual/category.

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 276 bytes --]

Hello. When i'm found two packets need this issue.
It's app-admin/sudo and sys-process/fcron.
This packages use virtual/editor but by default set nano as default editor.
I'm don't know how get provider category virtual/editor. But equery view it
as first package.
Any ideas ?

[-- Attachment #2: Type: text/html, Size: 298 bytes --]

Re: [gentoo-dev] How get ebuild provider virtual/category.

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 234 bytes --]

On Friday 10 November 2006 02:24, Anatoly Shipitsin wrote:
> When i'm found two packets need this issue.

why do you care who is providing the virtual ?  the entire point of virtual's 
is that the provider does not matter
-mike

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-dev] How get ebuild provider virtual/category.

[Peter Volkov (pva)]

[-- Attachment #1: Type: text/plain, Size: 506 bytes --]

On 2006-11-10 at 12:24 +0500, Anatoly Shipitsin wrote:
> It's app-admin/sudo and sys-process/fcron. 
> This packages use virtual/editor but by default set nano as default
> editor. 
> I'm don't know how get provider category virtual/editor. But equery
> view it as first package. 
> Any ideas ? 

Please, next time, ask such questions in gentoo-user mailing list.

To solve your problem change EDITOR in /etc/rc, then do:
# unset EDITOR
# source /etc/profile
# emerge -1 sudo fcron

Peter.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] How get ebuild provider virtual/category.

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 397 bytes --]

> why do you care who is providing the virtual ?  the entire point of
> virtual's
> is that the provider does not matter
> -mike


This set default editor at run configure with flag --with-editor=/bin/nano.
But if i'm not install this editor for fcron (unstable 3.0.x) configure
script broke.
See bug #149376.

2Peter Volkov: if it's user problem i'm write to gentoo-users. It's not user
problem.

[-- Attachment #2: Type: text/html, Size: 626 bytes --]

[gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Peter Volkov (pva)]

[-- Attachment #1: Type: text/plain, Size: 2912 bytes --]

Hello.

Anatoly raised really important concern and currently I've started to
think about fix. One possible solution requires virtual/editor to suite
glep 37 and thus affects many packages. So... wondering why this change
was not done I'd like to discuss the problem on the list.

Problem:
There are programs (fcrontab, visudo, vipw and etc.) which require
default editor to work. To select editor they use these two steps:
1.) take editor name from environment (EDITOR or VISUAL vars)
2.) if there is not editor use defined at build time compiled in default

The problem is that both of methods suck in some special situations
which, of course, happen in Gentoo with its extreme configurability.
Currently it is impossible to specify build time dependency reliably for
virtual/editor: most of packages either use nano or vi (either
trough ./configure option or #define in sources) but in the system
without nano or vi this package either not emerges [1,2] or fails to
work[3,4] (yes... if EDITOR is not set). But EDITOR *is not* set when
program is started from sudo because sudo for security reasons drops
environment (are there any other cases when environment is dropped?).

Well. One possible answer that this is not a problem: build time
dependencies are weird, always set EDITOR and never run such programs
from sudo because this allows to do everything with the system. But I'd
like to point at two points: firstly, some users use sudo just to avoid
logging in as root and, secondly, upstream consider compiled in defaults
to work. Thus IMO this is a problem.

The possible solution is to add virtual/editor ebuild which will besides
enumerating all virtual providers install /usr/bin/editor program. This
will be a simple wrapper (bash) script which will use EDITOR environment
variable to start editor, in case environment variable does not exist
use EDITOR from /etc/rc.conf and as the last resolve just issue error
message identifying possible ways to setup editor. All programs that use
compiled in default editor should use this wrapper script. This will
solve ambiguity of build time dependency and allow to use sudo reliably.

While I continue playing in my overlay I'd like to know if there are any
problems with this solution? Currently this change seems to satisfy KISS
concept and fix some problems... thus should be implemented. I'll wait
for some time and open two trackers one for virtual/editor providers
another for virtual/editor build time dependency users and then add
virtual/editor ebuild, remove PROVIDErs and continue working on packages
that use compiled in editor defaults.

References:
[1] https://bugs.gentoo.org/show_bug.cgi?id=124904
[2] https://bugs.gentoo.org/show_bug.cgi?id=94771
[3] https://bugs.gentoo.org/show_bug.cgi?id=149376
[4] https://bugs.gentoo.org/show_bug.cgi?id=149339

Thank you for your time,
Peter.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Mike Frysinger]

On 11/12/06, Peter Volkov (pva) <pva@gentoo.org> wrote:
> The possible solution is to add virtual/editor ebuild

this is a horrible idea

why not modify sudo to not filter the EDITOR env var then there is no
more problem
-mike
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Harald van Dijk]

On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote:
> On 11/12/06, Peter Volkov (pva) <pva@gentoo.org> wrote:
> >The possible solution is to add virtual/editor ebuild
> 
> this is a horrible idea
> 
> why not modify sudo to not filter the EDITOR env var then there is no
> more problem

Except for a gaping security hole.
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Mike Frysinger]

On 11/12/06, Harald van Dijk <truedfx@gentoo.org> wrote:
> On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote:
> > On 11/12/06, Peter Volkov (pva) <pva@gentoo.org> wrote:
> > >The possible solution is to add virtual/editor ebuild
> >
> > this is a horrible idea
> >
> > why not modify sudo to not filter the EDITOR env var then there is no
> > more problem
>
> Except for a gaping security hole.

pulling a ciaranm here huh ?  if a guy has access to `sudo`, then
having a modified environment isnt going to make much difference
-mike

-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Thilo Bangert]

[-- Attachment #1: Type: text/plain, Size: 360 bytes --]

> why not modify sudo to not filter the EDITOR env var then there is no
> more problem

no, there is a very valid reason why sudo filters the EDITOR env var.

sudo should probably be fixed to (re)set the EDITOR variable to a 'safe' 
systemwide default, instead of stripping it completely.

is there a list of sudo 'safe' EDITORs somewhere?

bangert

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Harald van Dijk]

On Sun, Nov 12, 2006 at 04:56:33AM -0500, Mike Frysinger wrote:
> On 11/12/06, Harald van Dijk <truedfx@gentoo.org> wrote:
> >On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote:
> >> On 11/12/06, Peter Volkov (pva) <pva@gentoo.org> wrote:
> >> >The possible solution is to add virtual/editor ebuild
> >>
> >> this is a horrible idea
> >>
> >> why not modify sudo to not filter the EDITOR env var then there is no
> >> more problem
> >
> >Except for a gaping security hole.
> 
> pulling a ciaranm here huh ?  if a guy has access to `sudo`, then
> having a modified environment isnt going to make much difference

sudo can be configured to only allow access to a select few applications.
Allowing arbitrary EDITOR settings completely bypasses this.
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Peter Volkov (pva)]

[-- Attachment #1: Type: text/plain, Size: 867 bytes --]

On 2006-11-12 at 04:34 -0500, Mike Frysinger wrote:
> why not modify sudo to not filter the EDITOR env var then there is no
> more problem

Considering that this is the only situation where environment is
dropped... yes this fixes sudo problem. The other possible solution is:

#!/bin/bash
export EDITOR="/usr/bin/editor"
/usr/bin/fcrontab -e

BUT.

1. upstream uses this in the code. Then to avoid mess and unify approach
we should remove all such things from the code itself. In other cases
this will stay as a bug in gentoo.

2. And I see possibility to write secure editor, which will write only
in predefined locations. Use of such editor became possible only through
clumsy wrapper scripts (like above) if we chose to force people never to
use built in defaults.

And in anyway we need solution to make things more predictable.

Peter.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Mike Frysinger]

On 11/12/06, Thilo Bangert <bangert@gentoo.org> wrote:
> is there a list of sudo 'safe' EDITORs somewhere?

then we end up with having to maintain a list of "safe" EDITORs and
dealing with people who want to edit their own favorite editor

the sudo file has the ability to specify editor's, so why not tell
people to change their sudo config file ?
-mike
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Peter Volkov (pva)]

[-- Attachment #1: Type: text/plain, Size: 714 bytes --]

On Sun, 2006-11-12 at 05:26 -0500, Mike Frysinger wrote:
> then we end up with having to maintain a list of "safe" EDITORs and
> dealing with people who want to edit their own favorite editor
> 
> the sudo file has the ability to specify editor's, so why not tell
> people to change their sudo config file ? 

How? May be I'm wrong, but:

Defaults editor=/usr/bin/vim, !env_editor

is only to use this list with visudo. And does not prevents sudo from
removing EDITOR from environment. Or did you mean something else?

Also from man sudoers: "The default is the path to vi on your system."
Should we drop this from sources then? Or leave this broken on systems
with only nano installed?

Peter.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 361 bytes --]

> then we end up with having to maintain a list of "safe" EDITORs and
> dealing with people who want to edit their own favorite editor
>
> the sudo file has the ability to specify editor's, so why not tell
> people to change their sudo config file ?
>
>
It's not automatic.Other way is remove virtual/editor. And set depend to
nano. But i'm think its bad idea.

[-- Attachment #2: Type: text/html, Size: 544 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Mike Frysinger]

On 11/12/06, Peter Volkov (pva) <pva@gentoo.org> wrote:
> And does not prevents sudo from
> removing EDITOR from environment.

in the example usages you cited, people where using `sudo` to just
avoid running `su -` first ... in other words, their sudo was
unlimited ... updating the sudoers file to allow EDITOR via env_keep
would work fine for them

in that scenario, running any app via EDITOR is not a concern as they
already have the ability to run any command
-mike
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 667 bytes --]

On Sun, Nov 12, 2006 at 12:27:12PM +0300, Peter Volkov (pva) wrote:
> work[3,4] (yes... if EDITOR is not set). But EDITOR *is not* set when
> program is started from sudo because sudo for security reasons drops
> environment (are there any other cases when environment is dropped?).

You can set `Defaults env_keep=EDITOR` in your sudoers file if you want,
or what I do is `Defaults:%wheel !env_reset`, to allow users in group
wheel to use sudo without the environment being scrubbed.

Thanks, Tavis.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Peter Volkov (pva)]

[-- Attachment #1: Type: text/plain, Size: 1206 bytes --]

On Sun, 2006-11-12 at 05:54 -0500, Mike Frysinger wrote:
> in the example usages you cited, people where using `sudo` to just
> avoid running `su -` first ... in other words, their sudo was
> unlimited ... updating the sudoers file to allow EDITOR via env_keep
> would work fine for them
> 
> in that scenario, running any app via EDITOR is not a concern as they
> already have the ability to run any command

That is right. And I've already raised concerns about this approach in
my mail:
http://thread.gmane.org/gmane.linux.gentoo.devel/44218/focus=44238

And that is not an answer on question I've asked in this sub-thread:

Do you know any way *how* to specify "safe" editors list inside sudoers?

I've spent some time and did not found how can I force sudo to edit
files with only known editors inside EDITOR. env_keep just keep env
variable and does not allow to specify "safe" editors list. I suppose
that this is impossible.

Or... what do you mean by that:
"the sudo file has the ability to specify editor's, so why not tell
people to change their sudo config file ?"

English is not my native language thus may be I just misunderstood your
idea here. Sorry.

Peter.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Peter Volkov (pva)]

[-- Attachment #1: Type: text/plain, Size: 618 bytes --]

On Sun, 2006-11-12 at 11:06 +0000, Tavis Ormandy wrote:
> You can set `Defaults env_keep=EDITOR` in your sudoers file if you
> want, or what I do is `Defaults:%wheel !env_reset`, to allow users in
> group wheel to use sudo without the environment being scrubbed. 

Of course I know about that. And I hope we continue this discussion
starting with this mail:
http://thread.gmane.org/gmane.linux.gentoo.devel/44218/focus=44238

But to restate the question raised in that mail I'll repeat:

Should we remove built in editors from packages or how should we set
defaults without keeping them broken?

Peter.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Jan Kundrát]

[-- Attachment #1: Type: text/plain, Size: 472 bytes --]

Peter Volkov (pva) wrote:
> Or... what do you mean by that:
> "the sudo file has the ability to specify editor's, so why not tell
> people to change their sudo config file ?"
> 
> English is not my native language thus may be I just misunderstood your
> idea here. Sorry.

...that the people should specify their allowed/preferred value of
$EDITOR inside the sudo's configuration file, I guess.

Cheers,
-jkt

-- 
cd /local/pub && more beer > /dev/mouth


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 747 bytes --]

On Sun, Nov 12, 2006 at 02:32:56PM +0300, Peter Volkov (pva) wrote:
> On Sun, 2006-11-12 at 11:06 +0000, Tavis Ormandy wrote:
> > You can set `Defaults env_keep=EDITOR` in your sudoers file if you
> > want, or what I do is `Defaults:%wheel !env_reset`, to allow users in
> > group wheel to use sudo without the environment being scrubbed. 
> 
> Of course I know about that.

So please explain what the problem is with sudo, I maintain the ebuild
so need to know. The only `hardcoded` editor is the fallback editor for
visudo, which can be set with the editor default in sudoers. 

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 681 bytes --]

On Sun, Nov 12, 2006 at 04:30:48PM +0500, Anatoly Shipitsin wrote:
> >You can set `Defaults env_keep=EDITOR` in your sudoers file if you want,
> >or what I do is `Defaults:%wheel !env_reset`, to allow users in group
> >wheel to use sudo without the environment being scrubbed.
> >
> 
> Ok. How you plan set default editor at emerge sudo fcron ?

This question is nonsensical. I guess you dont understand what sudo
does, it's too complicated to explain here, you should consult the
documentation.

Thanks, Tavis.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Peter Volkov (pva)]

[-- Attachment #1: Type: text/plain, Size: 1110 bytes --]

On Sun, 2006-11-12 at 12:15 +0000, Tavis Ormandy wrote:
> The only `hardcoded` editor is the fallback editor for
> visudo

And this is the problem I'm talking about. I do not see any reasons to
keep this not working fallback. There are parts of code that just do not
work in Gentoo.

> which can be set with the editor default in sudoers.

That's good. But some packages (I'm talking about practically *all*
crontab, vipw, vigr and may be other applications) do not have such
configuration file to configure that default editor.

And IMO configuration file should change *sane* defaults but I do not
think nano is sane default ;)

Thus I suggested either remove non working fallback in packages
(patching sources) or fix unpredictable and non-working fallback by
adding some sane default (that was /usr/bin/editor in my initial mail).
In other cases current behavior is a bug (some part of program is not
working as intended by upstream). And note suggested trivial fix as a
side effect makes virtual/editor conform glep 37 (also good).

Hope I've made points a bit clearer.

Peter.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 604 bytes --]

> This question is nonsensical. I guess you dont understand what sudo
> does, it's too complicated to explain here, you should consult the
> documentation.


I'm told about emerge package not runtime. May you don't understand me.
Check sudo-1.6.8_p9-r2.ebuild
In DEPEND we see virtual/editor but
in configure
--with-editor=/bin/nano

But virtual/editor can provide by vi nano & etc editor. You think its right?
DEPEND set virtual/editor but configure use nano as hardcoded editor.
I'm think if we set hardcoded editor nano at configure in sudo,ebuild its
should DEPEND at nano editor not virtual/editor.

[-- Attachment #2: Type: text/html, Size: 811 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 1941 bytes --]

On Sun, Nov 12, 2006 at 04:21:21PM +0300, Peter Volkov (pva) wrote:
> On Sun, 2006-11-12 at 12:15 +0000, Tavis Ormandy wrote:
> > The only `hardcoded` editor is the fallback editor for
> > visudo
> 
> And this is the problem I'm talking about. I do not see any reasons to
> keep this not working fallback. There are parts of code that just do not
> work in Gentoo.
> 

Talking specifically about sudo, I think you're making a big deal out of
a very minor thing, primarily because I cannot think of a sane example
of when $EDITOR and $VISUAL are not set and visudo (which requires an
interactive editor) would be invoked. 

If you can give some examples, maybe I would understand.

> > which can be set with the editor default in sudoers.
> 
> That's good. But some packages (I'm talking about practically *all*
> crontab, vipw, vigr and may be other applications) do not have such
> configuration file to configure that default editor.

I dont have much of an opinion on these things, although I think
expecting /bin/vi to be an screen oriented interactive editor (not
nescessarily vi) should be a sane assumption, and if it isnt, that is
the real bug.

> And IMO configuration file should change *sane* defaults but I do not
> think nano is sane default ;)

I really hate nano and pico, I cannot understand how people use them, it
isnt the default because I'm a closet pico fan, I can assure you :)

sudo's default fallback is /bin/vi, but I received some bugs about this
several years ago, and after some discussion on -dev, we decided that
nano should take this place. Things have changed since then, nano used
to be `special` in that we could make assumptions about it, maybe i'll
change it back to /bin/vi, but I dont think it matters much.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency.

[Mike Doty]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Harald van Dijk wrote:
> On Sun, Nov 12, 2006 at 04:56:33AM -0500, Mike Frysinger wrote:
>> On 11/12/06, Harald van Dijk <truedfx@gentoo.org> wrote:
>>> On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote:
>>>> On 11/12/06, Peter Volkov (pva) <pva@gentoo.org> wrote:
>>>>> The possible solution is to add virtual/editor ebuild
>>>> this is a horrible idea
>>>>
>>>> why not modify sudo to not filter the EDITOR env var then there is no
>>>> more problem
>>> Except for a gaping security hole.
>> pulling a ciaranm here huh ?  if a guy has access to `sudo`, then
>> having a modified environment isnt going to make much difference
> 
> sudo can be configured to only allow access to a select few applications.
> Allowing arbitrary EDITOR settings completely bypasses this.
so force EDITOR to something "secure" (infra uses rvim) but really,
visudo, vipw, crontab.... these can all be exploited to gain root access
thus making it silly to try to prevent in these cases.

- --
=======================================================
Mike Doty                      kingtaco -at- gentoo.org
Gentoo/AMD64 Strategic Lead
Gentoo Council
Gentoo Developer Relations
Gentoo Recruitment Lead
Gentoo Infrastructure
GPG: E1A5 1C9C 93FE F430 C1D6  F2AF 806B A2E4 19F4 AE05
=======================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQCVAwUBRVczQIBrouQZ9K4FAQKPrwQAk6vH/W7BRpEK896RE11PpFOJyPKxhYQZ
V0UPKHclNs3WEyx4jw8m743hHPQqd8OZ2Dn6GM5H88m9PdH+S7JtickCXH9SmN0w
E1ODtFbdS6Hg1T5N3Pghf6K+HWkyyvEBIvoffQW7jFpBAmhSWHBFcAwNuETey6pL
sIE+oLQo+48=
=5lw7
-----END PGP SIGNATURE-----
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 1516 bytes --]

>
> Talking specifically about sudo, I think you're making a big deal out of
> a very minor thing, primarily because I cannot think of a sane example
> of when $EDITOR and $VISUAL are not set and visudo (which requires an
> interactive editor) would be invoked.


It's problem exist for any package use configure for set default editor.
If i'm not use nano (see sudo ebuild) and not set EDITOR i'm got bug.


> I dont have much of an opinion on these things, although I think
> expecting /bin/vi to be an screen oriented interactive editor (not
> nescessarily vi) should be a sane assumption, and if it isnt, that is
> the real bug.


Okey. Then remove DEPEND virtual/editor from sudo and other package with
hardcoded default editor.
Set instead right editor. For example nano or vi. Or set USE flag for
switch.

I really hate nano and pico, I cannot understand how people use them, it
> isnt the default because I'm a closet pico fan, I can assure you :)


Gentoo contains  same editors provided virtual/editor. We got two ways.
Create virtual-editor package & wrapper or remove provide virtual-editor.

sudo's default fallback is /bin/vi, but I received some bugs about this
> several years ago, and after some discussion on -dev, we decided that
> nano should take this place. Things have changed since then, nano used
> to be `special` in that we could make assumptions about it, maybe i'll
> change it back to /bin/vi, but I dont think it matters much.


Set any editor but set right depend not virtual/editor.

[-- Attachment #2: Type: text/html, Size: 2210 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 1017 bytes --]

On Sun, Nov 12, 2006 at 06:21:56PM +0500, Anatoly Shipitsin wrote:
> >This question is nonsensical. I guess you dont understand what sudo
> >does, it's too complicated to explain here, you should consult the
> >documentation.
> 
> I'm told about emerge package not runtime. May you don't understand me.

I understand just fine.

> Check sudo-1.6.8_p9-r2.ebuild
> In DEPEND we see virtual/editor but
> in configure
> --with-editor=/bin/nano
> 
> But virtual/editor can provide by vi nano & etc editor. You think its right?
> DEPEND set virtual/editor but configure use nano as hardcoded editor.

Yes, I think it's right. That option doesnt do what you think it does.

> I'm think if we set hardcoded editor nano at configure in sudo,ebuild its
> should DEPEND at nano editor not virtual/editor.

Then you would be wrong.

Thanks, Tavis.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency.

[Mike Doty]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anatoly Shipitsin wrote:
>> This question is nonsensical. I guess you dont understand what sudo
>> does, it's too complicated to explain here, you should consult the
>> documentation.
> 
> 
> I'm told about emerge package not runtime. May you don't understand me.
> Check sudo-1.6.8_p9-r2.ebuild
> In DEPEND we see virtual/editor but
> in configure
> --with-editor=/bin/nano
then fcron(or whatever package this is from) is *broken*

- --
=======================================================
Mike Doty                      kingtaco -at- gentoo.org
Gentoo/AMD64 Strategic Lead
Gentoo Council
Gentoo Developer Relations
Gentoo Recruitment Lead
Gentoo Infrastructure
GPG: E1A5 1C9C 93FE F430 C1D6  F2AF 806B A2E4 19F4 AE05
=======================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQCVAwUBRVc96YBrouQZ9K4FAQKg4QQA7dI0JNad9lcjmuaYZiueYfUY1BPZJkk2
VFsZk5IMzrhDxtA8hl/lYsSlKC1f3vuQWx0kvg6qmtB5/p3+qca16HYjSOWvVimW
rLWyj06vCrZrvEnk3/sR4AIzQARv2lzhA5OZg2rV7aEq2/gZtT1HnPqDsmjp21fs
6X/YIITbzeg=
=DEfd
-----END PGP SIGNATURE-----
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency.

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 341 bytes --]

On Sun, Nov 12, 2006 at 09:29:48AM -0600, Mike Doty wrote:
> then fcron(or whatever package this is from) is *broken*

Either that, or you dont know what it does.

Thanks, Tavis.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 655 bytes --]

> > Check sudo-1.6.8_p9-r2.ebuild
> > In DEPEND we see virtual/editor but
> > in configure
> > --with-editor=/bin/nano
> >
> > But virtual/editor can provide by vi nano & etc editor. You think its
> right?
> > DEPEND set virtual/editor but configure use nano as hardcoded editor.
>
> Yes, I think it's right. That option doesnt do what you think it does.


What this option does ?

> I'm think if we set hardcoded editor nano at configure in sudo,ebuild its
> > should DEPEND at nano editor not virtual/editor.
>
> Then you would be wrong.
>


Use abstract depend provide by same packages and set hardcoded depend
provided by one package (nano) is right?

[-- Attachment #2: Type: text/html, Size: 1064 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 538 bytes --]

On Sun, Nov 12, 2006 at 08:38:52PM +0500, Anatoly Shipitsin wrote:
> >I'm think if we set hardcoded editor nano at configure in sudo,ebuild its
> >> should DEPEND at nano editor not virtual/editor.
> >
> >Then you would be wrong.
> >
> 
> Use abstract depend provide by same packages and set hardcoded depend
> provided by one package (nano) is right?

No, is not right.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 1245 bytes --]

On Sun, Nov 12, 2006 at 08:17:18PM +0500, Anatoly Shipitsin wrote:
> >
> >Talking specifically about sudo, I think you're making a big deal out of
> >a very minor thing, primarily because I cannot think of a sane example
> >of when $EDITOR and $VISUAL are not set and visudo (which requires an
> >interactive editor) would be invoked.
> 
> 
> It's problem exist for any package use configure for set default editor.
> If i'm not use nano (see sudo ebuild) and not set EDITOR i'm got bug.

"Doctor, it hurts when I do this"

> >I dont have much of an opinion on these things, although I think
> >expecting /bin/vi to be an screen oriented interactive editor (not
> >nescessarily vi) should be a sane assumption, and if it isnt, that is
> >the real bug.
> 
> Okey. Then remove DEPEND virtual/editor from sudo and other package with
> hardcoded default editor.

It isnt hardcoded, it's configurable.

> Set instead right editor. For example nano or vi. Or set USE flag for
> switch.

No, you set the correct editor, I dont know which one you use.

Thanks, Tavis.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 199 bytes --]

> > Use abstract depend provide by same packages and set hardcoded depend
> > provided by one package (nano) is right?
>
> No, is not right.
>
> But why it's not need change? I'm talk not only sudo.

[-- Attachment #2: Type: text/html, Size: 405 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 419 bytes --]

> "Doctor, it hurts when I do this"


very funny :)

It isnt hardcoded, it's configurable.


If this not hardcoded. I'm think use this at new fcron ebuild. This really
close problem bug #149376 ;)

No, you set the correct editor, I dont know which one you use.


I'm told about ebuild. I'm can use virtual/editor and then set nano as
editor in fcron.ebuild ?
If not, we need provide virtual-editor.ebuild with wrapper.

[-- Attachment #2: Type: text/html, Size: 931 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Tavis Ormandy]

[-- Attachment #1: Type: text/plain, Size: 601 bytes --]

On Sun, Nov 12, 2006 at 08:59:03PM +0500, Anatoly Shipitsin wrote:
> >> Use abstract depend provide by same packages and set hardcoded depend
> >> provided by one package (nano) is right?
> >
> >No, is not right.
> >
> But why it's not need change? I'm talk not only sudo.

I dont know about the other packages, I'm only talking about sudo.

Although I do think you're making a big fuss over a tiny cosmetic
issue.

Thanks, Tavis.

-- 
-------------------------------------
taviso@sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------

[-- Attachment #2: Type: application/pgp-signature, Size: 238 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 202 bytes --]

>
> Although I do think you're making a big fuss over a tiny cosmetic
> issue.
>
> This changes need not for sudo. It's need for fcron. And probaly any
package use define editor on configuration stage.

[-- Attachment #2: Type: text/html, Size: 360 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency.

[Harald van Dijk]

On Sun, Nov 12, 2006 at 08:43:55AM -0600, Mike Doty wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Harald van Dijk wrote:
> > On Sun, Nov 12, 2006 at 04:56:33AM -0500, Mike Frysinger wrote:
> >> On 11/12/06, Harald van Dijk <truedfx@gentoo.org> wrote:
> >>> On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote:
> >>>> On 11/12/06, Peter Volkov (pva) <pva@gentoo.org> wrote:
> >>>>> The possible solution is to add virtual/editor ebuild
> >>>> this is a horrible idea
> >>>>
> >>>> why not modify sudo to not filter the EDITOR env var then there is no
> >>>> more problem
> >>> Except for a gaping security hole.
> >> pulling a ciaranm here huh ?  if a guy has access to `sudo`, then
> >> having a modified environment isnt going to make much difference
> > 
> > sudo can be configured to only allow access to a select few applications.
> > Allowing arbitrary EDITOR settings completely bypasses this.
> so force EDITOR to something "secure" (infra uses rvim)

rvim is less insecure than vim, but isn't secure if called as root, nor are
most editors. If you can choose to edit other files than those specified on
the command line, you can edit the boot scripts, and do anything after that.

Anyway, if you have something safe (even if it's only /bin/false), forcing
EDITOR to it would be good, but I do not believe sudo has an option for
this. You can remove variables from the environment, but not add them.
There is a special case for visudo, but that's not handled via the
environment. And if there is no way to force EDITOR to something safe,
unsetting it (the current situation) is the next best thing.

> but really,
> visudo, vipw, crontab.... these can all be exploited to gain root access
> thus making it silly to try to prevent in these cases.

Obviously you shouldn't allow access to such programs to users that are not
completely trusted. This isn't about such programs. For example, in ufed, I
used to read the PAGER variable (if you believe that is significantly
different, please explain) to display the help. Since sudo clears it, ufed
is usable even when it's not possible to display the help, and ufed can't
do anything other than edit /etc/make.conf, it would be safe to allow it to
run via sudo (emerge --ask should of course be used if ufed can be run, but
that's a separate issue). That's the kind of thing that would no longer be
safe.
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Jeroen Roovers]

On Sun, 12 Nov 2006 21:57:07 +0500
"Anatoly Shipitsin" <norguhtar@gmail.com> wrote:

> >
> > Although I do think you're making a big fuss over a tiny cosmetic
> > issue.
> >
> > This changes need not for sudo. It's need for fcron. And probaly
> > any  
> package use define editor on configuration stage.  

No, it's not needed for fcron at all, and I already explained why in
[1]. Progressing through [2-4] I thought the fcron issue might have
been fixed, but the virtual/editor discussion had started by then and I
decided I had nothing more to add. Again: fcron builds and works fine
without at all setting ./configure --with-editor= and the ebuild should
not set that option at all. Problem solved.


Kind regards,
     JeR


[1] https://bugs.gentoo.org/show_bug.cgi?id=149376#c15 (don't set
--with-editor in the ebuild and just let it default to /usr/bin/vi,
which is only used if your env doesn't have EDITOR set to something
useful)
[2] https://bugs.gentoo.org/show_bug.cgi?id=149376#c17 (where I
explained that bug #65263 fixed the wrong problem)
[3] https://bugs.gentoo.org/show_bug.cgi?id=149376#c19 (where I
suggested setting it to something proper and available on hopefully
every system, like --with-editor=/bin/nano)
[4] https://bugs.gentoo.org/show_bug.cgi?id=149376#c22 (where I
continued to argue this approach and CC'd bsd@ to get their view)
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 528 bytes --]

>
>
> No, it's not needed for fcron at all, and I already explained why in
> [1]. Progressing through [2-4] I thought the fcron issue might have
> been fixed, but the virtual/editor discussion had started by then and I
> decided I had nothing more to add. Again: fcron builds and works fine
> without at all setting ./configure --with-editor= and the ebuild should
> not set that option at all. Problem solved.


Without  --with-editor  fcrom configure get editor from enviroment parameter
EDITOR.
This is wrong see bug 149376.

[-- Attachment #2: Type: text/html, Size: 728 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 1770 bytes --]

On Sunday 12 November 2006 06:29, Peter Volkov (pva) wrote:
> On Sun, 2006-11-12 at 05:54 -0500, Mike Frysinger wrote:
> > in the example usages you cited, people where using `sudo` to just
> > avoid running `su -` first ... in other words, their sudo was
> > unlimited ... updating the sudoers file to allow EDITOR via env_keep
> > would work fine for them
> >
> > in that scenario, running any app via EDITOR is not a concern as they
> > already have the ability to run any command
>
> That is right. And I've already raised concerns about this approach in
> my mail:
> http://thread.gmane.org/gmane.linux.gentoo.devel/44218/focus=44238

i dont see you discussing this approach at all

> Do you know any way *how* to specify "safe" editors list inside sudoers?

trying to maintain such a list is pointless as there will always be someone 
who likes to use some editor which is not specified in the list ... to answer 
your question though, i dont believe there is a way in sudoers to say "this 
env var may only contain XXX list of values"

> I've spent some time and did not found how can I force sudo to edit
> files with only known editors inside EDITOR. env_keep just keep env
> variable and does not allow to specify "safe" editors list. I suppose
> that this is impossible.

i think you're confusing situations here ... trying to edit files should be 
done with `sudo -e` as that will use the user's EDITOR env var ... running 
`sudo crontab -e` is a different scenario as only crontab knows about the 
editing as it happens indirectly

if you have the ability to edit root's crontab however, then you have full 
access to the machine ... that means you should be using env_keep in the 
sudoers file for the EDITOR var
-mike

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Jeroen Roovers]

On Mon, 13 Nov 2006 09:20:09 +0500
"Anatoly Shipitsin" <norguhtar@gmail.com> wrote:

> Without  --with-editor  fcrom configure get editor from enviroment
> parameter EDITOR.
> This is wrong see bug 149376.

You mean I ought to go read the bug I referred to a few times in the
message you are responding to? I did. In fact, I wrote a lot of the
comments there. I am CC'd on that bug. I even recorded the original
complaint on that bug stating that the ebuild should not rely on the
environment to find a value for EDITOR. I might say I care about the
issue. :)

As I recorded on that bug, fcron's build system sets it to a default
of /usr/bin/vi unless you set the --with-editor option. There's nothing
wrong with that. It just means that running crontab will fail if you do
not set EDITOR after it installs, which is what /etc/rc.conf sets to a
system-wide default.

fcron *always* uses EDITOR from the environment when running crontab, no
matter what you pass to --with-editor at configure time. Consider it a
feature.

Anyway, all this is already documented on the bug you mentioned. I do
not see any need to cover this ground again and again. A
simple ./configure --help should really help you find out why not
setting --with-editor fixes the problem I brought up on that bug, which
then got turned into this huge kludge (virtual/editor) to fix a
cosmetic problem, IMHO.


Kind regards,
     JeR
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 1737 bytes --]

> You mean I ought to go read the bug I referred to a few times in the
> message you are responding to? I did. In fact, I wrote a lot of the
> comments there. I am CC'd on that bug. I even recorded the original
> complaint on that bug stating that the ebuild should not rely on the
> environment to find a value for EDITOR. I might say I care about the
> issue. :)


Okey. I'm remove all get editor from runtime enviroment EDITOR and disable
--with-editor. The run emerge fcron. I'm got:

checking for vi... no
configure: error:
Cannot determine path to vi: try option --with-editor=PATH

But i'm can't get editor from runtime. How emerge obtain right editor ?

As I recorded on that bug, fcron's build system sets it to a default
> of /usr/bin/vi unless you set the --with-editor option. There's nothing
> wrong with that. It just means that running crontab will fail if you do
> not set EDITOR after it installs, which is what /etc/rc.conf sets to a
> system-wide default.


Can i'm use solution from sudo package ?

fcron *always* uses EDITOR from the environment when running crontab, no
> matter what you pass to --with-editor at configure time. Consider it a
> feature.


I'm know! If this broke at configure run without this :(

Anyway, all this is already documented on the bug you mentioned. I do
> not see any need to cover this ground again and again. A
> simple ./configure --help should really help you find out why not
> setting --with-editor fixes the problem I brought up on that bug, which
> then got turned into this huge kludge (virtual/editor) to fix a
> cosmetic problem, IMHO.


Remove --with-editor not fix it. For this it need set enviroment paramenter
EDITOR. How resolve this problem. I'm not get any solution.

[-- Attachment #2: Type: text/html, Size: 2421 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Jeroen Roovers]

On Mon, 13 Nov 2006 11:17:37 +0500
"Anatoly Shipitsin" <norguhtar@gmail.com> wrote:

> Okey. I'm remove all get editor from runtime enviroment EDITOR and
> disable --with-editor. The run emerge fcron. I'm got:
> 
> checking for vi... no
> configure: error:
> Cannot determine path to vi: try option --with-editor=PATH

Ah, so this happens when no package provides $(which vi)? Then we
should default to something that is universally available.

> But i'm can't get editor from runtime. How emerge obtain right
> editor ?

--with-editor=/bin/nano would do fine. I already CC'd bsd@ on the bug
to figure out if nano is part of their defaults, but it probably does
not matter because BSD does have $(which vi) AFAIK.

If this is really too much trouble we could perhaps have it default to
--with-editor="$(which less)"? ;-)


Kind regards,
     JeR
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Diego 'Flameeyes' Pettenò]

[-- Attachment #1: Type: text/plain, Size: 720 bytes --]

On Monday 13 November 2006 20:21, Jeroen Roovers wrote:
> --with-editor=/bin/nano would do fine. I already CC'd bsd@ on the bug
> to figure out if nano is part of their defaults, but it probably does
> not matter because BSD does have $(which vi) AFAIK.
We are Gentoo in that regard, we don't install nvi by default, although the 
6.1 stage comes with vim. The 6.2 stages (and anything that will come in the 
future) are built with catalyst exactly as the Linux stages are, which means 
that we have whatever is defined in the base profile (default: nano).

-- 
Diego "Flameeyes" Pettenò - http://farragut.flameeyes.is-a-geek.org/
Gentoo/Alt lead, Gentoo/FreeBSD, Video, Sound, ALSA, PAM, KDE, CJK, Ruby ...

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.)

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 720 bytes --]

> Ah, so this happens when no package provides $(which vi)? Then we
> should default to something that is universally available.


Check  fcron configure.in. Configure get editor from enviroment parameter
EDITOR it not set by default vi.

--with-editor=/bin/nano would do fine. I already CC'd bsd@ on the bug
> to figure out if nano is part of their defaults, but it probably does
> not matter because BSD does have $(which vi) AFAIK.


This solution used in  sudo. But  with fcron we need  set DEPEND
app-editors/nano instead virtual/editor

If this is really too much trouble we could perhaps have it default to
> --with-editor="$(which less)"? ;-)


it's really much trouble. Without editor fcron ebuild will broken.

[-- Attachment #2: Type: text/html, Size: 1287 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency.

[Alec Warner]

Anatoly Shipitsin wrote:
> 
>     Ah, so this happens when no package provides $(which vi)? Then we
>     should default to something that is universally available. 
> 
> 
> Check  fcron configure.in <http://configure.in>. Configure get editor 
> from enviroment parameter EDITOR it not set by default vi.
> 
>     --with-editor=/bin/nano would do fine. I already CC'd bsd@ on the bug
>     to figure out if nano is part of their defaults, but it probably does
>     not matter because BSD does have $(which vi) AFAIK.
> 
> 
> This solution used in  sudo. But  with fcron we need  set DEPEND 
> app-editors/nano instead virtual/editor
> 
>     If this is really too much trouble we could perhaps have it default to
>     --with-editor="$(which less)"? ;-) 
> 
> 
> it's really much trouble. Without editor fcron ebuild will broken.
> 

So USE_EXPAND $Editor and use the flags to figure out what the default 
editor should be.  Or just set EDITOR so that when fcron builds it finds 
the editor you used.  You can always emerge fcron with EDITOR=nano and 
then unmerge nano and claim fcron is 'broken'.  I think most people 
wouldn't care though.

The only problem currently is that EDITOR is set in /etc/profile (not 
/etc/profile.env) so if you use sudo to emerge fcron, EDITOR will get 
stripped from the environment, causing this problem.  Then again I'd say 
thats a sudo configuration problem, not necessarily a build problem.
-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] Resolve build time default editor dependency.

[Anatoly Shipitsin]

[-- Attachment #1: Type: text/plain, Size: 657 bytes --]

>
> So USE_EXPAND $Editor and use the flags to figure out what the default
> editor should be.  Or just set EDITOR so that when fcron builds it finds
> the editor you used.  You can always emerge fcron with EDITOR=nano and
> then unmerge nano and claim fcron is 'broken'.  I think most people
> wouldn't care though.
>
> The only problem currently is that EDITOR is set in /etc/profile (not
> /etc/profile.env) so if you use sudo to emerge fcron, EDITOR will get
> stripped from the environment, causing this problem.  Then again I'd say
> thats a sudo configuration problem, not necessarily a build problem.


I'm try it. See bug  149376 for more details.

[-- Attachment #2: Type: text/html, Size: 888 bytes --]

Re: [gentoo-dev] Resolve build time default editor dependency.

[Mike Frysinger]

[-- Attachment #1: Type: text/plain, Size: 200 bytes --]

On Monday 13 November 2006 23:33, Alec Warner wrote:
> Then again I'd say
> thats a sudo configuration problem, not necessarily a build problem.

which is solved by declaring EDITOR as env_keep
-mike

[-- Attachment #2: Type: application/pgp-signature, Size: 827 bytes --]