[gentoo-dev] Canonical order to profile stacking.

[gentoo-dev] Canonical order to profile stacking.

[Anthony G. Basile]

Hi everyone,

I'd like to bounce a question of the community regarding the order of 
profile stackings.  We have a suggestion in hardened to re-introduce the 
hardened desktop profile.  This was deprecated because controlling the 
profile stacking order is very difficult. Specifically, if we set

     ..
     ../../../../targets/desktop

in $PORTDIR/hardened/linux/amd64/desktop/parent (taking amd64 as an example), then we get a stacking order where targets/desktop overrides hardened/linux/amd64.  This causes problems because of flags we need to mask in hardened.

A suggestion was forwarded to switch $PORTDIR/hardened/linux/amd64/desktop/parent to the following

     ../../../../targets/desktop
     ..
  
This, however, puts targets/desktop before even base which is problematic.  In fact, the resulting stacking order is:

     /usr/portage/profiles/targets/desktop
     /usr/portage/profiles/base
     /usr/portage/profiles/default/linux
     /usr/portage/profiles/arch/base
     /usr/portage/profiles/features/multilib
     /usr/portage/profiles/features/multilib/lib32
     /usr/portage/profiles/arch/amd64
     /usr/portage/profiles/releases
     /usr/portage/profiles/eapi-5-files
     /usr/portage/profiles/releases/13.0
     /usr/portage/profiles/hardened/linux
     /usr/portage/profiles/hardened/linux/amd64
     /usr/portage/profiles/hardened/linux/amd64/desktop

The concern with this stacking order is that, with all the later subprofiles overriding targets/desktop, we have breakage waiting to happen when changes are made in arch/amd64 or default/linux.  Since the whole community takes care of those profiles, this seems like a question for everyone.  Do people assume a particular order to stacking when they commit to arch/ or default/linux?

The issue is being tracked in bug #492312.  I give an example of my concern there.

-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA

Re: [gentoo-dev] Canonical order to profile stacking.

[Rick "Zero_Chaos" Farina]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/24/2013 12:28 PM, Anthony G. Basile wrote:
> Hi everyone,
> 
> I'd like to bounce a question of the community regarding the order of
> profile stackings.  We have a suggestion in hardened to re-introduce the
> hardened desktop profile.  This was deprecated because controlling the
> profile stacking order is very difficult. Specifically, if we set
> 
>     ..
>     ../../../../targets/desktop
> 
> in $PORTDIR/hardened/linux/amd64/desktop/parent (taking amd64 as an
> example), then we get a stacking order where targets/desktop overrides
> hardened/linux/amd64.  This causes problems because of flags we need to
> mask in hardened.
> 
Right, targets/desktop overriding hardened is undesirable, that is the
main problem with this stacking order.

> A suggestion was forwarded to switch
> $PORTDIR/hardened/linux/amd64/desktop/parent to the following
> 
>     ../../../../targets/desktop
>     ..
>  
> This, however, puts targets/desktop before even base which is
> problematic.  In fact, the resulting stacking order is:
> 
>     /usr/portage/profiles/targets/desktop
>     /usr/portage/profiles/base
>     /usr/portage/profiles/default/linux
>     /usr/portage/profiles/arch/base
>     /usr/portage/profiles/features/multilib
>     /usr/portage/profiles/features/multilib/lib32
>     /usr/portage/profiles/arch/amd64
>     /usr/portage/profiles/releases
>     /usr/portage/profiles/eapi-5-files
>     /usr/portage/profiles/releases/13.0
>     /usr/portage/profiles/hardened/linux
>     /usr/portage/profiles/hardened/linux/amd64
>     /usr/portage/profiles/hardened/linux/amd64/desktop
> 
> The concern with this stacking order is that, with all the later
> subprofiles overriding targets/desktop, we have breakage waiting to
> happen when changes are made in arch/amd64 or default/linux.  Since the
> whole community takes care of those profiles, this seems like a question
> for everyone.  Do people assume a particular order to stacking when they
> commit to arch/ or default/linux?
> 
So the main problem with the old hardened desktop profile is impossible
here, right?  So in what world is this worse than having no hardened
desktop profile at all?  At worst I can imagine something from
targets/desktop being overridden which, yes, leaves one more use flag
for the user to set, but breaks nothing and can be easily fixed in the
new hardened desktop profile....

> The issue is being tracked in bug #492312.  I give an example of my
> concern there.
> 
So for the 300th time, why exactly is this a bad idea?  I've yet to hear
a single person willing to bother testing, and everyone is just
terrified that "omg, what do you mean base isn't first???"

- -Zero_Chaos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSkqsuAAoJEKXdFCfdEflK2e4P/idmJZFtMhLMom6oV2vgiZJ5
NEyhqzfeDObvoz+RFasUW5FJWuoF2tRKQ5YeqN/OqBooW7T2nfuYHUHBYKk5XXPf
giYLLe8uTorPdEVoKcyB6gLJm4miVNrVP4GwiRiKn3UwIDN7WWUQkf6SX4ki8bgR
t7DVHfc490xwlxe7iTRW3usRJPW3fs1RJ6giMGFe5Y7ddtyC3XyojEBJvaJejZfJ
YoRLcyonEiwoEBnYdpV4LKBI85ZCmevLs8CatYZ6tdwvoUtam5fsZ7QNeFtgp4qd
YJAMkux+CXB+2BP0xant8f/TA4xzPSoGGRxxLs+r8a9vDbZ0lm9FjCUYHEKR3iSG
Z38xFiaWwh2VJ73sNTrJ52KNpfWmtpAqSHFmgZci8157y7H+3uYZDTFhYfKsB5xN
JCXiTWOJ5fKK0QKxf4PDWp6yAQNO8Ef7ObMkA96a+1JfCZXkFROCkpuKh+I7OD1J
Fhyx9yN3axLuo77YjjO+H00rL4qbDMhujX8ZXUqWxwZYSY6o1sCh2fvKZWIAstgf
rhENd2R5Ae7I0PxCjID29BS2TjQz+z7o0kQz4FEm4zlJm7Qt29QrYSENkXpZw6rZ
5L20FtSjJx6IfBbsdGIyFTANV0B7fPht8peoSoMggfvFAVNps6bVGzEMuoowWwSX
QYBPkyLcLJ8Tnl3dnTcK
=fiGs
-----END PGP SIGNATURE-----