From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LptEk-0000h9-DA for garchives@archives.gentoo.org; Fri, 03 Apr 2009 23:55:50 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 690B4E0957; Fri, 3 Apr 2009 23:55:49 +0000 (UTC) Received: from lbg2.evolone.org (evolone.org [198.145.28.177]) by pigeon.gentoo.org (Postfix) with ESMTP id 12920E0957 for ; Fri, 3 Apr 2009 23:55:49 +0000 (UTC) Received: from lappy.evolone.org (unknown [192.168.1.100]) (Authenticated sender: col) by lbg2.evolone.org (Postfix) with ESMTPA id 88B7D11EBF5 for ; Fri, 3 Apr 2009 16:55:48 -0700 (PDT) Date: Fri, 3 Apr 2009 16:56:22 -0700 From: Michael Higgins To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] How to "freeze" my Gentoo system Message-ID: <20090403165622.2940aa0d@lappy.evolone.org> In-Reply-To: <6e2210230904021945k77b46f88m26e48a17d43a7083@mail.gmail.com> References: <20090311134054.4a4de361@lappy.evolone.org> <200903120956.47288.alan.mckinnon@gmail.com> <49B8C2A7.1090401@gmail.com> <200903121013.30696.alan.mckinnon@gmail.com> <6e2210230904021945k77b46f88m26e48a17d43a7083@mail.gmail.com> Organization: Evolone X-Mailer: Claws Mail 3.7.1 (GTK+ 2.14.7; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 6e2d2696-1fd8-47c0-89fc-47b2fc927a26 X-Archives-Hash: a7cca893184b3d7146590192577d6395 On Fri, 3 Apr 2009 10:45:46 +0800 Mark David Dumlao wrote: > On Thu, Mar 12, 2009 at 4:13 PM, Alan McKinnon > wrote: > > On Thursday 12 March 2009 10:07:03 Dale wrote: > >> I do understand that getting something stable and working then > >> wanting to keep it that way. =C2=A0I'm just wondering what his mileage > >> may be in the long run. Here's the first significant result with a sync today: These are the packages that would be merged, in reverse order: Calculating dependencies... done! [ebuild U ] app-text/xpdf-3.02-r2 [3.02-r1] USE=3D"-nodrm" LINGUAS=3D"-= ar -el -he -ja -ko -la -ru -th -tr -zh_CN -zh_TW" 0 kB Total: 1 package (1 upgrade), Size of downloads: 0 kB Ahh. ;-) I guess what's important, unless I see some particular reason to upgrade so= mething, would be this: glsa-check -tv affected This system is affected by the following GLSAs: 200808-09 ( OpenLDAP: Denial of Service vulnerability )=20 200903-11 ( PyCrypto: Execution of arbitrary code )=20 for glsa in `glsa-check -t affected` ; do glsa-check -p $glsa ; done This system is affected by the following GLSAs: Checking GLSA 200808-09 The following updates will be performed for this GLSA: net-nds/openldap-2.4.11-r1 (2.3.41) Checking GLSA 200903-11 The following updates will be performed for this GLSA: dev-python/pycrypto-2.0.1-r8 (2.0.1-r6) In the interest of writing really ugly bash scripts: # for glsa in `glsa-check -t affected` ; do equery d $( glsa-check -p $glsa= |grep -P '^\s+\w+-\w+/' | perl -pe 's/^\s+(\w+-\w+\/.+)-\d[\d.].+/$1/' ) ;= done This system is affected by the following GLSAs: [ Searching for packages depending on net-nds/openldap... ] app-admin/sudo-1.7.0 (ldap? >=3Dnet-nds/openldap-2.1.30-r1) app-crypt/gnupg-2.0.10 (!static & ldap? net-nds/openldap) (ldap? net-nds/openldap) app-emulation/wine-1.1.12 (ldap? net-nds/openldap) dev-db/postgresql-base-8.3.5 (ldap? net-nds/openldap) dev-libs/apr-util-1.3.4 (ldap? =3Dnet-nds/openldap-2*) gnome-base/gconf-2.24.0 (ldap? net-nds/openldap) gnome-extra/evolution-data-server-2.24.5-r2 (ldap? >=3Dnet-nds/openldap-2.0) mail-client/claws-mail-3.7.1 (ldap? >=3Dnet-nds/openldap-2.0.7) net-firewall/ipsec-tools-0.7.1 (ldap? net-nds/openldap) net-fs/samba-3.0.33 (ldap? net-nds/openldap) net-misc/curl-7.19.4 (ldap? net-nds/openldap) net-misc/openssh-5.1_p1-r2 (ldap? net-nds/openldap) net-misc/openswan-2.4.13-r2 (ldap? net-nds/openldap) net-print/cups-1.3.9-r1 (ldap? net-nds/openldap) www-servers/apache-2.2.10 (ldap? =3Dnet-nds/openldap-2*) [ Searching for packages depending on dev-python/pycrypto... ] sys-apps/portage-2.1.6.7 (!build? >=3Ddev-python/pycrypto-2.0.1-r6) Looks like I can fix the use flag and clean out ldap if I want to do so, bu= t I'm stuck with pycrypto (or the build use flag): euse -i build global use flags (searching: build) ************************************************************ [- ] build - !!internal use only!! DO NOT SET THIS FLAG YOURSELF!, used = for creating build images and the first half of bootstrapping [make stage1] ... that's pretty clear. '-) > > > > I can only imagine what will happen if he forgets that package.mask > > and then removes it six months later:-) >=20 > I too, have spent a couple of days wondering what was masking a > package before remembering that it was me. >=20 And just to see if there's any upside evident: mv /etc/portage/package.mask /etc/portage/package.mask.bak && emerge -puDNt= v system && mv /etc/portage/package.mask.bak /etc/portage/package.mask These are the packages that would be merged, in reverse order: Calculating dependencies... done! [ebuild U ] net-misc/openssh-5.2_p1-r1 [5.1_p1-r2] USE=3D"X pam tcpd -X= 509 -hpn -kerberos -ldap -libedit -pkcs11% (-selinux) -skey -smartcard -sta= tic" 993 kB [ebuild U ] sys-devel/gcc-4.3.3-r2 [4.3.2-r3] USE=3D"fortran gtk mudfla= p nls openmp (-altivec) -bootstrap -build -doc (-fixed-point) -gcj (-harden= ed) -ip28 -ip32r10k -libffi (-multilib) -multislot (-n32) (-n64) -nocxx -no= pie -objc -objc++ -objc-gc -test -vanilla" 58,063 kB Total: 2 packages (2 upgrades), Size of downloads: 59,055 kB Hmm. # mv /etc/portage/package.mask /etc/portage/package.mask.bak && emerge -puD= Ntv world && mv /etc/portage/package.mask.bak /etc/portage/package.mask These are the packages that would be merged, in reverse order: Calculating dependencies... done! [ebuild U ] dev-java/sun-jre-bin-1.6.0.13 [1.6.0.12] USE=3D"X alsa nspl= ugin odbc" 78,284 kB [0] (... and some perl modules). So, that's ssh, gcc and java I can pass on today... figure I can unmask in = a month and update any of these packages, if I feel like it. But, http://bu= gs.gentoo.org/buglist.cgi?quicksearch=3Dxpdf (search on the one update I to= ok), it looks like there was a good gentoo reason and maybe a good gentoo r= esponse.=20 As I understand it, if the maintainer thinks the recent changes/patches are= significant, I'll get a -rN for a new ebuild. OTOH, If there's a new version of something I care about tracking new relea= ses, I'll unmask it. If there's a security thing, I can do the same... Maybe any other ebuilds offered in the tree can wait until I see what happe= ns to everyone else first. ;-) . . . Meanwhile, I do know that there's a security hole found on something I have= installed from an overlay, where the fix was released in a new version ups= tream. So there's one downside, anyway. Cheers, --=20 |\ /| | | ~ ~ =20 | \/ | |---| `|` ? | |ichael | |iggins \^ / michael.higgins[at]evolone[dot]org