New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev-python/cryptography: bump version to 2.3 #9405
Conversation
Closes: https://bugs.gentoo.org/662564 Package-Manager: Portage-2.3.40, Repoman-2.3.9
Pull Request assignment Areas affected: ebuilds dev-python/cryptography: @gentoo/python Bugs linked: 662564 In order to force reassignment and/or bug reference scan, please append |
Pull request CI report Report generated at: 2018-08-01 09:15 UTC No issues found |
Thanks @oz123 for the heads up. While I review this, would you mind splitting it up in two separate commits? We generally don't include more than one package in a commit (I'm surprised that repoman let you do this). |
Have you tried installing it? on my machine, patches don't apply cleanly and build fail. |
@hsoft , I was afraid to remove the patches. I respect people who understand crypto better than me. |
No, those patches are probably necessary to the "libressl" USE flag. What is needed is:
All of this implies setting yourself a libressl environment. Sorry, sometimes minor bumps are not so minor :) If that's too much for you, no problem, we'll handle it internally, but please tell us soon so we don't duplicate work and act fast (it's a CVE after all). If you're up to the challenge, no problem either, I can help you if you're stuck. |
I see that the patches where add in 079600f.
Do I need to install gentoo with libressl? that would involve compiling a lot of packages on a different machine? |
Yes, applying the patches selectively sounds like a good idea. If it works, go ahead. For testing in different environments, yes, setting up a new environment is time consuming, but depending on your setup, you can end up being efficient in it. For example, I use LXC and have a "pristine" gentoo env from the When I need a new environment, I simply In the case of libressl, because it requires a bit of manual setup by itself, I also maintain a "pristine libressl" container around. Of course, you can use whatever tools work best for you... |
No, conditional patches are very bad and should be avoided whenever possible. For example, with conditional patches you'd have committed a broken ebuild without even knowing the patches no longer apply. |
@mgorny okay, that is a good argument. How would you than solve it? |
@oz123 those patches enable libressl but don't hinder building against openssl. That's why they can (and should, thanks @mgorny for the info) be applied unconditionally. The steps to solve the problem stay the same as I outlined in my earlier comment: refresh the patches or remove them after verifications that they're obsolete. |
@hsoft, I think at this point I should acknowledge that I am still not able to do this. Can someone else take over from here? |
@oz123 sure, no problem. Thanks for the security scouting and for trying. I'll proceed with the bump shortly. |
Closes: https://bugs.gentoo.org/662564
Package-Manager: Portage-2.3.40, Repoman-2.3.9