| Age | Commit message (Collapse) | Author |
|---|
|
As required by POSIX.1-2024 for mkstemp(3) (and future-POSIX for mktemp(1))
Although you'd need de-facto standard mkstemps(3) due to the .xml suffix,
but same contrains of 6 'X's applies, at least with musl.
Signed-off-by: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Part-of: https://github.com/gentoo/gentoo/pull/43186
Closes: https://github.com/gentoo/gentoo/pull/43186
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Closes: https://bugs.gentoo.org/963683
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Part-of: https://github.com/gentoo/gentoo/pull/44021
Closes: https://github.com/gentoo/gentoo/pull/44021
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
There are packages like javacup and jflex which cannot be built from
source without using a pre-built runtime version of itself. Re-emerging
these packages using the installed instead of the bundled pre-built
version was causing the java-pkg_getjar() function to trigger
java-pkg_ensure-dep() to issue a "QA Notice: java-pkg_ensure-dep:"
message.
This commit ports the PORTAGE_QUIET variable to java-pkg_getjar() so
that it works again as it did in the past for ant-based ebuilds.
Bug: https://bugs.gentoo.org/937047
Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Part-of: https://github.com/gentoo/gentoo/pull/44017
Signed-off-by: Sam James <sam@gentoo.org>
|
|
There was too much of '--release ${version}' leading to validation
errors and preventing successful creation of the jar when packaging
(jar --create -f ) dev-java/fastdoubleparser. Removing it and changing
the output directory of multi-release classes solves the problem and
allows removal of the multi_release variable.
Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
Part-of: https://github.com/gentoo/gentoo/pull/42134
Closes: https://github.com/gentoo/gentoo/pull/42134
Signed-off-by: Sam James <sam@gentoo.org>
|
|
This commit changes of the default location of NGINX temporary files
from /var/tmp/nginx (world-writable) to /var/cache/nginx
(root-writable).
Additionally, this revbumps all www-servers/nginx
consumers of nginx.eclass to use the new nginx-r1.tmpfiles, where the
path is updated accordingly.
This fixes 962961 by specifying that the cache directory should only be
pruned on boot, i.e. tmpfiles (even with --remove option) will not
delete the temporary files of *running* NGINX.
Closes: https://bugs.gentoo.org/962961
Signed-off-by: Zurab Kvachadze <zurabid2016@gmail.com>
Part-of: https://github.com/gentoo/gentoo/pull/43823
Closes: https://github.com/gentoo/gentoo/pull/43823
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Signed-off-by: Matt Jolly <kangie@gentoo.org>
|
|
Late is better than never, right?
Closes: https://bugs.gentoo.org/963518
Signed-off-by: Matt Jolly <kangie@gentoo.org>
|
|
Actually ${ED} != ${D}${PREFIX}
Fixes: 4a3bfe56f647fd16ec529d3632030bbbcaacee06
Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Alfredo Tupone <tupone@gentoo.org>
|
|
Apparently this file sometimes exists, but is empty, in which case we
should not try to use it.
Closes: https://bugs.gentoo.org/963425
Signed-off-by: Nowa Ammerlaan <nowa@gentoo.org>
|
|
Signed-off-by: Patrick Lauer <patrick@gentoo.org>
|
|
This reverts commit 787d4fcfcb2743120c5bf5000962676a20f91b5b.
Signed-off-by: Patrick Lauer <patrick@gentoo.org>
|
|
Signed-off-by: Alfredo Tupone <tupone@gentoo.org>
|
|
This revert series reverts 5 postgresql commits from earlier today. There seems
to be a handful of rdeps that need to be addressed before removal of
postgresql-13.
With this single revert commit, *this* commit can be reverted in future to
reapply all 5 commits again when the rdeps are sorted out.
This reverts commits:
5adeecf12198ccd5eb12bdeb840a026a59fa3b8b
9718eec39a4ac1e48b216f51341fc2a454e6cca6
353510734c67cdfc622d69823459d7c0e0c8c6ef
7d30725246352824ddff832324ddcd3ceb44ade3
008d3218e93834b16b027ae2953981757e6e41b7
Signed-off-by: Joonas Niilola <juippis@gentoo.org>
|
|
When the kernel is re-installed via pkg_config the certificate may
be gone. Detect if this is the case and if so try to extract the
certificate from the kernel install directory and use that for
verification later on in the (re-)install process.
Signed-off-by: Nowa Ammerlaan <nowa@gentoo.org>
|
|
Signed-off-by: Patrick Lauer <patrick@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Unclear what fixed what wrt the last failing qtbase test in
bug #955531, but it seems to pass now. Just to be safe, limit
this to recent Qt and gcc.
Tried all of dev-qt/* (except qtwebengine+webview) with lto +
-Werror=odr/mismatch/strict and everything seems to pass.
Note that qtwebengine still filters lto in the ebuild, unlikely
that this is resolved as it was due to some asm usage I recall
(plus we're patching qtwebengine to allow respecting flags at all,
Qt doesn't support users passing lto there).
If other dev-qt/* have issues in the future we should likewise
filter in the ebuild rather have a global one anymore. Formerly
this wasn't about one failing test but tons of them everywhere.
Closes: https://bugs.gentoo.org/955531
Signed-off-by: Ionen Wolkens <ionen@gentoo.org>
|
|
Enable building arm64ec dlls and hook up fex-emu
Signed-off-by: Sasha Finkelstein <fnkl.kernel@gmail.com>
Part-of: https://github.com/gentoo/gentoo/pull/43593
Closes: https://github.com/gentoo/gentoo/pull/43593
Signed-off-by: Sam James <sam@gentoo.org>
|
|
This is the final piece in the Measured Boot puzzle, we have been
putting the full certificate in the pcrpkey section. But though the
certificate does contain the public key, the tools downstream get
confused by the incorrect format. We now resolve the problem by
extracting the public key from the certificate and using that instead.
See-also: https://github.com/systemd/systemd/issues/38833
Closes: https://bugs.gentoo.org/960276
Signed-off-by: Nowa Ammerlaan <nowa@gentoo.org>
|
|
The .pcrpkey section of the UKI should not contain a full certificate.
And therefore it is not correct to use it in sbverify. Instead use
the set SECUREBOOT_SIGN_CERT which will contain the certificate that
was used for signing in kernel-build.eclass. For gentoo-kernel-bin
we set this variable to the certificate that was used during build
and is included in the gpkg.
Signed-off-by: Nowa Ammerlaan <nowa@gentoo.org>
|
|
This change broke at least arm64 dist-kernel builds:
```
Could not find certificate from /var/tmp/portage/sys-kernel/gentoo-kernel-6.16.7/temp/pcrpkey
* ERROR: sys-kernel/gentoo-kernel-6.16.7::gentoo failed (postinst phase):
* Failed to convert pcrpkey to PEM format
```
Reverts: 45367fd36d1b1be24cefc3d6266012258b3c3068
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
This is the final piece in the Measured Boot puzzle, we have been
putting the full certificate in the pcrpkey section. But though the
certificate does contain the public key, the tools downstream get
confused by the incorrect format. We now resolve the problem by
extracting the public key from the certificate and using that instead.
See-also: https://github.com/systemd/systemd/issues/38833
Closes: https://bugs.gentoo.org/960276
Signed-off-by: Nowa Ammerlaan <nowa@gentoo.org>
|
|
Prompted by 986f9e9faf926fd9f882fe4636889434023e6e3c.
Bug: https://bugs.gentoo.org/961500
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
should only supports EAPI=8 since rust was introduced in inherit.
Signed-off-by: Nicolas PARLANT <nicolas.parlant@parhuet.fr>
Part-of: https://github.com/gentoo/gentoo/pull/40954
Closes: https://github.com/gentoo/gentoo/pull/40954
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Like noted in the comment, ideally would want to check for the
actual matching version but we'd need to test+sanitize KV_EXTRA
and figure out if it's really a version component as it could be
anything.
_p being used should be a rare event and it shouldn't be a big
deal if the check ignores it.
Skipping ML review given trivial and is just about a warning.
Signed-off-by: Ionen Wolkens <ionen@gentoo.org>
|
|
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Signed-off-by: Sam James <sam@gentoo.org>
|
|
According to "System requirements" webpage, gfx1101/gfx1200/gfx1201 are now supported.
From the source code few libraries have gfx1103/gfx1150/gfx1151 support, which is not officially announced.
Some released components fail to compile on gfx1150/gfx1151 - for these components live ebuilds should be introduced.
Bug: https://bugs.gentoo.org/949494
Signed-off-by: Sv. Lockal <lockalsash@gmail.com>
Part-of: https://github.com/gentoo/gentoo/pull/43406
Signed-off-by: Sam James <sam@gentoo.org>
|
|
It has been removed upstream. Due to the use of a symlink for wrapping
it (as opposed to a shell script like python / python-config) this meant
searching PATH didn't find the broken symlink, and instead found
/usr/bin/2to3-3.12 with a 3.13 impl.
Check the version of EPYTHON and add it to nonsupp wrappers instead of
making a symlink.
Reported-by: Paul Zander <negril.nx+gentoo@gmail.com>
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Part-of: https://github.com/gentoo/gentoo/pull/43549
Closes: https://github.com/gentoo/gentoo/pull/43549
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Introduce a new API to verify provenance of PyPI artifacts. To enable
it, set PYPI_VERIFY_REPO to the upstream repository URL. The eclass
will automatically add a verify-provenance flag along with dependencies,
fetch the provenance file from PyPI and export src_unpack() to verify
it.
Support for provenance verification can be checked on PyPI's project
page. If it is supported, the project metadata (i.e. "Project links")
is found in "Verified details", whereas otherwise only "Maintainers"
are in that section. It can also be seen under "view details" for
individual artifacts.
The eclass also provides the low-level functions to account for special
needs: pypi_provenance_url and pypi_verify_provenance.
The bits are implemented directly in pypi.eclass rather than
verify-sig.eclass since they are pretty tightly bound to PyPI
infrastructure, with nontrivial URLs and a dedicated provenance file
format. On top of that, due to a difference in semantics, the flag
is named verify-provenance rather than verify-sig.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Part-of: https://github.com/gentoo/gentoo/pull/43549
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Part-of: https://github.com/gentoo/gentoo/pull/43549
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Part-of: https://github.com/gentoo/gentoo/pull/43549
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
|
|
Older policycoreutils has been removed from the tree for many many years
now. It required a separate argument for base.pp but is now just making
things more complicated than needed. This way the command printed to
users is much simpler.
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
|
|
Missed the line below also had a tab too many.
Signed-off-by: Ionen Wolkens <ionen@gentoo.org>
|
|
Signed-off-by: Ionen Wolkens <ionen@gentoo.org>
|
|
In general, there are *preferred* versus *workable* bootstrap compilers,
and it is *preferred* to build ${lang} with an already built copy of
that compiler, e.g. to get bugfixes and so on. So, for iteration order
when setting up the compilation environment, we prefer our own SLOT, if
multiple bootstrap compilers are available after `src_*` phases start
running.
As a separate matter, the dependency merge graph must pull in at least
one *workable* compiler, and it would be nice if it is a *preferred*
one. Portage solves for dependencies favoring leftmost if it is
necessary to merge an additional dependency. So, ordering from
most-preferred to least-preferred is plausibly reasonable.
Problem: given an installed *workable* but least-preferred compiler,
triggering autounmask of USE=ada causes portage to ignore a *workable*
compiler if the leftmost dependency is already in the merge graph. It
then reports a cycle, where the current package to build depends on
itself:
```
* Error: circular dependencies:
(sys-devel/gcc-14.3.0:14/14::gentoo, ebuild scheduled for merge) depends on
(sys-devel/gcc-14.3.0:14/14::gentoo, ebuild scheduled for merge) (buildtime)
```
It turns out, the order in the any-of group matters. If:
- item 1 is ${PN}:${SLOT}
- item 2 is <${PN}-${SLOT}
- item 3 is installed (ada-bootstrap)
The merge graph wants to build item 1, item 2 would build a ton of
versions and eventually need item 3, item 3 simply works without fuss.
But item 1 *cannot* be uninstalled, yet still get merged in this
transaction to satisfy the deps. And if it is already installed, we
don't need leftmost-associativity to force the preferred compiler to be
merged for building excellent machine code.
Conversely, if item 1 is moved to the end, portage... doesn't try to
autounmask item 2 (now item 1), even if item 3 (ada-bootstrap) is *not*
installed. Although without autounmasking, if "sys-devel/gcc ada" is in
package.use, it does build a large chain of gcc[ada]'s, since it can and
is leftmost.
But for autounmask, instead, it installs item 3 (ada-bootstrap) if
necessary, since it can do so without further autounmask. The incorrect
cycle is broken.
Make this change, because it only affects cycle-breaking and doesn't
affect iteration order in src_configure.
Bug: https://bugs.gentoo.org/962273
Acked-by: Sam James <sam@gentoo.org>
Signed-off-by: Eli Schwartz <eschwartz@gentoo.org>
|
|
Signed-off-by: Eric Joldasov <bratishkaerik@landless-city.net>
Part-of: https://github.com/gentoo/gentoo/pull/43623
Closes: https://github.com/gentoo/gentoo/pull/43623
Signed-off-by: Sam James <sam@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
|
Closes: https://bugs.gentoo.org/962175
Signed-off-by: Ionen Wolkens <ionen@gentoo.org>
|
|
These were recently added by Chromium for gender-based translations. _
is not a valid language tag character, so we strip this suffix when
checking the USE flag, thereby grouping such files with their
non-suffixed counterparts.
Signed-off-by: James Le Cuirot <chewi@gentoo.org>
|
|
Signed-off-by: Michał Górny <mgorny@gentoo.org>
|
