I wonder why pax-utils.eclass uses elog instead of just einfo. An
example message looks like this:

* Fallback PaX marking -m
* out/Release/chrome

IMHO it's not very useful in the elog messages, but maybe there are
scenarios in which it is useful.

My idea is to just replace all elogs with einfos in pax-utils.eclass.
What do you think?

On Saturday, March 12, 2011 07:36:35 Paweł Hajdan, Jr. wrote:
> I wonder why pax-utils.eclass uses elog instead of just einfo. An
> example message looks like this:
>
> * Fallback PaX marking -m
> * out/Release/chrome
>
> IMHO it's not very useful in the elog messages, but maybe there are
> scenarios in which it is useful.
>
> My idea is to just replace all elogs with einfos in pax-utils.eclass.
> What do you think?

i think it depends on the person. for people who dont use grsec/PaX, they
probably could care less and never see this output. for people who do, they
probably do want to see this.

maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
-mike

On 03/13/2011 04:19 PM, Mike Frysinger wrote:
> On Saturday, March 12, 2011 07:36:35 Paweł Hajdan, Jr. wrote:
>> I wonder why pax-utils.eclass uses elog instead of just einfo. An
>> example message looks like this:
>>
>> * Fallback PaX marking -m
>> * out/Release/chrome
>>
>> IMHO it's not very useful in the elog messages, but maybe there are
>> scenarios in which it is useful.
>>
>> My idea is to just replace all elogs with einfos in pax-utils.eclass.
>> What do you think?
> i think it depends on the person. for people who dont use grsec/PaX, they
> probably could care less and never see this output. for people who do, they
> probably do want to see this.
>
> maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
> -mike

blueness@yellowness ~ $ uname -r
2.6.37-hardened-r5

so you need == *-hardened-*

--
Anthony G. Basile, Ph.D.
Gentoo Developer

On Sunday, March 13, 2011 17:38:29 Anthony G. Basile wrote:
> On 03/13/2011 04:19 PM, Mike Frysinger wrote:
> > maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
>
> blueness@yellowness ~ $ uname -r
> 2.6.37-hardened-r5
>
> so you need == *-hardened-*

you want to additionally match hardened, not replace.
[[ $(uname -r) =~ .*-(grsec|hardened).* ]]
-mike

On 03/13/2011 06:01 PM, Mike Frysinger wrote:
> On Sunday, March 13, 2011 17:38:29 Anthony G. Basile wrote:
>> On 03/13/2011 04:19 PM, Mike Frysinger wrote:
>>> maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
>> blueness@yellowness ~ $ uname -r
>> 2.6.37-hardened-r5
>>
>> so you need == *-hardened-*
> you want to additionally match hardened, not replace.
> [[ $(uname -r) =~ .*-(grsec|hardened).* ]]
> -mike

1) I made a tiny error, but you caught it, it should be *-hardened*
without the extra dash.

2) This works for me, but I'm not familiar with any gentoo kernels that
have -grsec in the uname. Am I missing something, or is this just in
case some of our users are deploying their own kernels?

--
Anthony G. Basile, Ph.D.
Gentoo Developer

On Sunday, March 13, 2011 18:07:48 Anthony G. Basile wrote:
> 2) This works for me, but I'm not familiar with any gentoo kernels that
> have -grsec in the uname. Am I missing something, or is this just in
> case some of our users are deploying their own kernels?

not everyone uses sys-kernel/* ... i havent in a long time
-mike

On Sun, 13 Mar 2011 17:38:29 -0400
"Anthony G. Basile" <blueness@gentoo.org> wrote:

> On 03/13/2011 04:19 PM, Mike Frysinger wrote:
> > On Saturday, March 12, 2011 07:36:35 Paweł Hajdan, Jr. wrote:
> >> I wonder why pax-utils.eclass uses elog instead of just einfo. An
> >> example message looks like this:
> >>
> >> * Fallback PaX marking -m
> >> * out/Release/chrome
> >>
> >> IMHO it's not very useful in the elog messages, but maybe there are
> >> scenarios in which it is useful.
> >>
> >> My idea is to just replace all elogs with einfos in
> >> pax-utils.eclass. What do you think?
> > i think it depends on the person. for people who dont use
> > grsec/PaX, they probably could care less and never see this
> > output. for people who do, they probably do want to see this.
> >
> > maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
> > -mike
>
> blueness@yellowness ~ $ uname -r
> 2.6.37-hardened-r5
>
> so you need == *-hardened-*

I'd suggest doing something like:

use hardened && elog ...

There's an argument that it's better to make decisions according to
make.conf settings rather than the host system configuration, not
least to cater for people doing cross-builds. Assuming cross builds
work at all; I've not tried that for a long time.

Kev.

On Thursday, March 17, 2011 17:59:44 Kevin F. Quinn wrote:
> On Sun, 13 Mar 2011 17:38:29 -0400
>
> "Anthony G. Basile" <blueness@gentoo.org> wrote:
> > On 03/13/2011 04:19 PM, Mike Frysinger wrote:
> > > On Saturday, March 12, 2011 07:36:35 Paweł Hajdan, Jr. wrote:
> > >> I wonder why pax-utils.eclass uses elog instead of just einfo. An
> > >>
> > >> example message looks like this:
> > >> * Fallback PaX marking -m
> > >> * out/Release/chrome
> > >>
> > >> IMHO it's not very useful in the elog messages, but maybe there are
> > >> scenarios in which it is useful.
> > >>
> > >> My idea is to just replace all elogs with einfos in
> > >> pax-utils.eclass. What do you think?
> > >
> > > i think it depends on the person. for people who dont use
> > > grsec/PaX, they probably could care less and never see this
> > > output. for people who do, they probably do want to see this.
> > >
> > > maybe have it `elog` only when [[ $(uname -r) == *-grsec* ]]
> > > -mike
> >
> > blueness@yellowness ~ $ uname -r
> > 2.6.37-hardened-r5
> >
> > so you need == *-hardened-*
>
> I'd suggest doing something like:
>
> use hardened && elog ...
>
> There's an argument that it's better to make decisions according to
> make.conf settings rather than the host system configuration, not
> least to cater for people doing cross-builds. Assuming cross builds
> work at all; I've not tried that for a long time.

in general, yes. but this would have the unpleasant side effect of having
IUSE=hardened show up for all packages that inherit the eclass.

also, this code is run at the pkg_* stage, so it's not the normal src host
feature detection. and we're talking about minor output behavior.
-mike

On 03/17/2011 03:18 PM, Mike Frysinger wrote:
> On Thursday, March 17, 2011 17:59:44 Kevin F. Quinn wrote:
>> I'd suggest doing something like:
>>
>> use hardened && elog ...
>>
>> There's an argument that it's better to make decisions according to
>> make.conf settings rather than the host system configuration, not
>> least to cater for people doing cross-builds. Assuming cross builds
>> work at all; I've not tried that for a long time.
>
> in general, yes. but this would have the unpleasant side effect of having
> IUSE=hardened show up for all packages that inherit the eclass.
>
> also, this code is run at the pkg_* stage, so it's not the normal src host
> feature detection. and we're talking about minor output behavior.
> -mike

I don't know the specifics of what PMS says about this, if you put
hardened in use.force then portage will allow you to use that flag
without it being in IUSE.
--
Thanks,
Zac

On Thursday, March 17, 2011 19:40:31 Zac Medico wrote:
> On 03/17/2011 03:18 PM, Mike Frysinger wrote:
> > On Thursday, March 17, 2011 17:59:44 Kevin F. Quinn wrote:
> >> I'd suggest doing something like:
> >>
> >> use hardened && elog ...
> >>
> >> There's an argument that it's better to make decisions according to
> >> make.conf settings rather than the host system configuration, not
> >> least to cater for people doing cross-builds. Assuming cross builds
> >> work at all; I've not tried that for a long time.
> >
> > in general, yes. but this would have the unpleasant side effect of
> > having IUSE=hardened show up for all packages that inherit the eclass.
> >
> > also, this code is run at the pkg_* stage, so it's not the normal src
> > host feature detection. and we're talking about minor output behavior.
>
> I don't know the specifics of what PMS says about this, if you put
> hardened in use.force then portage will allow you to use that flag
> without it being in IUSE.

that would require listing every package that inherits pax-utils in use.force
too right ? doesnt sound scalable.

my proposal, while certainly not perfect, attempts to take a middle ground
without incurring too much cruft. i think i achieved that while appeasing
most people in practice.
-mike