Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Why re-emerge gnupg-1.2.2-r1???
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
t011
Tux's lil' helper
Tux's lil' helper


Joined: 05 Sep 2002
Posts: 102

PostPosted: Mon Jul 28, 2003 4:30 pm    Post subject: Why re-emerge gnupg-1.2.2-r1??? Reply with quote

I was reading the advisory for updating GnuPG from version 1.2.2 to 1.2.2-r1 and it just seemed silly to have to re-emerge, and therefore spend the time to recompile gnupg, when the only problem was that a file was set with the wrong permissions after compilation and during the actual installation. A diff of the ebuilds shows the problem:
Code:
[root /usr/portage/app-crypt/gnupg]# diff gnupg-1.2.2.ebuild gnupg-1.2.2-r1.ebuild
3c3
< # $Header: /home/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-1.2.2.ebuild,v 1.4 2003/07/18 19:29:16 tester Exp $
---
> # $Header: /home/cvsroot/gentoo-x86/app-crypt/gnupg/gnupg-1.2.2-r1.ebuild,v 1.2 2003/07/18 22:01:13 taviso Exp $
11c11
< KEYWORDS="x86 ppc sparc alpha arm hppa amd64"
---
> KEYWORDS="x86 ppc sparc alpha arm hppa"
14c14
< DEPEND="dev-lang/perl
---
> DEPEND="dev-lang/perl
48c48
<       chmod +s "${D}/usr/bin/gpg"
---
>       chmod u+s,g-s "${D}/usr/bin/gpg"

If you look at the incorrect file permissions for gpg, they are:
Code:
[root /usr/bin]# ls -l gpg
-rwsr-sr-x    1 root     root         658K May 16 10:11 gpg*

Then just execute the correct chmod command:
Code:
[root /usr/bin]# chmod u+s,g-s gpg

and you get:
Code:
[root /usr/bin]# ls -l gpg
-rwsr-xr-x    1 root     root         658K May 16 10:11 gpg*

So, now the security problem is fixed. But now I'm left with the problem of updating portage to know that the gnupg package should be considered as version 1.2.2-r1 rather than 1.2.2. So I need to do a little poking around to figure out how to fix that. But my question is, is the only reason why you're told to re-emerge the newer ebuild simply to make it easy for people to increment the registered ebuild version? I mean it couldn't have been easier to fix the actual security problem in the 1.2.2 ebuild. Why have everyone waste the time of recompiling a program that has no need to be recompiled? Thanks.
Back to top
View user's profile Send private message
npalmer76
n00b
n00b


Joined: 27 Feb 2003
Posts: 26

PostPosted: Mon Jul 28, 2003 9:20 pm    Post subject: Reply with quote

You could just inject the 1.2.2-r1 version and then it will think you have it until such time as you upgrade again, and then it should delete both old versions.

-Nick
_________________
My other sig is an Air Cooled Volkswagen.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum