diff options
author | Georgy Yakovlev <gyakovlev@gentoo.org> | 2020-10-16 12:43:54 -0700 |
---|---|---|
committer | Zac Medico <zmedico@gentoo.org> | 2020-11-01 13:11:09 -0800 |
commit | 075c1951e1ac84e99a2219ff14be4a366d274f36 (patch) | |
tree | 8309ecfd7031f0ba5440190ce88a35a047746251 | |
parent | Revert "Skip QA Notice for hasq/useq during *rm phases." (diff) | |
download | portage-075c1951e1ac84e99a2219ff14be4a366d274f36.tar.gz portage-075c1951e1ac84e99a2219ff14be4a366d274f36.tar.bz2 portage-075c1951e1ac84e99a2219ff14be4a366d274f36.zip |
cnf/sets/portage.conf: add new sets for go rebuilding go packages
go-built binaries may contain security
vulnerabilities if a binary built with vulnerable compiler.
go is known to embed vulnerable code to all binaries it builds, if
vulnerability was present in the compiler or one of standard libraries.
This commit adds `golang-rebuild` set, which allows easy
rebuild of most go-compiled system packages.
simple 'emerge @golang-rebuild' should rebuild everything affected.
a prompt to run this command can be added to postinst message in
dev-lang/go ebuild.
Closes: https://github.com/gentoo/portage/pull/630
Bug: https://bugs.gentoo.org/752153
Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
Signed-off-by: Zac Medico <zmedico@gentoo.org>
-rw-r--r-- | cnf/sets/portage.conf | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/cnf/sets/portage.conf b/cnf/sets/portage.conf index 0d11d7891..22f0fa3a5 100644 --- a/cnf/sets/portage.conf +++ b/cnf/sets/portage.conf @@ -103,3 +103,9 @@ class = portage.sets.dbapi.UnavailableBinaries # to the matching portdb entry. [changed-deps] class = portage.sets.dbapi.ChangedDepsSet + +# Installed packages that inherit from known go related eclasses. +[golang-rebuild] +class = portage.sets.dbapi.VariableSet +variable = INHERITED +includes = golang-base golang-build golang-vcs golang-vcs-snapshot go-module |