aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorgy Yakovlev <gyakovlev@gentoo.org>2020-10-16 12:43:54 -0700
committerZac Medico <zmedico@gentoo.org>2020-11-01 13:11:09 -0800
commit075c1951e1ac84e99a2219ff14be4a366d274f36 (patch)
tree8309ecfd7031f0ba5440190ce88a35a047746251
parentRevert "Skip QA Notice for hasq/useq during *rm phases." (diff)
downloadportage-075c1951e1ac84e99a2219ff14be4a366d274f36.tar.gz
portage-075c1951e1ac84e99a2219ff14be4a366d274f36.tar.bz2
portage-075c1951e1ac84e99a2219ff14be4a366d274f36.zip
cnf/sets/portage.conf: add new sets for go rebuilding go packages
go-built binaries may contain security vulnerabilities if a binary built with vulnerable compiler. go is known to embed vulnerable code to all binaries it builds, if vulnerability was present in the compiler or one of standard libraries. This commit adds `golang-rebuild` set, which allows easy rebuild of most go-compiled system packages. simple 'emerge @golang-rebuild' should rebuild everything affected. a prompt to run this command can be added to postinst message in dev-lang/go ebuild. Closes: https://github.com/gentoo/portage/pull/630 Bug: https://bugs.gentoo.org/752153 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> Signed-off-by: Zac Medico <zmedico@gentoo.org>
-rw-r--r--cnf/sets/portage.conf6
1 files changed, 6 insertions, 0 deletions
diff --git a/cnf/sets/portage.conf b/cnf/sets/portage.conf
index 0d11d7891..22f0fa3a5 100644
--- a/cnf/sets/portage.conf
+++ b/cnf/sets/portage.conf
@@ -103,3 +103,9 @@ class = portage.sets.dbapi.UnavailableBinaries
# to the matching portdb entry.
[changed-deps]
class = portage.sets.dbapi.ChangedDepsSet
+
+# Installed packages that inherit from known go related eclasses.
+[golang-rebuild]
+class = portage.sets.dbapi.VariableSet
+variable = INHERITED
+includes = golang-base golang-build golang-vcs golang-vcs-snapshot go-module