commit: 075c1951e1ac84e99a2219ff14be4a366d274f36 Author: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> AuthorDate: Fri Oct 16 19:43:54 2020 +0000 Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> CommitDate: Sun Nov 1 21:11:09 2020 +0000 URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=075c1951
cnf/sets/portage.conf: add new sets for go rebuilding go packages go-built binaries may contain security vulnerabilities if a binary built with vulnerable compiler. go is known to embed vulnerable code to all binaries it builds, if vulnerability was present in the compiler or one of standard libraries. This commit adds `golang-rebuild` set, which allows easy rebuild of most go-compiled system packages. simple 'emerge @golang-rebuild' should rebuild everything affected. a prompt to run this command can be added to postinst message in dev-lang/go ebuild. Closes: https://github.com/gentoo/portage/pull/630 Bug: https://bugs.gentoo.org/752153 Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org> Signed-off-by: Zac Medico <zmedico <AT> gentoo.org> cnf/sets/portage.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cnf/sets/portage.conf b/cnf/sets/portage.conf index 0d11d7891..22f0fa3a5 100644 --- a/cnf/sets/portage.conf +++ b/cnf/sets/portage.conf @@ -103,3 +103,9 @@ class = portage.sets.dbapi.UnavailableBinaries # to the matching portdb entry. [changed-deps] class = portage.sets.dbapi.ChangedDepsSet + +# Installed packages that inherit from known go related eclasses. +[golang-rebuild] +class = portage.sets.dbapi.VariableSet +variable = INHERITED +includes = golang-base golang-build golang-vcs golang-vcs-snapshot go-module
