Walter Dnes posted on Mon, 31 Dec 2012 01:44:25 -0500 as excerpted: > Moving USE flags from local to global status is frequently discussed > here, so this seems to be the right forum to raise the issue... > > [d531][waltdnes][~] grep suid /usr/portage/profiles/use.desc > suid - Enable setuid root program, with potential security risks > > [d531][waltdnes][~] grep :suid /usr/portage/profiles/use.local.desc > [several package hits]
This is now routine. Try it with the "bindist" USE flag (and see the current thread), for instance. Promoting a flag to global does mean it gets a global description in use.desc, but per package descriptions (as now maintained in the per- package metadata.xml files, but there's a tree maintenance script that keeps use.local.desc current based on the metadata files, to keep the tools using it working) continue to be encouraged where they are useful, as they can often provide much more detailed per-package descriptions of what the flag actually does in that specific package, than the global description can. > BTW, I would've appreciated a headsup (news item) on Xorg getting the > "suid" USE flag. I use startx, and I couldn't start X <G>. OTOH, I followed the gentoo recommendation to do a dry run (emerge -- pretend or --ask) and actually LOOK at what's changing in terms of USE flags, etc, look any of the new ones up I'm not sure on (equery uses <pkg> in another terminal works), then if necessary, say "no" to the -- ask and make USE flag changes, etc, before going ahead with the "live" run. As such, I saw the change (which is even colored differently so it's easy to pick out), did a quick equery uses xorg-server in a different window to see what was going on, and decided to go ahead. In my case, I didn't have USE=suid set at all in make.conf, so the xorg-server ebuild's use- default to ON was in effect, and I didn't have a problem. (I was curious, however, as I'd been reading about running X as non-root, and after seeing that the upgrade did work with the same SUID executable it had before, I remerged without SUID to try it out, much faster the second time with ccache and since I wasn't doing other builds at the same time. THEN I ran into the problem you did, but that was the only change I made and it was deliberate, so I knew the problem and could immediately undo it.) Gentoo isn't a hand-holding distro. The changes were there to be seen in the recommended emerge --pretend or --ask, and adjusted if needed before hand, and you chose not to take advantage of that. I guess some people just have to find out the hard way why such recommendations are there. Of course, if you prefer a distro that makes such decisions (and takes responsibility for them accordingly) for you, there's plenty of distros around that offer more of that than gentoo does. If you don't have the time or patience to do the dry-runs and check changes before going thru with them, perhaps one of those would be more appropriate. There's no shame in deciding that gentoo's simply not an appropriate distro for your needs, and choosing one of the others instead. All that said, more documentation and warning wouldn't have hurt, and the news feature was designed for exactly this sort of thing. Except that the package maintainer has to think of it, and I guess they didn't in this case. But it still shouldn't have been a problem as a responsible admin had plenty of warning already, via the USE flag change itself. > Fortunately, > that was on my netbook, and I was able to Google the solution on my > desktop machine... http://en.spontex.org/forum/thread/561/1/ I'm > posting a heads up on the user list. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman
