equo security install

Anything that pertains to Entropy, Equo or Sulfur

Moderator: Moderators

glenmo
Baby Hen
Posts: 10
Joined: Wed Oct 28, 2015 1:14

equo security install

Post by glenmo » Thu Jul 14, 2016 5:07

Whenever I use this command it installs libgcrypt no matter what.

Being a newbie, I may be using this command incorrectly -- I'm using it to install security updates specifically... It also used to install oracle-jre-bin-1.7... every time, until I uninstalled jre 1.7

But it still installs libgcrypt no matter what.

Stupot
Sagely Hen
Posts: 1678
Joined: Wed Feb 14, 2007 3:44
Location: St. Louis, MO, USA

Re: equo security install

Post by Stupot » Thu Jul 14, 2016 15:22

Do you uninstall libgcrypt or is it reinstalling it? Is the version changing?

Can you capture what is put out in console and paste it here? libgcrypt is a cryptographic library, which is used by many applications for security. Any time it has an update, you can be sure that equo security install will include that update.

Not sure about the java stuff, other than it tends to have security issues as the cause of updates.

glenmo
Baby Hen
Posts: 10
Joined: Wed Oct 28, 2015 1:14

Re: equo security install

Post by glenmo » Thu Jul 14, 2016 16:23

it's reinstalling it... i'll post output when i get home.

glenmo
Baby Hen
Posts: 10
Joined: Wed Oct 28, 2015 1:14

Re: equo security install

Post by glenmo » Fri Jul 15, 2016 4:38

Code: Select all

# equo security install
╠  @@ Calculating security updates...
╠  @@ Calculating dependencies...
╠  ## [R] [sabayon-weekly] dev-libs/libgcrypt-1.5.4-r101|0   [1.5.4-r101|0]
╠  @@ Packages needing to be installed/updated/downgraded: 1
╠  @@ Packages needing to be removed: 0
╠  @@ Download size: 0b
╠  @@ Freed disk space: 0.0b
╠  @@ You need at least: 1.2MB of free space
╠  ::: >>>  (1/1) 1 package
╠    ## Downloading: 1 package
╠    ## ( mirror #1 ) [dev-libs:libgcrypt-1.5.4-r101.97c019ece11e90477c01c164d75091552229d895~0.tbz2] @ http://mirror.umd.edu
╠   ## Aggregated download: 1 item
╠    # [1] mirror.umd.edu => dev-libs:libgcrypt-1.5.4-r101.97c019ece11e90477c01c164d75091552229d895~0.tbz2
╠    ## Checking package checksum...
╠    ## ( mirror #1 ) [dev-libs:libgcrypt-1.5.4-r101.97c019ece11e90477c01c164d75091552229d895~0.tbz2] success @ http://mirror.umd.edu
╠  +++ >>>  (1/1) dev-libs/libgcrypt-1.5.4-r101
╠    ## Unpacking: dev-libs:libgcrypt-1.5.4-r101.97c019ece11e90477c01c164d75091552229d895~0.tbz2
╠    ## Installing package: dev-libs/libgcrypt-1.5.4-r101
╠    ## [General purpose crypto library based on the code used in GnuPG]
╠    ## Updating installed packages repository: dev-libs/libgcrypt-1.5.4-r101
╠    ## Cleaning previously installed application data.
>>> Regenerating /etc/ld.so.cache...
>>> Regenerating /etc/ld.so.cache...
╠    ## Cleaning: dev-libs/libgcrypt-1.5.4-r101
╠  @@ Installation complete.

and when I do it again it does the same thing again...

Stupot
Sagely Hen
Posts: 1678
Joined: Wed Feb 14, 2007 3:44
Location: St. Louis, MO, USA

Re: equo security install

Post by Stupot » Fri Jul 15, 2016 18:04

I've got the same thing on my system, but even more packages, it turns out.

Code: Select all

stupot-Desktop stupot # equo security install --verbose                                                                                                                                                                                     
╠  @@ Calculating security updates...
╠  @@ Calculating dependencies...
╠  ## [R] [sabayonlinux.org] dev-libs/libgcrypt-1.5.4-r101|0   [1.5.4-r101|0]
╠  ## [R] [sabayonlinux.org] sys-devel/automake-1.10.3-r1|0   [1.10.3-r1|0]
╠  ## [R] [sabayonlinux.org] dev-libs/openssl-0.9.8z_p8|1   [0.9.8z_p8|1]
╠  @@ Packages needing to be installed/updated/downgraded: 3
╠  @@ Packages needing to be removed: 0
╠  @@ Download size: 0b
╠  @@ Freed disk space: 0.0b
╠  @@ You need at least: 5.6MB of free space
I can install them over and over and over again.

I've never used equo security install before. Seems like a bug somewhere.

User avatar
sabayonino
Sagely Hen
Posts: 3265
Joined: Sun Sep 21, 2008 1:12
Location: Italy
Contact:

Re: equo security install

Post by sabayonino » Fri Jul 15, 2016 19:00

according with

Code: Select all

#  equo sec list  | grep dev-libs/libgcrypt

Code: Select all

╠ [Id:glsa-201606-04:A][<1.6.3-r4] dev-libs/libgcrypt: GnuPG: Multiple vulnerabilities
all versions <1.6.3-r4 are affected but in repo there are two versions about libgcrypt

Code: Select all

# equo s dev-libs/libgcrypt -qv
dev-libs/libgcrypt-1.5.4-r101
dev-libs/libgcrypt-1.6.5

force to install dev-libs/libgcrypt-1.6.5 (maybe you've not already installed, you've dev-libs/libgcrypt-1.5.4 only)

Code: Select all

# equo i dev-libs/libgcrypt-1.6.5

libgcrypt 1.5.4 is affected and "equo sec install will try to update everytime this version. some packages could need about this package as dependency
cheers
[Che Cos'è Il Calcolo Distribuito (BOINC)

BOINC ready ! Sabayon+BOINC = BILD ,my Sabayon spin :cyclops: - Ready to crunch for the Science everywhere :)

glenmo
Baby Hen
Posts: 10
Joined: Wed Oct 28, 2015 1:14

Re: equo security install

Post by glenmo » Sat Jul 16, 2016 6:19

so are you saying that it's not a big deal?

Code: Select all

#equo sec list | grep dev-libs/libgcrypt
╠ [Id:glsa-201402-24:N][<1.5.3] dev-libs/libgcrypt: GnuPG, Libgcrypt: Multiple vulnerabilities
╠ [Id:glsa-201408-10:N][<1.5.4] dev-libs/libgcrypt: Libgcrypt: Side-channel attack
╠ [Id:glsa-201606-04:A][<1.6.3-r4] dev-libs/libgcrypt: GnuPG: Multiple vulnerabilities
Anyway, I've done equo i dev-libs/libgcrypt-1.6.5 and it did install 1.6.5, but security install still does the same...

system works fine, just this odd thing...

User avatar
sabayonino
Sagely Hen
Posts: 3265
Joined: Sun Sep 21, 2008 1:12
Location: Italy
Contact:

Re: equo security install

Post by sabayonino » Sat Jul 16, 2016 11:49

as I wrote , if you still have dev-libs/libgcrypt-1.5.4-r101 , security install still update this.

i think you can ignore this.
[Che Cos'è Il Calcolo Distribuito (BOINC)

BOINC ready ! Sabayon+BOINC = BILD ,my Sabayon spin :cyclops: - Ready to crunch for the Science everywhere :)

svantoviit
Old Dear Hen
Posts: 730
Joined: Sun Feb 28, 2010 17:55
Contact:

Re: equo security install

Post by svantoviit » Sun Jul 17, 2016 20:29

sabayonino wrote:i think you can ignore this.
You have actually no other choice since systemd (and some other system packages) depends on it.

Maybe you file a bug? ;)

kenedy
Baby Hen
Posts: 1
Joined: Wed Aug 31, 2016 8:23

Re: equo security install

Post by kenedy » Sun Sep 04, 2016 8:04

The only thing that I know is that it's reinstalling it....
Graduated from Soran University with First Class Degree with Honours in Computer Science.

Post Reply