From 075c1951e1ac84e99a2219ff14be4a366d274f36 Mon Sep 17 00:00:00 2001
From: Georgy Yakovlev <gyakovlev@gentoo.org>
Date: Fri, 16 Oct 2020 12:43:54 -0700
Subject: cnf/sets/portage.conf: add new sets for go rebuilding go packages

go-built binaries may contain security
vulnerabilities if a binary built with vulnerable compiler.
go is known to embed vulnerable code to all binaries it builds, if
vulnerability was present in the compiler or one of standard libraries.

This commit adds `golang-rebuild` set, which allows easy
rebuild of most go-compiled system packages.

simple 'emerge @golang-rebuild' should rebuild everything affected.
a prompt to run this command can be added to postinst message in
dev-lang/go ebuild.

Closes: https://github.com/gentoo/portage/pull/630
Bug: https://bugs.gentoo.org/752153
Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
Signed-off-by: Zac Medico <zmedico@gentoo.org>
---
 cnf/sets/portage.conf | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'cnf')

diff --git a/cnf/sets/portage.conf b/cnf/sets/portage.conf
index 0d11d7891..22f0fa3a5 100644
--- a/cnf/sets/portage.conf
+++ b/cnf/sets/portage.conf
@@ -103,3 +103,9 @@ class = portage.sets.dbapi.UnavailableBinaries
 # to the matching portdb entry.
 [changed-deps]
 class = portage.sets.dbapi.ChangedDepsSet
+
+# Installed packages that inherit from known go related eclasses.
+[golang-rebuild]
+class = portage.sets.dbapi.VariableSet
+variable = INHERITED
+includes = golang-base golang-build golang-vcs golang-vcs-snapshot go-module
-- 
cgit v1.2.3-65-gdbad