Mailing List Archive

29.07.2020 20:11, Philip Webb ?????:
> I've removed every other pkg which might require Python-2.7,
> but am stuck with this :
>
> root:605 ~> emerge -cpv python:2.7
>
> Calculating dependencies... done!
> dev-lang/python-2.7.18-r1 pulled in by:
> dev-lang/spidermonkey-60.5.2_p0-r4 requires >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads]
> www-client/firefox-68.10.0 requires dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)]
>
> Yes, I've looked in package.use & in the ebuilds
> & can't find any source of these requirements : can anyone help ?
>
It's in one of eclasses inherited by those ebuilds.

For firefox, it's in mozcoreconf-v6.eclass.

[2020-07-29 13:11] Philip Webb <purslow@ca.inter.net>
Hi,
> I've removed every other pkg which might require Python-2.7,
> but am stuck with this :
>
> root:605 ~> emerge -cpv python:2.7
>
> Calculating dependencies... done!
> dev-lang/python-2.7.18-r1 pulled in by:
> dev-lang/spidermonkey-60.5.2_p0-r4 requires >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads]
> www-client/firefox-68.10.0 requires dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)]
>
> Yes, I've looked in package.use & in the ebuilds
> & can't find any source of these requirements : can anyone help ?
The dependencies on python2.7 are being added by the mozcoreconf
eclasses. The firefox requirement is in eclass/mozcoreconf-v6.eclass,
spidermonkey has essentially the same thing but in -v5.eclass

--
Simon Thelen

200729 i.Dark_Templar wrote:
> 29.07.2020 20:11, Philip Webb ?????:
>> I've removed every other pkg which might require Python-2.7,
>> but am stuck with this :
>>
>> root:605 ~> emerge -cpv python:2.7
>> Calculating dependencies... done!
>> dev-lang/python-2.7.18-r1 pulled in by:
>> dev-lang/spidermonkey-60.5.2_p0-r4 requires >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads]
>> www-client/firefox-68.10.0 requires dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)]
>>
> For firefox, it's in mozcoreconf-v6.eclass.

Indeed, it is. Is there anything I can do re it today ?
If not, are steps being taken by the devs to remove these requirements ?
What might happen, if I simply remove Python-2.7 with -C ?

Thanks for both responses.

--
========================,,============================================
SUPPORT ___________//___, Philip Webb
ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto
TRANSIT `-O----------O---' purslowatcadotinterdotnet

On 7/29/20 1:21 PM, Simon Thelen wrote:
> [2020-07-29 13:11] Philip Webb <purslow@ca.inter.net>
> Hi,
>> I've removed every other pkg which might require Python-2.7,
>> but am stuck with this :
>>
>> root:605 ~> emerge -cpv python:2.7
>>
>> Calculating dependencies... done!
>> dev-lang/python-2.7.18-r1 pulled in by:
>> dev-lang/spidermonkey-60.5.2_p0-r4 requires >=dev-lang/python-2.7.5-r2:2.7[ncurses,sqlite,ssl,threads]
>> www-client/firefox-68.10.0 requires dev-lang/python:2.7[ncurses,sqlite,ssl,threads(+)]
>>
>> Yes, I've looked in package.use & in the ebuilds
>> & can't find any source of these requirements : can anyone help ?
> The dependencies on python2.7 are being added by the mozcoreconf
> eclasses. The firefox requirement is in eclass/mozcoreconf-v6.eclass,
> spidermonkey has essentially the same thing but in -v5.eclass
>

I'm down to (9) or so. Periodically, I use this command to see where I am::


eix --installed-with-use python_targets_python2_7

and in the top of my package.use I have::

*/* PYTHON_TARGETS: python3_6 python3_7 python3_8 python3_9

*/* PYTHON_SINGLE_TARGET: -* python3_7
*/* PYTHON_TARGETS: -python2_7


There are many variants on these approaches, depending on how
aggressively you want to get rid of python 2_7.

Me, palemoon is my fav browser and it seems to be long term stuck on
python 2.7...... Any suggests on a more secure, feature rich browser
other than palemoon would be interesting to me to at least test.

But, this is a system, with thousands of packages from gentoo
(gentrified) proper, and dozens of other hacks.
and dozens of my own (rev-5) ebuilds I'm too lazy/stupid to update to
(rev-7). If I were only smarter and motivated......


As I age, I'm getting lazier; and that includes all things gentoo....

hth,
James

On Wed, Jul 29, 2020 at 08:01:33PM -0400, james wrote

> Me, palemoon is my fav browser and it seems to be long term stuck on
> python 2.7...... Any suggests on a more secure, feature rich browser
> other than palemoon would be interesting to me to at least test.

Pale Moon is a Firefox fork and has inherited this dependancy from it.
I used to build Pale Moon manually on an older 32-bit CentOS chroot.
That CentOS version only went up to python 2.4, which did not work. I
had to download a python 2.7 tarball and build it in the home dir (yes,
it works). The Pale Moon build toolchain found it and it built OK. The
steps are...

#
# Name it whatever you want
mkdir pysource
cd pysource
wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz
tar xf Py*
cd Python-2.7.18
#
# Name it whatever you want
./configure --prefix=$HOME/py27
make
#
# "su" or "sudo" is not required in the next step. You have write
# permission to your home directory.
make install



The "make" command may take while to build, depending on RAM and CPU
in your machine. Afterwards you probably have to include...

<dev-lang/python-3.0

...in package.mask and also...

=dev-lang/python-2.7.18

...in package.provided. Since the install in $HOME is not done by
Portage, it'll be left alone. You may still run into problems if an
ebuild looks for python files via hard-coded paths in /usr.

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

On 7/31/20 9:50 AM, Walter Dnes wrote:
> On Wed, Jul 29, 2020 at 08:01:33PM -0400, james wrote
>
>> Me, palemoon is my fav browser and it seems to be long term stuck on
>> python 2.7...... Any suggests on a more secure, feature rich browser
>> other than palemoon would be interesting to me to at least test.
>
> Pale Moon is a Firefox fork and has inherited this dependancy from it.
> I used to build Pale Moon manually on an older 32-bit CentOS chroot.
> That CentOS version only went up to python 2.4, which did not work. I
> had to download a python 2.7 tarball and build it in the home dir (yes,
> it works). The Pale Moon build toolchain found it and it built OK. The
> steps are...
>
> #
> # Name it whatever you want
> mkdir pysource
> cd pysource
> wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz
> tar xf Py*
> cd Python-2.7.18
> #
> # Name it whatever you want
> ./configure --prefix=$HOME/py27
> make
> #
> # "su" or "sudo" is not required in the next step. You have write
> # permission to your home directory.
> make install
>
>

Interesting.

>
> The "make" command may take while to build, depending on RAM and CPU
> in your machine. Afterwards you probably have to include...
>
> <dev-lang/python-3.0
>
> ...in package.mask and also...
>
> =dev-lang/python-2.7.18
>
> ...in package.provided. Since the install in $HOME is not done by
> Portage, it'll be left alone. You may still run into problems if an
> ebuild looks for python files via hard-coded paths in /usr.

Explicitly, this will result in palemoon.28.11.0 being build, only
dependant on Python 3 ?


I just added a repo via layman:

/var/lib/layman/palemoon/www-client/palemoon


www-client/palemoon
Available versions: {M}(~)27.9.4[1] {M}**27.9999-r2[1]
(~)28.2.2*l^m[1] (~)28.3.0*l^m[1] 28.9.0.1*l[2] 28.9.0.2*l[2]
28.9.1*l[2] 28.9.2*l[2] 28.9.3*l[2] 28.10.0*l[2] 28.11.0

via [2] "palemoon" /var/lib/layman/palemoon


and it builds, robustly and without errors, but is still dependent on
python 2.7.


so your details do result in palemoon 28.11.0 without python 2.7
attendances?

On 7/31/20 9:40 AM, Walter Dnes wrote:
> On Wed, Jul 29, 2020 at 08:01:33PM -0400, james wrote
>
>> Me, palemoon is my fav browser and it seems to be long term stuck on
>> python 2.7...... Any suggests on a more secure, feature rich browser
>> other than palemoon would be interesting to me to at least test.
>
> Pale Moon is a Firefox fork and has inherited this dependancy from it.
> I used to build Pale Moon manually on an older 32-bit CentOS chroot.
> That CentOS version only went up to python 2.4, which did not work. I
> had to download a python 2.7 tarball and build it in the home dir (yes,
> it works). The Pale Moon build toolchain found it and it built OK. The
> steps are...
>
> #
> # Name it whatever you want
> mkdir pysource
> cd pysource
> wget https://www.python.org/ftp/python/2.7.18/Python-2.7.18.tar.xz
> tar xf Py*
> cd Python-2.7.18
> #
> # Name it whatever you want
> ./configure --prefix=$HOME/py27
> make
> #
> # "su" or "sudo" is not required in the next step. You have write
> # permission to your home directory.
> make install
>
>
>
> The "make" command may take while to build, depending on RAM and CPU
> in your machine. Afterwards you probably have to include...
>
> <dev-lang/python-3.0
>
> ..in package.mask and also...
>
> =dev-lang/python-2.7.18
>
> ..in package.provided. Since the install in $HOME is not done by
> Portage, it'll be left alone. You may still run into problems if an
> ebuild looks for python files via hard-coded paths in /usr.
>

I just use this:
/var/lib/layman/palemoon/www-client/palemoon

and www-client/palemoon 28.11.0 installs without issue.

Your method makes palemoon.28.11.0
install without any dependence on python.2_7 ?

The package build/install for palemoon will not be part of
portage.....? (if I'm understanding what you have written).

James

On Fri, Jul 31, 2020 at 06:09:53PM -0400, james wrote

> and it builds, robustly and without errors, but is still dependent on
> python 2.7.
>
>
> so your details do result in palemoon 28.11.0 without python 2.7
> attendances?

Python 2.7 is still a build-time dependency. But rather than being
provided by Portage, it's provided by the manually installed version.
The manually installed version won't be touched by Portage.

I have another idea. We already have firefox-bin and libreoffice-bin
ebuilds where the compiled tarball is pulled down from upstream, and
untarred. Would this work on Pale Moon? I guess it comes down to
whether or not python 2.7 is a run-time dependancy as well as a build
time dependency. I'll ask on the Pale Moon forum.

If you want to go 100% manual you can actually pull down the tarball
from http://linux.palemoon.org/download/mainline/ and extract it. Nice
part is that you can pull down the tarball to say $HOME/pm/ and extract
it, without root permissions. Point your program launcher to
$HOME/pm/palemoon/palemoon (correct) and away you go. You can get fancy
with multiple profiles. It doesn't splatter libs all over, so
"uninstalling" consists of...

rm -rf $HOME/pm/palemoon

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

On Sat, Aug 01, 2020 at 01:05:30AM -0400, Walter Dnes wrote
>
> I have another idea. We already have firefox-bin and libreoffice-bin
> ebuilds where the compiled tarball is pulled down from upstream, and
> untarred. Would this work on Pale Moon? I guess it comes down to
> whether or not python 2.7 is a run-time dependancy as well as a build
> time dependency. I'll ask on the Pale Moon forum.

I checked, and it looks like python 2.7 is build-time dependency only.
Pale Moon will *RUN* just fine without python. Runtime system
requirements according to http://linux.palemoon.org/download/mainline/

* A modern Linux distribution. The browser may not work well on old or
LTS releases of Linux.
* A modern processor (must have SSE2 support as the absolute minimum).
* 1GB of RAM (2GB or more recommended for heavy use).
* GTK+ v2.24
* GLib 2.22 or higher
* Pango 1.14 or higher
* libstdc++ 4.6.1 or higher

So a "palemoon-bin" ebuild is possible. But is it necessary? If you
pull down and extract the precompiled tarball to your home dir, it can
be set to check for, and do, updates (as long as you have write
permission to the Pale Moon directory). No need for portage to do it.

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

Hello,

On Sat, 01 Aug 2020, Walter Dnes wrote:
[..]
> So a "palemoon-bin" ebuild is possible.

There's already one in the palemoon overlay.

-dnh

--
"If Pacman had affected us as kids we'd be running around in dark rooms,
munching pills and listening to repetitive music." -- Marcus Brigstocke

On 8/1/20 12:10 PM, Walter Dnes wrote:
> On Sat, Aug 01, 2020 at 01:05:30AM -0400, Walter Dnes wrote
>>
>> I have another idea. We already have firefox-bin and libreoffice-bin
>> ebuilds where the compiled tarball is pulled down from upstream, and
>> untarred. Would this work on Pale Moon? I guess it comes down to
>> whether or not python 2.7 is a run-time dependancy as well as a build
>> time dependency. I'll ask on the Pale Moon forum.
>
> I checked, and it looks like python 2.7 is build-time dependency only.
> Pale Moon will *RUN* just fine without python. Runtime system
> requirements according to http://linux.palemoon.org/download/mainline/
>
> * A modern Linux distribution. The browser may not work well on old or
> LTS releases of Linux.
> * A modern processor (must have SSE2 support as the absolute minimum).
> * 1GB of RAM (2GB or more recommended for heavy use).
> * GTK+ v2.24
> * GLib 2.22 or higher
> * Pango 1.14 or higher
> * libstdc++ 4.6.1 or higher
>
> So a "palemoon-bin" ebuild is possible. But is it necessary? If you
> pull down and extract the precompiled tarball to your home dir, it can
> be set to check for, and do, updates (as long as you have write
> permission to the Pale Moon directory). No need for portage to do it.
>


OK, give a few days, as I do like the idea of building palemoon
locally, outside of portage. Since it is a critical, at this time, app
for me, having more than one way to build it or get the binary, is of
keen interest to me. What we do not need to do, is start trying to stay
on top of all the python.2_7 security issues that abound. In fact, since
palemoon is all about a secure browser (for me at least) I'm surprised
they, as a project team, are not accelerating the migration to pure
Python-3.....

Further security ideas with palemoon are of keen interest to me too. A
set of local security testing tools/semantics etc etc would be useful;
pointers to existing security tools are keen appreciated too.

thx Walter.

James

On 8/1/20 7:04 PM, David Haller wrote:
> Hello,
>
> On Sat, 01 Aug 2020, Walter Dnes wrote:
> [..]
>> So a "palemoon-bin" ebuild is possible.
>
> There's already one in the palemoon overlay.
>
> -dnh
>

This is what you are referring to?


www-client/palemoon-bin [2]
Available versions: 28.11.0^ms {startup-notification}
Homepage: https://www.palemoon.org/



[1] "octopus" /var/lib/layman/octopus
[2] "palemoon" /var/lib/layman/palemoon

If other, please post an exact link?


James

Hello,

On Sat, 01 Aug 2020, james wrote:
>On 8/1/20 7:04 PM, David Haller wrote:
>> On Sat, 01 Aug 2020, Walter Dnes wrote:
>> [..]
>> > So a "palemoon-bin" ebuild is possible.
>>
>> There's already one in the palemoon overlay.
>
>This is what you are referring to?
>
>www-client/palemoon-bin [2]
>Available versions: 28.11.0^ms {startup-notification}
> Homepage: https://www.palemoon.org/
>
>[2] "palemoon" /var/lib/layman/palemoon

If your palemoon is the one "in" layman and refers to

sync-uri = https://github.com/deu/palemoon-overlay.git

then yes.

-dnh

--
"Now, what was I doing before I so rudely interrupted myself?"

On Sat, Aug 01, 2020 at 11:08:47PM -0400, james wrote
> On 8/1/20 12:10 PM, Walter Dnes wrote:
> >
> > So a "palemoon-bin" ebuild is possible. But is it necessary? If
> > you pull down and extract the precompiled tarball to your home dir, it
> > can be set to check for, and do, updates (as long as you have write
> > permission to the Pale Moon directory). No need for portage to do it.
>
> Further security ideas with palemoon are of keen interest to me too. A
> set of local security testing tools/semantics etc etc would be useful;
> pointers to existing security tools are keen appreciated too.

The best security advice for the average user is to keep up with the
latest updates. See http://www.palemoon.org/releasenotes.shtml for an
idea of feature updates and security and bug fixes with each release.
To keep up-to-date *ON AN OFFICIAL BINARY* follow the menu tree...

Tools ==> Preferences ==> Advanced ==> Update

...and select the appropriate option. See
http://www.palemoon.org/support/prefs-advanced-update for an explanation.
If you install the official binary manually in your home dir (or
anywhere else you have write permission), Pale Moon can do in-place
updates. If you do it "the official Portage way") the installed files
will end up somewhere in /usr/ and you, as regular user, cannot
authorize the update. Since you're talking about security, I assume
you're not browsing as root.

Another thing to note is that the Pale Moon devs are currently
"de-unifying the source". This means that over time, manual builds will
take longer and longer to compile, especially on older machines with low
ram. Unifying source speeds up compile-time, but... large monolithic
source files make bugs and error messages a lot harder to track down.
Run-time performance is not affected.

tldr; the quickest/dirtiest/securest way to deal with Pale Moon (e.g.
for 64-bit) is...

mkdir $HOME/pm
cd $HOME/pm
#
# Download the official tarball from http://linux.palemoon.org/download/mainline/
#
# Stop Pale Moon and "uninstall" and extract
killall palemoon
rm -rf palemoon
tar xf <tarball_file_name>

...and point your program launcher to

$HOME/pm/palemoon/palemoon ${*}

If you want to get fancy and run multiple profiles simultaneously you
can pass commandline parameters like...

$HOME/pm/palemoon/palemoon -new-instance -p 680_news
$HOME/pm/palemoon/palemoon -new-instance -p covid
$HOME/pm/palemoon/palemoon -new-instance -p dslr
$HOME/pm/palemoon/palemoon -new-instance -p slashdot
$HOME/pm/palemoon/palemoon -new-instance -p youtube

Note that these profiles have to already exist. To launch the profile
manager to enable profile creation...

$HOME/pm/palemoon/palemoon -new-instance -p

Multiple profiles have advantages...

1) You can get multiple specified webpages to open up on startup that
are related to one item. Hint; In "Tools ==> Preferences ==> General"
you can set "Home Page" like so...

http://bad.example.com | ftp://blah.blah.blah.com | https://youtube.com

...etc, etc. Multiple webpages are separated by {SPACE} {PIPE} {SPACE}.
I've got some really long lines on one or two profiles.

2) 3rd-party cookies in one profile cannot be accessed by webpages in
another profile. This reduces the effectiveness of tracking.

3) Add-ons only apply to the profile they're downloaded to. The only
one I use is ANM "Advanced Night Mode"
https://addons.palemoon.org/addon/advanced-night-mode/
Some webpages are run by idiot webmasters who set "low contrast" fonts
to something bordering on...
FONT FOREGROUND #FEFEFE
FONT BACKGROUND #FFFFFF

ANM cures that by forcing white text on black background. This
add-on is specific to Pale Moon. The add-on works only in profile(s)
it's downloaded to, so sane webpages can be left alone. Actually, even
sane webpages sometimes look better with ANM.

--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

On 8/2/20 6:22 AM, Walter Dnes wrote:
> On Sat, Aug 01, 2020 at 11:08:47PM -0400, james wrote
>> On 8/1/20 12:10 PM, Walter Dnes wrote:
>>>
>>> So a "palemoon-bin" ebuild is possible. But is it necessary? If
>>> you pull down and extract the precompiled tarball to your home dir, it
>>> can be set to check for, and do, updates (as long as you have write
>>> permission to the Pale Moon directory). No need for portage to do it.
>>
>> Further security ideas with palemoon are of keen interest to me too. A
>> set of local security testing tools/semantics etc etc would be useful;
>> pointers to existing security tools are keen appreciated too.
>
> The best security advice for the average user is to keep up with the
> latest updates.

yep yep yep.

> See http://www.palemoon.org/releasenotes.shtml for an
> idea of feature updates and security and bug fixes with each release.
> To keep up-to-date *ON AN OFFICIAL BINARY* follow the menu tree...
>
> Tools ==> Preferences ==> Advanced ==> Update


NICE.


>
> ..and select the appropriate option. See
> http://www.palemoon.org/support/prefs-advanced-update for an explanation.
> If you install the official binary manually in your home dir (or
> anywhere else you have write permission), Pale Moon can do in-place
> updates. If you do it "the official Portage way") the installed files
> will end up somewhere in /usr/ and you, as regular user, cannot
> authorize the update. Since you're talking about security, I assume
> you're not browsing as root.

never.


>
> Another thing to note is that the Pale Moon devs are currently
> "de-unifying the source". This means that over time, manual builds will
> take longer and longer to compile, especially on older machines with low
> ram. Unifying source speeds up compile-time, but... large monolithic
> source files make bugs and error messages a lot harder to track down.
> Run-time performance is not affected.

All of my "old amd64" systems have 32 G of ram. I'm evaluating which
cluster technology to use all (3) on compiles. But with the use of the
GPU soon to be practical on Gentoo, maybe that times(3) cluster will not
be needed? Except on big compile days......

>
> tldr; the quickest/dirtiest/securest way to deal with Pale Moon (e.g.
> for 64-bit) is...
>
> mkdir $HOME/pm
> cd $HOME/pm
> #
> # Download the official tarball from http://linux.palemoon.org/download/mainline/
> #
> # Stop Pale Moon and "uninstall" and extract
> killall palemoon
> rm -rf palemoon
> tar xf <tarball_file_name>
>
> ..and point your program launcher to
>
> $HOME/pm/palemoon/palemoon ${*}

very cool.

>
> If you want to get fancy and run multiple profiles simultaneously you
> can pass commandline parameters like...
>
> $HOME/pm/palemoon/palemoon -new-instance -p 680_news
> $HOME/pm/palemoon/palemoon -new-instance -p covid
> $HOME/pm/palemoon/palemoon -new-instance -p dslr
> $HOME/pm/palemoon/palemoon -new-instance -p slashdot
> $HOME/pm/palemoon/palemoon -new-instance -p youtube
>
> Note that these profiles have to already exist. To launch the profile
> manager to enable profile creation...
>
> $HOME/pm/palemoon/palemoon -new-instance -p
>
> Multiple profiles have advantages...
>
> 1) You can get multiple specified webpages to open up on startup that
> are related to one item. Hint; In "Tools ==> Preferences ==> General"
> you can set "Home Page" like so...
>
> http://bad.example.com | ftp://blah.blah.blah.com | https://youtube.com

Nice.

>
> ..etc, etc. Multiple webpages are separated by {SPACE} {PIPE} {SPACE}.
> I've got some really long lines on one or two profiles.
>
> 2) 3rd-party cookies in one profile cannot be accessed by webpages in
> another profile. This reduces the effectiveness of tracking.

Kinda been suspecting this, great to get verification.

>
> 3) Add-ons only apply to the profile they're downloaded to. The only
> one I use is ANM "Advanced Night Mode"
> https://addons.palemoon.org/addon/advanced-night-mode/
> Some webpages are run by idiot webmasters who set "low contrast" fonts
> to something bordering on...
> FONT FOREGROUND #FEFEFE
> FONT BACKGROUND #FFFFFF
>
> ANM cures that by forcing white text on black background. This
> add-on is specific to Pale Moon. The add-on works only in profile(s)
> it's downloaded to, so sane webpages can be left alone. Actually, even
> sane webpages sometimes look better with ANM.
>

Thanks Walter, for all of the palemoon info. I'm putting up a gentoo
test system for such (palemoon) excursions.


James