From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1304161-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id D882113933E
	for <garchives@archives.gentoo.org>; Tue, 20 Jul 2021 01:23:49 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 97B67E0ACD;
	Tue, 20 Jul 2021 01:23:48 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 55977E0ACD
	for <gentoo-commits@lists.gentoo.org>; Tue, 20 Jul 2021 01:23:48 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id C0E65342AEC
	for <gentoo-commits@lists.gentoo.org>; Tue, 20 Jul 2021 01:23:46 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 32DC97DB
	for <gentoo-commits@lists.gentoo.org>; Tue, 20 Jul 2021 01:23:45 +0000 (UTC)
From: "Ionen Wolkens" <ionen@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Ionen Wolkens" <ionen@gentoo.org>
Message-ID: <1626743558.7ffe759b4dce326196b4a561f4c2c4127779284d.ionen@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: x11-drivers/nvidia-drivers/
X-VCS-Repository: repo/gentoo
X-VCS-Files: x11-drivers/nvidia-drivers/nvidia-drivers-390.143-r1.ebuild x11-drivers/nvidia-drivers/nvidia-drivers-450.119.03.ebuild x11-drivers/nvidia-drivers/nvidia-drivers-460.84.ebuild x11-drivers/nvidia-drivers/nvidia-drivers-470.42.01.ebuild x11-drivers/nvidia-drivers/nvidia-drivers-470.57.02.ebuild
X-VCS-Directories: x11-drivers/nvidia-drivers/
X-VCS-Committer: ionen
X-VCS-Committer-Name: Ionen Wolkens
X-VCS-Revision: 7ffe759b4dce326196b4a561f4c2c4127779284d
X-VCS-Branch: master
Date: Tue, 20 Jul 2021 01:23:45 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 3250a740-7d3d-414d-ba4b-6b65f9807ef4
X-Archives-Hash: bc0b9c192cbc98fe314c4cb5eca34740

commit:     7ffe759b4dce326196b4a561f4c2c4127779284d
Author:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 19 17:55:02 2021 +0000
Commit:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Tue Jul 20 01:12:38 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ffe759b

x11-drivers/nvidia-drivers: inform about Coolbits changes

As part of a security fix by NVIDIA (unknown if intentional or a bug,
NVIDIA has not responded), it became impossible to use Coolbits if
Xorg doesn't have root privileges.

Fortunately, most users do not need this and complains in ~arch have
been minimal. But for the few users for which fan control / reclocking
or similar is essential, provide a postinst message only if use of
Coolbits is detected (do not wish to spread this unnecessarily so
users do not set USE=suid on xorg-server when they don't need it and,
even though it been 3 months, it may still be a temporary requirement).

Message is primarily aimed at stable users given ~arch had to deal
with this for a while already.

Bug: https://bugs.gentoo.org/784248
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>

 .../nvidia-drivers/nvidia-drivers-390.143-r1.ebuild      | 16 ++++++++++++++++
 .../nvidia-drivers/nvidia-drivers-450.119.03.ebuild      | 16 ++++++++++++++++
 x11-drivers/nvidia-drivers/nvidia-drivers-460.84.ebuild  | 16 ++++++++++++++++
 .../nvidia-drivers/nvidia-drivers-470.42.01.ebuild       | 16 ++++++++++++++++
 .../nvidia-drivers/nvidia-drivers-470.57.02.ebuild       | 16 ++++++++++++++++
 5 files changed, 80 insertions(+)

diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-390.143-r1.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-390.143-r1.ebuild
index 8cb722145a5..233548975b0 100644
--- a/x11-drivers/nvidia-drivers/nvidia-drivers-390.143-r1.ebuild
+++ b/x11-drivers/nvidia-drivers/nvidia-drivers-390.143-r1.ebuild
@@ -385,4 +385,20 @@ pkg_postinst() {
 		elog "Support for EGLStream (egl-wayland) is no longer offered with legacy"
 		elog "nvidia-drivers. It is recommended to use nouveau drivers for wayland."
 	fi
+
+	# Try to show this message only to users that may really need it
+	# given the workaround is discouraged and usage isn't widespread.
+	if use X && [[ ${REPLACING_VERSIONS} ]] &&
+		ver_test ${REPLACING_VERSIONS} -lt 390.143 &&
+		grep -qr Coolbits "${EROOT}"/etc/X11/{xorg.conf,xorg.conf.d/*.conf} 2>/dev/null; then
+		elog
+		elog "Coolbits support with ${PN} has been restricted to require Xorg"
+		elog "with root privilege by NVIDIA (being in video group is not sufficient)."
+		elog "e.g. attempting to change fan speed with nvidia-settings would fail."
+		elog
+		elog "Depending on your display manager (e.g. sddm starts X as root, gdm doesn't)"
+		elog "or if using startx, it may be necessary to emerge x11-base/xorg-server with"
+		elog 'USE="suid -elogind -systemd" if wish to keep using this feature.'
+		elog "Bug: https://bugs.gentoo.org/784248"
+	fi
 }

diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-450.119.03.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-450.119.03.ebuild
index 0f37a333d29..71680c78965 100644
--- a/x11-drivers/nvidia-drivers/nvidia-drivers-450.119.03.ebuild
+++ b/x11-drivers/nvidia-drivers/nvidia-drivers-450.119.03.ebuild
@@ -406,4 +406,20 @@ pkg_postinst() {
 		ewarn "...then downgrade to a legacy branch if possible. For details, see:"
 		ewarn "https://www.nvidia.com/object/IO_32667.html"
 	fi
+
+	# Try to show this message only to users that may really need it
+	# given the workaround is discouraged and usage isn't widespread.
+	if use X && [[ ${REPLACING_VERSIONS} ]] &&
+		ver_test ${REPLACING_VERSIONS} -lt 450.119.03 &&
+		grep -qr Coolbits "${EROOT}"/etc/X11/{xorg.conf,xorg.conf.d/*.conf} 2>/dev/null; then
+		elog
+		elog "Coolbits support with ${PN} has been restricted to require Xorg"
+		elog "with root privilege by NVIDIA (being in video group is not sufficient)."
+		elog "e.g. attempting to change fan speed with nvidia-settings would fail."
+		elog
+		elog "Depending on your display manager (e.g. sddm starts X as root, gdm doesn't)"
+		elog "or if using startx, it may be necessary to emerge x11-base/xorg-server with"
+		elog 'USE="suid -elogind -systemd" if wish to keep using this feature.'
+		elog "Bug: https://bugs.gentoo.org/784248"
+	fi
 }

diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-460.84.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-460.84.ebuild
index f87b9c48062..afd78ca6538 100644
--- a/x11-drivers/nvidia-drivers/nvidia-drivers-460.84.ebuild
+++ b/x11-drivers/nvidia-drivers/nvidia-drivers-460.84.ebuild
@@ -399,4 +399,20 @@ pkg_postinst() {
 		ewarn "...then downgrade to a legacy branch if possible. For details, see:"
 		ewarn "https://www.nvidia.com/object/IO_32667.html"
 	fi
+
+	# Try to show this message only to users that may really need it
+	# given the workaround is discouraged and usage isn't widespread.
+	if use X && [[ ${REPLACING_VERSIONS} ]] &&
+		ver_test ${REPLACING_VERSIONS} -lt 460.73.01 &&
+		grep -qr Coolbits "${EROOT}"/etc/X11/{xorg.conf,xorg.conf.d/*.conf} 2>/dev/null; then
+		elog
+		elog "Coolbits support with ${PN} has been restricted to require Xorg"
+		elog "with root privilege by NVIDIA (being in video group is not sufficient)."
+		elog "e.g. attempting to change fan speed with nvidia-settings would fail."
+		elog
+		elog "Depending on your display manager (e.g. sddm starts X as root, gdm doesn't)"
+		elog "or if using startx, it may be necessary to emerge x11-base/xorg-server with"
+		elog 'USE="suid -elogind -systemd" if wish to keep using this feature.'
+		elog "Bug: https://bugs.gentoo.org/784248"
+	fi
 }

diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-470.42.01.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-470.42.01.ebuild
index d68e85fb35b..e93f07b1e50 100644
--- a/x11-drivers/nvidia-drivers/nvidia-drivers-470.42.01.ebuild
+++ b/x11-drivers/nvidia-drivers/nvidia-drivers-470.42.01.ebuild
@@ -424,4 +424,20 @@ pkg_postinst() {
 		ewarn "...then downgrade to a legacy branch if possible. For details, see:"
 		ewarn "https://www.nvidia.com/object/IO_32667.html"
 	fi
+
+	# Try to show this message only to users that may really need it
+	# given the workaround is discouraged and usage isn't widespread.
+	if use X && [[ ${REPLACING_VERSIONS} ]] &&
+		ver_test ${REPLACING_VERSIONS} -lt 460.73.01 &&
+		grep -qr Coolbits "${EROOT}"/etc/X11/{xorg.conf,xorg.conf.d/*.conf} 2>/dev/null; then
+		elog
+		elog "Coolbits support with ${PN} has been restricted to require Xorg"
+		elog "with root privilege by NVIDIA (being in video group is not sufficient)."
+		elog "e.g. attempting to change fan speed with nvidia-settings would fail."
+		elog
+		elog "Depending on your display manager (e.g. sddm starts X as root, gdm doesn't)"
+		elog "or if using startx, it may be necessary to emerge x11-base/xorg-server with"
+		elog 'USE="suid -elogind -systemd" if wish to keep using this feature.'
+		elog "Bug: https://bugs.gentoo.org/784248"
+	fi
 }

diff --git a/x11-drivers/nvidia-drivers/nvidia-drivers-470.57.02.ebuild b/x11-drivers/nvidia-drivers/nvidia-drivers-470.57.02.ebuild
index d68e85fb35b..e93f07b1e50 100644
--- a/x11-drivers/nvidia-drivers/nvidia-drivers-470.57.02.ebuild
+++ b/x11-drivers/nvidia-drivers/nvidia-drivers-470.57.02.ebuild
@@ -424,4 +424,20 @@ pkg_postinst() {
 		ewarn "...then downgrade to a legacy branch if possible. For details, see:"
 		ewarn "https://www.nvidia.com/object/IO_32667.html"
 	fi
+
+	# Try to show this message only to users that may really need it
+	# given the workaround is discouraged and usage isn't widespread.
+	if use X && [[ ${REPLACING_VERSIONS} ]] &&
+		ver_test ${REPLACING_VERSIONS} -lt 460.73.01 &&
+		grep -qr Coolbits "${EROOT}"/etc/X11/{xorg.conf,xorg.conf.d/*.conf} 2>/dev/null; then
+		elog
+		elog "Coolbits support with ${PN} has been restricted to require Xorg"
+		elog "with root privilege by NVIDIA (being in video group is not sufficient)."
+		elog "e.g. attempting to change fan speed with nvidia-settings would fail."
+		elog
+		elog "Depending on your display manager (e.g. sddm starts X as root, gdm doesn't)"
+		elog "or if using startx, it may be necessary to emerge x11-base/xorg-server with"
+		elog 'USE="suid -elogind -systemd" if wish to keep using this feature.'
+		elog "Bug: https://bugs.gentoo.org/784248"
+	fi
 }