From bba797acde02da03731e483e3171769a2546c874 Mon Sep 17 00:00:00 2001
From: Richard Top <richard.topouchian@uib.no>
Date: Thu, 22 Feb 2024 14:10:12 +0000
Subject: [PATCH] Update compat layer NESSI/2023.06

---
 .../update-pkgs-NESSI-2023.06-2024-02-22.sh   | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 scripts/update-pkgs-NESSI-2023.06-2024-02-22.sh

diff --git a/scripts/update-pkgs-NESSI-2023.06-2024-02-22.sh b/scripts/update-pkgs-NESSI-2023.06-2024-02-22.sh
new file mode 100644
index 00000000..2d5ec342
--- /dev/null
+++ b/scripts/update-pkgs-NESSI-2023.06-2024-02-22.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+set -e
+
+mytmpdir=$(mktemp -d --tmpdir=/tmp)
+
+if [ -z "$EPREFIX" ]; then
+    # this assumes we're running in a Gentoo Prefix environment
+    EPREFIX=$(dirname $(dirname $SHELL))
+fi
+echo "EPREFIX=${EPREFIX}"
+
+# collect list of installed packages before updating packages
+list_installed_pkgs_pre_update=${mytmpdir}/installed-pkgs-pre-update.txt
+echo "Collecting list of installed packages to ${list_installed_pkgs_pre_update}..."
+qlist -IRv | sort | tee ${list_installed_pkgs_pre_update}
+
+# update checkout of gentoo repository to an even more recent commit,
+# which contains the required versions of openssl and glibc
+# https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac78a6d2a0ec2546a59ed98e00499ddd8343b13d (2024-01-31)
+gentoo_commit='ac78a6d2a0ec2546a59ed98e00499ddd8343b13d'
+echo "Updating $EPREFIX/var/db/repos/gentoo to recent commit (${gentoo_commit})..."
+cd $EPREFIX/var/db/repos/gentoo
+time git fetch origin
+echo "Checking out ${gentoo_commit} in ${PWD}..."
+time git checkout ${gentoo_commit}
+cd -
+
+# unmask dev-libs/openssl-1.1.1w, so we can update to it
+# (masked by $EPREFIX/var/db/repos/gentoo/profiles/package.mask, because OpenSSL 1.1.x is EOL)
+echo '# unmask dev-libs/openssl-1.1.1w (openssl 1.1.x is masked via $EPREFIX/var/db/repos/gentoo/profiles/package.mask)' >> ${EPREFIX}/etc/portage/package.unmask
+echo '=dev-libs/openssl-1.1.1w' >> ${EPREFIX}/etc/portage/package.unmask
+# update openssl due to https://nvd.nist.gov/vuln/detail/CVE-2023-4807
+emerge --update --oneshot --verbose '=dev-libs/openssl-1.1.1w'  # was dev-libs/openssl-1.1.1u
+
+# update glibc due to https://security.gentoo.org/glsa/202402-01
+emerge --update --oneshot --verbose '=sys-libs/glibc-2.37-r10'  # was sys-libs/glibc-2.37-r7
+
+# collect list of installed packages after updating packages
+list_installed_pkgs_post_update=${mytmpdir}/installed-pkgs-post-update.txt
+echo "Collecting list of installed packages to ${list_installed_pkgs_post_update}..."
+qlist -IRv | sort | tee ${list_installed_pkgs_post_update}
+
+echo
+echo "diff in installed packages:"
+diff -u ${list_installed_pkgs_pre_update} ${list_installed_pkgs_post_update}
+
+rm -rf ${mytmpdir}