change default BUILDDIR to /build

Closes: 789404

3 files changed, 16 insertions, 2 deletions

diff --git a/debian/NEWS b/debian/NEWS
index 80d36e9..9f136cf 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,17 @@
+pbuilder (0.216) unstable; urgency=medium
+
+  The default build directory has been moved from /tmp/buildd to /build.
+  This both prevents tempering with /tmp (which is normally world-writable, and
+  as such a user could create the directory before pbuilder and thus owning it,
+  and then it could temper with the build process).  See #789404 for more info.
+  Also this align pbuilder's behaviour to sbuild's making produced builds more
+  similar (and thus helping the reproducible builds effort).
+
+  Please update your hook scripts to use the new directory or change it back
+  (discouraged) by setting the BUILDDIR configure option.
+
+ -- Mattia Rizzolo <mattia@mapreri.org>  Sat, 08 Aug 2015 16:34:14 +0000
+
 pbuilder (0.207) unstable; urgency=low
 
   The default configuration will now only install trusted packages.  This
diff --git a/pbuilderrc b/pbuilderrc
index 2509aaa..08eeefc 100644
--- a/pbuilderrc
+++ b/pbuilderrc
@@ -6,7 +6,7 @@ BASETGZ=/var/cache/pbuilder/base.tgz
 #export DEBIAN_BUILDARCH=athlon
 BUILDPLACE=/var/cache/pbuilder/build
 # directory inside the chroot where the build happens. See #789404
-BUILDDIR=/tmp/buildd
+BUILDDIR=/build
 MIRRORSITE=http://cdn.debian.net/debian
 #OTHERMIRROR="deb http://www.home.com/updates/ ./"
 #export http_proxy=http://your-proxy:8080/
diff --git a/pbuilderrc.5 b/pbuilderrc.5
index aec45a8..d0603ee 100644
--- a/pbuilderrc.5
+++ b/pbuilderrc.5
@@ -65,7 +65,7 @@ An Example:
 BINDMOUNTS="/home /mnt/test"
 .EE
 .TP
-.BI "BUILDDIR=" "/tmp/buildd"
+.BI "BUILDDIR=" "/build"
 The directory inside the chroot where the build happens. This will also be the
 .B HOME
 of the build user.