| Commit message (Expand) | Author | Age |
|---|
| * | pbuilder: add an (undocumented) --help operation. Exit 0 if the help was req... | Mattia Rizzolo | 2015-11-15 |
| * | add binNMU support•••Closes: #683848
| Luca Falavigna | 2015-11-15 |
| * | checkparams: override "experimental" DISTRIBUTION only for the create and upd... | Mattia Rizzolo | 2015-11-15 |
| * | whitespaces normalizing•••Gbp-Dch: Ignore
| Mattia Rizzolo | 2015-11-15 |
| * | make the output level configurable through LOGLEVEL (--loglevel)•••valid values are D/I/W/E
Closes: #490184
| Mattia Rizzolo | 2015-11-15 |
| * | use log.e() instead of log() | Mattia Rizzolo | 2015-11-15 |
| * | use log.w() instead of log() | Mattia Rizzolo | 2015-11-15 |
| * | use log.i() instead of log() | Mattia Rizzolo | 2015-11-15 |
| * | Add debdelta support, enable optionally via pbuilderrc or the command line.•••Closes: #602711
Signed-off-by: Ritesh Raj Sarraf <rrs@debian.org>
| Ritesh Raj Sarraf | 2015-10-04 |
| * | Deprecate the PKGNAME_LOGFILE_EXTENTION conf entry in favour of PKGNAME_LOGFI...•••Closes: #693458
| Mattia Rizzolo | 2015-06-23 |
| * | Bug#579028: pbuilder: installs untrusted packages without asking•••Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
| Simon Ruderich | 2012-03-09 |
| * | Bug#569917: Support base.tar.xz/bz2 as well as tgz•••Package: pbuilder
Version: 0.203
Followup-For: Bug #569917
I cooked a little patch that adds a --compressprog command line option and
COMPRESSPROG option in pbuilderrc.
Tested with pigz, to get multithreaded, and therefore much faster
compression/decompression, and xz.
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-00002-g5eeb7f9 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.0.4
ii debootstrap 1.0.38
ii wget 1.13.4-1
Versions of packages pbuilder recommends:
ii devscripts 2.11.2
ii fakeroot 1.18.1-1
ii sudo 1.8.3p1-2
Versions of packages pbuilder suggests:
pn cowdancer 0.65
pn gdebi-core <none>
pn pbuilder-uml <none>
-- debconf information:
pbuilder/mirrorsite: http://ftp.de.debian.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
| Tino Keitel | 2011-11-29 |
| * | Add builtin ccache support, enabled by default•••Add builtin support for using ccache in pbuilder and enable it by
default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and
chown it to BUILDUSERID at build time. Install/remove ccache
automatically on create/update if CCACHEDIR is set/unset. Update docs
and remove old ccache config example. Add a NEWS entry featuring the
change.
| Loïc Minier | 2010-01-02 |
| * | Use $PBUILDER_ROOT instead of ${PBUILDER_ROOT} | Loïc Minier | 2010-01-02 |
| * | pbuilder: Add --architecture and ARCHITECTURE flag•••pbuilder: add support for setting the architecture on the command-line
and in pbuilderrc.
| Loïc Minier | 2009-12-30 |
| * | Honor PBUILDER_ROOT and PBUILDER_*DIR vars•••Use GNU-style vars for system directories, allow to set them from the
env, and let them be prefixed with a PBUILDER_ROOT directory to allow
relocation.
| Loïc Minier | 2009-12-27 |
| * | Avoid appending extra spaces in DEBBUILDOPTS | Loïc Minier | 2009-12-14 |
| * | Factor "exec >" + "exec 2>&1" together | Loïc Minier | 2009-12-13 |
| * | Use debootstrap by default instead of cdebootstrap | Loïc Minier | 2009-12-13 |
| * | Make --debbuildopts additive•••Change --debbuildopts to be additive and reset the list of options to
the empty list if --debbuildopts "" is passed. Update docs and add NEWS
entry.
| Loïc Minier | 2009-12-12 |
| * | Add support for building packages twice; #493538•••Add support for building packages twice; based on a patch by
Nicolas Valcárcel; closes: #493538
| Loïc Minier | 2009-12-11 |
| * | allow --autocleanaptcache to be specified in pbuilderrc. | Matt Kraai | 2009-11-13 |
| * | implement --inputfile option.•••Copies extra files to inside chroot.
| Junichi Uekawa | 2009-03-07 |
| * | refactor to use 'log' function rather than using 'echo' directly.•••First cut into doing this, hopefully we're not breaking anything.
| Junichi Uekawa | 2009-02-26 |
| * | Bug#493154: warn if --othermirror is specified and --override-config is not s...•••People don't read the manpage thoroughly, and file bugs. Add a Warning.
| Junichi Uekawa | 2009-02-24 |
| * | typo, double-semicolon, please | Junichi Uekawa | 2008-03-31 |
| * | --create with --basetgz will not fail file does not exist (closes: #451835)•••--basetgz expects an existing file except for when 'create'-ing.
'create' was special-cased, but '--create' wasn't. Special-case both.
| Junichi Uekawa | 2008-03-30 |
| * | [Pbuilder-maint] Bug#422371: Patch for specifying components••• Here is a patch against latest git revision which adds the ability to specify
the components either via $COMPONENTS in pbuilderrc or via the command line with
--components.
It is based on some of the Ubuntu changes [1].
[1] http://patches.ubuntu.com/p/pbuilder/pbuilder_0.170ubuntu1.patch
| Adrien Cunin | 2007-10-22 |
| * | use tee instead of not outputting anything for logging mode. | Junichi Uekawa | 2007-05-17 |
| * | copyright year 2007, and changelog about it, and changelog warning/error to >&2 | Junichi Uekawa | 2007-03-27 |
| * | user-mode-linux support | dancer | 2006-09-16 |
| * | support --login, --execute, etc. | dancer | 2006-09-01 |
| * | bind-mount ordering fix. | dancer | 2006-08-20 |
| * | support PKGNAME_LOGFILE option in pbuilderrc. | dancer | 2006-08-15 |
| * | thinko fix. | dancer | 2006-06-10 |
| * | do not error out if buildresult directory does not exist. | dancer | 2006-06-10 |
| * | update copyright info. | dancer | 2006-05-30 |
| * | * fix pdebuild --help output (closes: #367133)••• * pbuilderrc.5: undocument the restriction that --buildresult
option needs to be specified for pdebuild, and BUILDRESULT cannot
be used.
I should probably warn that the directory should be absolute.
* pdebuild.1: fix man a bit to make --buildresult option doc
unambiguous.
| dancer | 2006-05-14 |
| * | remove support for --nonusmirror. | dancer | 2006-02-22 |
| * | use readlink -f instead of -e.•••add q-funk's script.
| dancer | 2005-12-21 |
| * | Use readlink -e instead of readlink -f :••• * pdebuild-user-mode-linux:
* pdebuild-uml-checkparams:
* pdebuild-checkparams:
* pdebuild: readlink -e instead of readlink -f
* pbuilder-uml-checkparams: readlink -e instead of readlink -f
* pbuilder-modules: readlink -e instead of readlink -f
* pbuilder-createbuildenv: quote HOOKDIR and readlink -e instead of readlink -f.
* pbuilder-checkparams:
* pbuilder-buildpackage: use readlink -e here.
* pbuilder-buildpackage-funcs: use readlink -e instead of readlink -f. 342117
thanks to Markus Kolb
| dancer | 2005-12-05 |
| * | 2005-08-28 Junichi Uekawa <dancer@debian.org>••• * pbuilderrc: SHELL variable is set a default value.
| dancer | 2005-08-28 |
| * | +2005-08-07 Junichi Uekawa <dancer@debian.org>•••+
+ * debian/control: allow cdebootstrap dependency.
+
+ * testsuite/run-test.sh: complicate the process by testing both
+ cdebootstrap and debootstrap.
+
+ * pbuilder.8: document --debootstrap
+
+ * pbuilder-checkparams: --debootstrap
+
+ * pbuilder-modules: --debootstrap
+
+ * pbuilder-createbuildenv: unset DEBOOTSTRAPSCRIPT instead of setting
+ "". The number of parameter given to cdebootstrap changes.
+ since DEBOOTSTRAPSCRIPT are not supported by cdebootstrap,
+ Giving cdebootstrap this parameter caused it to fail.
+
+ * pbuilderrc.5: Document DEBOOTSTRAP
+
+ * pbuilderrc (DEBOOTSTRAP): new option.
+
+ * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): call ${DEBOOTSTRAP} instead of calling debootstrap directly.
+
| dancer | 2005-08-07 |
| * | pdebuild now checks for unsupported options.•••+ * debian/pbuilder-uml.files: move to uml.
+ * Makefile: install
+ * pdebuild-user-mode-linux: use pdebuild-uml-checkparams
+
+ * pdebuild-uml-checkparams: add --debsign-k
+
+ * pbuilder-uml-checkparams: pdebuild options remove.
+
+ * pdebuild-uml-checkparams: --buildresult
+
+ * pdebuild.1: add --logfile option to documentation.
+
+ * pdebuild-checkparams: --logfile option implemented for pdebuild.
+
+ * Makefile (install): install
+
+ * pdebuild: use pdebuild-checkparams instead.
+
+ * pbuilder-checkparams: split
+ * pdebuild-checkparams: new file.
+
| dancer | 2005-06-04 |
| * | + * pbuilder.8: document --autocleanaptcache•••+
+ * pbuilder-updatebuildenv:
+ * pbuilder-checkparams (AUTOCLEANAPTCACHE): support auto-clean of aptcache
+ (IGNORE_UMOUNT): add --autocleanaptcache
+
| dancer | 2005-06-03 |
| * | change to use experimental,•••and apply patch; and apply my own patch.
| dancer | 2005-06-03 |
| * | --- ChangeLog 11 Apr 2005 06:24:29 -0000 1.293•••+++ ChangeLog 16 Apr 2005 04:39:27 -0000
@@ -1,3 +1,20 @@
+2005-04-16 Junichi Uekawa <dancer@debian.org>
+
+ * pbuilder-modules: document signing-related options in pbuilder-options.
+
+ * pdebuild-user-mode-linux:
+ * pdebuild: implement keyid specification.
+
+ * Documentation/pbuilder-doc.xml: add document on using auto-debsign
+ and add a FAQ entry for source.changes file.
+
+ * pbuilder-checkparams: use --debsign-k option
+ to specify DEBSIGN_KEYID
+
+ * pdebuild.1: add --debsign-k option
+
+ * pdebuild-user-mode-linux.1: add --debsign-k option
+
| dancer | 2005-04-16 |
| * | +2005-03-04 Junichi Uekawa <dancer@debian.org>•••+
+ * pbuilder: apply patch frp, Danilo to save aptcache on pbuilder login.
+ Apply similar change to pbuilder execute.
+ 271600
+
+ * pbuilder.8:
+ * pbuilder-checkparams:
+ * pbuilder-modules: support --aptcache option
+ thanks: Danilo Piazzalunga <danilopiazza@libero.it>
+ 295766
+
+ * Cleaned build dir for pbuilder-uml #297100
+
+ * pbuilder-modules (pbuilder-options): document save-after-login/exec
+ flag in --help output. #296672
+
| dancer | 2005-03-04 |
| * | update date | dancer | 2005-01-04 |
| * | +2004-10-31 Junichi Uekawa <dancer@debian.org>•••+
+ * Documentation/pbuilder-doc.xml (PBUILDER_UML_IMAGE): add notes on
+ BUILRESULTUID and SUDO interaction.
+
+ * pbuilder-buildpackage (PACKAGENAME): move around buildresult dir creation before pkgname logfile creation.
+
+ * pbuilder.8: add documentation for --save-after-login/exec option.
+
+ * pbuilder: execute and login with --save-after-login/exec option.
+
+ * pbuilder-user-mode-linux.1: add notes that uml-nocow is effective for exec and login.
+
+ * pbuilder-uml-checkparams (UML_SAVE_AFTER_LOGIN): add UML_NOCOW for exec
+
+ * pbuilder-checkparams (SAVE_AFTER_LOGIN): --save-after-login/exec command-option.
+
+ * pdebuild-user-mode-linux.1: add notes that the option will override
+ pbuilder option.
+
+ * pdebuild.1: add notes that the option will override pbuilder option
+
+ * pdebuild-user-mode-linux: ditto.
+
+ * pdebuild: override --debbbuildopts in pbuilder option when DEBBUILDOPTS is available and for non-internal mode.
+
| dancer | 2004-10-31 |