| Commit message (Expand) | Author | Age |
|---|
| * | create: load hooks before trying to execute them•••This is a regression introduced in 9688b22bc39f3bff45dc1b0965fc0ad9e4260752
where I moved the only place where to load the hooks in extractbuildplace(), but
clearly the buildplace is not extract when we're creating it...
Closes: #806187
Gbp-Dch: Short
| Mattia Rizzolo | 2015-11-25 |
| * | use log.e() instead of log() | Mattia Rizzolo | 2015-11-15 |
| * | use log.i() instead of log() | Mattia Rizzolo | 2015-11-15 |
| * | {create,update}buildenv: consider APTGETOPT also when running apt-get update | Mattia Rizzolo | 2015-11-12 |
| * | use relative sources where possible•••This way it's a lot easier to test stuff without actually installing it
Use BASH_SOURCE, which contains the path of the current script being executed.
BASH_SOURCE is clearly a bashism, but it's cheaper than using dirname(1).
Thanks to Gianfranco Costamagna for noticing how this bit could have be improved.
Gbp-Dch: Short
| Mattia Rizzolo | 2015-11-01 |
| * | no need to load runhooks anymore now that it's all handled in -modules•••Gbp-Dch: ignore
| Mattia Rizzolo | 2015-10-28 |
| * | always load hooks just after extracting the build place, and unload them when...•••So, no need to load&run&unload everywhere as it is now.
Gbp-Dch: Short
| Mattia Rizzolo | 2015-10-13 |
| * | createbuildenv: remove a couple of quotes, they mke debootrap fail in some co...•••(happy to have added an autopkgtest for this...)
Gbp-Dch: Ignore
| Mattia Rizzolo | 2015-09-24 |
| * | fix a whole bunch of warning from shellcheck•••There are still quite some, this is a first chunk based on a given patch
applied where i felt confident enough.
Thanks: Herbert Parentes Fortes Neto <hpfn@ig.com.br> for the initial patch-set
| Mattia Rizzolo | 2015-09-18 |
| * | parametrize the build directory using the conf option BUILDDIR | Mattia Rizzolo | 2015-08-08 |
| * | Add support for hurd•••Closes: #753801
| Gabriele Giacone | 2015-06-22 |
| * | Show current time in create / update operations too. (closes: #613854)•••It's probably useful to see them in the logs.
| Junichi Uekawa | 2012-03-28 |
| * | factor out common code for apt key rings. | Junichi Uekawa | 2012-03-13 |
| * | make longer lines wrap so reading patch files aren't as painful. | Junichi Uekawa | 2012-03-09 |
| * | Bug#579028: pbuilder: installs untrusted packages without asking•••Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
| Simon Ruderich | 2012-03-09 |
| * | Add an option to verify key signatures. (closes: #579028)•••By unsetting APTGETOPT, and setting
PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option
of verifying the key signature of each package against the installed
keyring.
| Junichi Uekawa | 2010-07-05 |
| * | Add builtin ccache support, enabled by default•••Add builtin support for using ccache in pbuilder and enable it by
default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and
chown it to BUILDUSERID at build time. Install/remove ccache
automatically on create/update if CCACHEDIR is set/unset. Update docs
and remove old ccache config example. Add a NEWS entry featuring the
change.
| Loïc Minier | 2010-01-02 |
| * | Remove aptitude with apt-get install aptitude-•••Remove aptitude with apt-get install aptitude- and note that we should
use apt-get to remove REMOVEPACKAGES in the future.
| Loïc Minier | 2010-01-02 |
| * | Only remove/install aptitude on create/update•••Only install aptitude in pbuilder-createbuildenv or
pbuilder-updatebuildenv, not in pbuilder-satisfydepends-aptitude, and
only when $PBUILDERSATISFYDEPENDSCMD uses aptitude. Remove aptitude in
pbuilder-createbuildenv and pbuilder-updatebuildenv otherwise;
closes: #539578.
| Loïc Minier | 2010-01-02 |
| * | Add aptitude if pbuilder-satisfydepends uses it•••Install aptitude (with no possibility to override this) if
pbuilder-satisfydepends uses it; closes: 539578.
| Loïc Minier | 2010-01-02 |
| * | Remove apt from $CHROOTEXEC apt-get install call | Loïc Minier | 2010-01-02 |
| * | debootstrap with --include=apt; for buildd variant•••Always prepend --include=apt to debootstrap args; this is needed when
using --variant=buildd which doesn't include apt since pbuilder calls
apt-get in the chroot. Note that this can still be overrident by the
end-user by passing another --include= flag via DEBOOTSTRAPOPTS since
these flags aren't cumulative in debootstrap.
| Loïc Minier | 2010-01-02 |
| * | pbuilder: Add --architecture and ARCHITECTURE flag•••pbuilder: add support for setting the architecture on the command-line
and in pbuilderrc.
| Loïc Minier | 2009-12-30 |
| * | pass apt-get '-q' option to remove the progress.•••It's probably not too useful when used non-interactively, and clutters output.
| Junichi Uekawa | 2009-08-15 |
| * | install aptitude via EXTRAPACKAGES, and not hard-code. (closes: #539578) | Junichi Uekawa | 2009-08-08 |
| * | refactor to use 'log' function rather than using 'echo' directly.•••First cut into doing this, hopefully we're not breaking anything.
| Junichi Uekawa | 2009-02-26 |
| * | * rename pbuilder-satisfydepends to pbuilder-satisfydepends-classic, and••• install pbuilder-satisfydepends-aptitude as the deafault
pbuilder-satisfydepends
* install aptitude per default in chroot.
| Junichi Uekawa | 2007-08-28 |
| * | fix always ending with "Aborting with error" | Junichi Uekawa | 2007-05-27 |
| * | fix thinko: trap exit -> trap - exit | Junichi Uekawa | 2007-05-27 |
| * | change "trap" handling so that all trap function calls are called _trap, and ... | Junichi Uekawa | 2007-05-27 |
| * | trap sighup as well as exit: create/update | Junichi Uekawa | 2007-05-27 |
| * | trap SIGHUP as well as EXIT. | Junichi Uekawa | 2007-05-27 |
| * | copyright year 2007, and changelog about it, and changelog warning/error to >&2 | Junichi Uekawa | 2007-03-27 |
| * | Make 'pbuilder create' also use FORCE_CONFNEW | dancer | 2006-12-17 |
| * | update copyright info. | dancer | 2006-05-30 |
| * | * fix pdebuild --help output (closes: #367133)••• * pbuilderrc.5: undocument the restriction that --buildresult
option needs to be specified for pdebuild, and BUILDRESULT cannot
be used.
I should probably warn that the directory should be absolute.
* pdebuild.1: fix man a bit to make --buildresult option doc
unambiguous.
| dancer | 2006-05-14 |
| * | preliminary support for bind-mounted apt cache directory. | dancer | 2006-02-12 |
| * | implement hookdir for workaround of initscripts and cdebootstrap bug.•••add G hooks for pbuilder create.
| dancer | 2006-01-29 |
| * | use readlink -f instead of -e.•••add q-funk's script.
| dancer | 2005-12-21 |
| * | Use readlink -e instead of readlink -f :••• * pdebuild-user-mode-linux:
* pdebuild-uml-checkparams:
* pdebuild-checkparams:
* pdebuild: readlink -e instead of readlink -f
* pbuilder-uml-checkparams: readlink -e instead of readlink -f
* pbuilder-modules: readlink -e instead of readlink -f
* pbuilder-createbuildenv: quote HOOKDIR and readlink -e instead of readlink -f.
* pbuilder-checkparams:
* pbuilder-buildpackage: use readlink -e here.
* pbuilder-buildpackage-funcs: use readlink -e instead of readlink -f. 342117
thanks to Markus Kolb
| dancer | 2005-12-05 |
| * | Revert to using --force-yes, since --allow-unauthenticated doesn't work with ...••• * Bug fix: "/usr/share/doc/pbuilder/examples/B90linda missing
--force-yes option", thanks to qfunk (Closes: #340715).
Note: --allow-unauthenticated is probably a better option here, but
apt-get in sarge does not support it, we will revisit it after etch.
| dancer | 2005-12-04 |
| * | * Bug fix: "pbuilder-buildpackage-funcs check for createbuilduser for••• SUTOUSER is bogus", thanks to Brian Nelson (Closes: #338976).
* Bug fix: "--no-targz option creates tarball in pbuilder create",
thanks to Junichi Uekawa (Closes: #341916).
| dancer | 2005-12-04 |
| * | * Bug fix: "/usr/share/doc/pbuilder/examples/B90linda missing••• --allow-unauthenticated option", thanks to qfunk (Closes: #340715).
- fixed other scripts to use --allow-unauthenticated option rather than --force-yes.
* debconf compatibility level 4
| dancer | 2005-12-04 |
| * | fixed documentation, added changes to createbuildenv to chek for error state•••when debootstrap/cdebootstrap does not exist.
Documentation update.
| dancer | 2005-11-03 |
| * | [Junichi Uekawa]••• * Document that --debug option preserves build place.
If the following fails, the build directory will remain intact:
pbuilder create --distribution etch --basetgz a.tgz --debug
(closes: #331635)
* README.Debian, pbuilder-doc.xml: updated.
| dancer | 2005-10-09 |
| * | +2005-08-07 Junichi Uekawa <dancer@debian.org>•••+
+ * debian/control: allow cdebootstrap dependency.
+
+ * testsuite/run-test.sh: complicate the process by testing both
+ cdebootstrap and debootstrap.
+
+ * pbuilder.8: document --debootstrap
+
+ * pbuilder-checkparams: --debootstrap
+
+ * pbuilder-modules: --debootstrap
+
+ * pbuilder-createbuildenv: unset DEBOOTSTRAPSCRIPT instead of setting
+ "". The number of parameter given to cdebootstrap changes.
+ since DEBOOTSTRAPSCRIPT are not supported by cdebootstrap,
+ Giving cdebootstrap this parameter caused it to fail.
+
+ * pbuilderrc.5: Document DEBOOTSTRAP
+
+ * pbuilderrc (DEBOOTSTRAP): new option.
+
+ * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): call ${DEBOOTSTRAP} instead of calling debootstrap directly.
+
| dancer | 2005-08-07 |
| * | change to use experimental,•••and apply patch; and apply my own patch.
| dancer | 2005-06-03 |
| * | update documentation, and other minor fix in response to FIXME entries. | dancer | 2004-12-01 |
| * | + * Implement --variant=buildd support, thanks for Daniel Schepler•••+ for the work on debootstrap side.
+ Note that this change does not affect user-mode-linux, since
+ user-mode-linux version uses rootstrap
+ (closes: #154528)
| dancer | 2004-04-06 |
| * | + * debian/control (Description): do not conflict with older bash.•••+
+ * pbuilder-buildpackage-funcs:
+ * pbuilder-checkparams: do not error out on
+ failure to unset.
+
+ * pbuilder.8: document --debug.
+
+ * pbuilder-checkparams (IGNORE_UMOUNT): --debug option.
+
+ * pbuilder-createbuildenv:
+ * pbuilder-updatebuildenv: use PBUILDER_DEBUGMODE variable
+
| dancer | 2003-12-16 |