aboutsummaryrefslogtreecommitdiff
path: root/pbuilder-createbuildenv
Commit message (Collapse)AuthorAge
* Show current time in create / update operations too. (closes: #613854)Junichi Uekawa2012-03-28
| | | | It's probably useful to see them in the logs.
* factor out common code for apt key rings.Junichi Uekawa2012-03-13
|
* make longer lines wrap so reading patch files aren't as painful.Junichi Uekawa2012-03-09
|
* Bug#579028: pbuilder: installs untrusted packages without askingSimon Ruderich2012-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package: pbuilder Version: 0.206 Tags: patch Followup-For: Bug #579028 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, The attached patch changes the defaults to always enforce signed repositories and aborts if an untrusted/manipulated package is installed. It adds the new option --keyring (APTKEYRINGS) to add additional keyrings, which are then used to verify the (local) signed repositories. This way no untrusted packages can be installed. To still allow untrusted/unsigned repositories - they are a very bad idea and allow remote attackers performing a MITM to take over the system, including all built packages - the new option - --allow-untrusted (ALLOWUNTRUSTED) was added. I tested it with the official Debian repository, signed and unsigned local repositories and it works fine for me. But I'm only a "normal" pbuilder user, so I might have missed something. Please test the patch. I haven't tested it with cdebootstrap, but it should work as well. The old PBUILDERSATISFYDEPENDSOPT --check-key option was deprecated and is no longer used (it emits a warning now) as validation is the default now. The patch also contains documentation updates for the new options/variables and updates for the NEWS file describing the necessary changes to continue using untrusted packages (but please don't do that - especially as a Debian developer). Please have a look and include the patch as soon as possible to fix this security issue. Regards, Simon - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pbuilder depends on: ii cdebootstrap 0.5.8+b1 ii coreutils 8.13-3 ii debconf [debconf-2.0] 1.5.41 ii debianutils 4.2.1 ii debootstrap 1.0.38 ii dpkg-dev 1.16.1.2 ii wget 1.13.4-2 Versions of packages pbuilder recommends: pn devscripts 2.11.4 pn fakeroot 1.18.2-1 pn sudo <none> Versions of packages pbuilder suggests: pn cowdancer <none> pn gdebi-core <none> pn pbuilder-uml <none> - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3 uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ 7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7 0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH oF3CcmlykKX4SYzhUI/e =6EPj -----END PGP SIGNATURE----- >From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001 Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org> From: Simon Ruderich <simon@ruderich.org> Date: Tue, 6 Mar 2012 02:00:48 +0100 Subject: [PATCH] Enforce valid signed repositories by default.
* Add an option to verify key signatures. (closes: #579028)Junichi Uekawa2010-07-05
| | | | | | | By unsetting APTGETOPT, and setting PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option of verifying the key signature of each package against the installed keyring.
* Add builtin ccache support, enabled by defaultLoïc Minier2010-01-02
| | | | | | | | | Add builtin support for using ccache in pbuilder and enable it by default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and chown it to BUILDUSERID at build time. Install/remove ccache automatically on create/update if CCACHEDIR is set/unset. Update docs and remove old ccache config example. Add a NEWS entry featuring the change.
* Remove aptitude with apt-get install aptitude-Loïc Minier2010-01-02
| | | | | Remove aptitude with apt-get install aptitude- and note that we should use apt-get to remove REMOVEPACKAGES in the future.
* Only remove/install aptitude on create/updateLoïc Minier2010-01-02
| | | | | | | | Only install aptitude in pbuilder-createbuildenv or pbuilder-updatebuildenv, not in pbuilder-satisfydepends-aptitude, and only when $PBUILDERSATISFYDEPENDSCMD uses aptitude. Remove aptitude in pbuilder-createbuildenv and pbuilder-updatebuildenv otherwise; closes: #539578.
* Add aptitude if pbuilder-satisfydepends uses itLoïc Minier2010-01-02
| | | | | Install aptitude (with no possibility to override this) if pbuilder-satisfydepends uses it; closes: 539578.
* Remove apt from $CHROOTEXEC apt-get install callLoïc Minier2010-01-02
|
* debootstrap with --include=apt; for buildd variantLoïc Minier2010-01-02
| | | | | | | | Always prepend --include=apt to debootstrap args; this is needed when using --variant=buildd which doesn't include apt since pbuilder calls apt-get in the chroot. Note that this can still be overrident by the end-user by passing another --include= flag via DEBOOTSTRAPOPTS since these flags aren't cumulative in debootstrap.
* pbuilder: Add --architecture and ARCHITECTURE flagLoïc Minier2009-12-30
| | | | | pbuilder: add support for setting the architecture on the command-line and in pbuilderrc.
* pass apt-get '-q' option to remove the progress.Junichi Uekawa2009-08-15
| | | | It's probably not too useful when used non-interactively, and clutters output.
* install aptitude via EXTRAPACKAGES, and not hard-code. (closes: #539578)Junichi Uekawa2009-08-08
|
* refactor to use 'log' function rather than using 'echo' directly.Junichi Uekawa2009-02-26
| | | | First cut into doing this, hopefully we're not breaking anything.
* * rename pbuilder-satisfydepends to pbuilder-satisfydepends-classic, andJunichi Uekawa2007-08-28
| | | | | | install pbuilder-satisfydepends-aptitude as the deafault pbuilder-satisfydepends * install aptitude per default in chroot.
* fix always ending with "Aborting with error"Junichi Uekawa2007-05-27
|
* fix thinko: trap exit -> trap - exitJunichi Uekawa2007-05-27
|
* change "trap" handling so that all trap function calls are called _trap, and ↵Junichi Uekawa2007-05-27
| | | | they will exit pbuilder after receiving a trap.
* trap sighup as well as exit: create/updateJunichi Uekawa2007-05-27
|
* trap SIGHUP as well as EXIT.Junichi Uekawa2007-05-27
|
* copyright year 2007, and changelog about it, and changelog warning/error to >&2Junichi Uekawa2007-03-27
|
* Make 'pbuilder create' also use FORCE_CONFNEWdancer2006-12-17
|
* update copyright info.dancer2006-05-30
|
* * fix pdebuild --help output (closes: #367133)dancer2006-05-14
| | | | | | | | | | | * pbuilderrc.5: undocument the restriction that --buildresult option needs to be specified for pdebuild, and BUILDRESULT cannot be used. I should probably warn that the directory should be absolute. * pdebuild.1: fix man a bit to make --buildresult option doc unambiguous.
* preliminary support for bind-mounted apt cache directory.dancer2006-02-12
|
* implement hookdir for workaround of initscripts and cdebootstrap bug.dancer2006-01-29
| | | | add G hooks for pbuilder create.
* use readlink -f instead of -e.dancer2005-12-21
| | | | add q-funk's script.
* Use readlink -e instead of readlink -f :dancer2005-12-05
| | | | | | | | | | | | | | | | | | | * pdebuild-user-mode-linux: * pdebuild-uml-checkparams: * pdebuild-checkparams: * pdebuild: readlink -e instead of readlink -f * pbuilder-uml-checkparams: readlink -e instead of readlink -f * pbuilder-modules: readlink -e instead of readlink -f * pbuilder-createbuildenv: quote HOOKDIR and readlink -e instead of readlink -f. * pbuilder-checkparams: * pbuilder-buildpackage: use readlink -e here. * pbuilder-buildpackage-funcs: use readlink -e instead of readlink -f. 342117 thanks to Markus Kolb
* Revert to using --force-yes, since --allow-unauthenticated doesn't work with ↵dancer2005-12-04
| | | | | | | | | sarge * Bug fix: "/usr/share/doc/pbuilder/examples/B90linda missing --force-yes option", thanks to qfunk (Closes: #340715). Note: --allow-unauthenticated is probably a better option here, but apt-get in sarge does not support it, we will revisit it after etch.
* * Bug fix: "pbuilder-buildpackage-funcs check for createbuilduser fordancer2005-12-04
| | | | | | SUTOUSER is bogus", thanks to Brian Nelson (Closes: #338976). * Bug fix: "--no-targz option creates tarball in pbuilder create", thanks to Junichi Uekawa (Closes: #341916).
* * Bug fix: "/usr/share/doc/pbuilder/examples/B90linda missingdancer2005-12-04
| | | | | | --allow-unauthenticated option", thanks to qfunk (Closes: #340715). - fixed other scripts to use --allow-unauthenticated option rather than --force-yes. * debconf compatibility level 4
* fixed documentation, added changes to createbuildenv to chek for error statedancer2005-11-03
| | | | | when debootstrap/cdebootstrap does not exist. Documentation update.
* [Junichi Uekawa]dancer2005-10-09
| | | | | | | | * Document that --debug option preserves build place. If the following fails, the build directory will remain intact: pbuilder create --distribution etch --basetgz a.tgz --debug (closes: #331635) * README.Debian, pbuilder-doc.xml: updated.
* +2005-08-07 Junichi Uekawa <dancer@debian.org>dancer2005-08-07
| | | | | | | | | | | | | | | | | | | | | | | | | | + + * debian/control: allow cdebootstrap dependency. + + * testsuite/run-test.sh: complicate the process by testing both + cdebootstrap and debootstrap. + + * pbuilder.8: document --debootstrap + + * pbuilder-checkparams: --debootstrap + + * pbuilder-modules: --debootstrap + + * pbuilder-createbuildenv: unset DEBOOTSTRAPSCRIPT instead of setting + "". The number of parameter given to cdebootstrap changes. + since DEBOOTSTRAPSCRIPT are not supported by cdebootstrap, + Giving cdebootstrap this parameter caused it to fail. + + * pbuilderrc.5: Document DEBOOTSTRAP + + * pbuilderrc (DEBOOTSTRAP): new option. + + * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): call ${DEBOOTSTRAP} instead of calling debootstrap directly. +
* change to use experimental,dancer2005-06-03
| | | | and apply patch; and apply my own patch.
* update documentation, and other minor fix in response to FIXME entries.dancer2004-12-01
|
* + * Implement --variant=buildd support, thanks for Daniel Scheplerdancer2004-04-06
| | | | | | | + for the work on debootstrap side. + Note that this change does not affect user-mode-linux, since + user-mode-linux version uses rootstrap + (closes: #154528)
* + * debian/control (Description): do not conflict with older bash.dancer2003-12-16
| | | | | | | | | | | | | | | + + * pbuilder-buildpackage-funcs: + * pbuilder-checkparams: do not error out on + failure to unset. + + * pbuilder.8: document --debug. + + * pbuilder-checkparams (IGNORE_UMOUNT): --debug option. + + * pbuilder-createbuildenv: + * pbuilder-updatebuildenv: use PBUILDER_DEBUGMODE variable +
* + * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): use $TRAP instead of trap,dancer2003-12-16
| | | | | | | + and set TRAP to trap only when PRESERVE_BUILDPLACE is not yes. + + * Makefile (install): install new examples. + * atoron.procmailrc (DUMMY): add daisuke to family.
* +dancer2003-09-23
| | | | | | | | | | | | | | | + * pbuilder-modules (pbuilder-options): actually, return 101 for policy-rc.d + + * debian/TODO: update + + * pbuilder-modules (pbuilder-options): install policy-rc.d inside chroot if it does not exist, + and make it a dummy exit-all one. + + * THANKS: add Aaron here. + + * pbuilder-buildpackage (PACKAGENAME): use echo here, so that su won't + mess up the command-line. c.f. 203584, "Aaron M. Ucko" <ucko@debian.org> +
* update copyright datedancer2003-04-19
|
* + * pbuilder.8,pbuilder-createbuildenv,pbuilder-updatebuildenv: change hook ↵dancer2003-03-10
| | | | | | name to E. +
* + * debian/rules: add check target for build.dancer2003-03-10
| | | | | | | | | | | | | | | | | | | | | | | | | | + + * Makefile (check): add check target to makefile, to see if there is + any syntax error. + + * pbuilder-updatebuildenv: support --preserve-buildplace + apply things from + Daniel Schepler <schepler@math.berkeley.edu> + + * pbuilder-satisfydepends: support --preserve-buildplace + support Format: field. + + * pbuilder-modules (pbuilder-options): support --preserve-buildplace + + * pbuilder-buildpackage (PACKAGENAME): support --preserve-buildplace + + * pbuilder-buildpackage-funcs: support --preserve-buildplace + + * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): support --preserve-buildplace + + * pbuilder-checkparams (PRESERVE_BUILDPLACE): add PRESERVE_BUILDPLACE + + * pbuilder.8: update docs to add --preserve-buildplace +
* +dancer2002-10-11
| | | | | | | | | | | | | | + * pbuilder-modules (create_basetgz): new function + add file locking + (extractbuildplace) add file locking. + + * pbuilder-updatebuildenv: use create_basetgz + + * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): make error handling more + fine-grained, and add more handling for error cases. + (create_basetgz): move function over to -modules. + and use it. +
* * pbuilder-createbuildenv: use pbuilder-modules code fordancer2002-09-22
| | | | | | copying etc/ files. * pbuilder-modules: split out the function to copy local configuration.
* + * pbuilder-checkparams (CHROOTEXEC): add --internal-chrootexec option to ↵dancer2002-09-13
| | | | | | | | | | set CHROOTEXEC variable. + + * pbuilder-createbuildenv: remove def for CHROOTEXEC + * pbuilder-updatebuildenv: ditto + + * pbuilder-checkparams (CHROOTEXEC): CHROOTEXEC is set in checkparams, instead of -buildpackage etc.
* added hooks support for pbuilder build target.dancer2002-02-24
|
* update, and bugfixesdancer2002-02-09
|
* fixing typos and minor details.dancer2002-02-01
|