| Commit message (Collapse) | Author | Age |
|
|
|
| |
It's probably useful to see them in the logs.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
|
|
|
|
|
|
|
| |
By unsetting APTGETOPT, and setting
PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option
of verifying the key signature of each package against the installed
keyring.
|
|
|
|
|
|
|
|
|
| |
Add builtin support for using ccache in pbuilder and enable it by
default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and
chown it to BUILDUSERID at build time. Install/remove ccache
automatically on create/update if CCACHEDIR is set/unset. Update docs
and remove old ccache config example. Add a NEWS entry featuring the
change.
|
|
|
|
|
| |
Remove aptitude with apt-get install aptitude- and note that we should
use apt-get to remove REMOVEPACKAGES in the future.
|
|
|
|
|
|
|
|
| |
Only install aptitude in pbuilder-createbuildenv or
pbuilder-updatebuildenv, not in pbuilder-satisfydepends-aptitude, and
only when $PBUILDERSATISFYDEPENDSCMD uses aptitude. Remove aptitude in
pbuilder-createbuildenv and pbuilder-updatebuildenv otherwise;
closes: #539578.
|
|
|
|
|
| |
Install aptitude (with no possibility to override this) if
pbuilder-satisfydepends uses it; closes: 539578.
|
| |
|
|
|
|
|
|
|
|
| |
Always prepend --include=apt to debootstrap args; this is needed when
using --variant=buildd which doesn't include apt since pbuilder calls
apt-get in the chroot. Note that this can still be overrident by the
end-user by passing another --include= flag via DEBOOTSTRAPOPTS since
these flags aren't cumulative in debootstrap.
|
|
|
|
|
| |
pbuilder: add support for setting the architecture on the command-line
and in pbuilderrc.
|
|
|
|
| |
It's probably not too useful when used non-interactively, and clutters output.
|
| |
|
|
|
|
| |
First cut into doing this, hopefully we're not breaking anything.
|
|
|
|
|
|
| |
install pbuilder-satisfydepends-aptitude as the deafault
pbuilder-satisfydepends
* install aptitude per default in chroot.
|
| |
|
| |
|
|
|
|
| |
they will exit pbuilder after receiving a trap.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* pbuilderrc.5: undocument the restriction that --buildresult
option needs to be specified for pdebuild, and BUILDRESULT cannot
be used.
I should probably warn that the directory should be absolute.
* pdebuild.1: fix man a bit to make --buildresult option doc
unambiguous.
|
| |
|
|
|
|
| |
add G hooks for pbuilder create.
|
|
|
|
| |
add q-funk's script.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* pdebuild-user-mode-linux:
* pdebuild-uml-checkparams:
* pdebuild-checkparams:
* pdebuild: readlink -e instead of readlink -f
* pbuilder-uml-checkparams: readlink -e instead of readlink -f
* pbuilder-modules: readlink -e instead of readlink -f
* pbuilder-createbuildenv: quote HOOKDIR and readlink -e instead of readlink -f.
* pbuilder-checkparams:
* pbuilder-buildpackage: use readlink -e here.
* pbuilder-buildpackage-funcs: use readlink -e instead of readlink -f. 342117
thanks to Markus Kolb
|
|
|
|
|
|
|
|
|
| |
sarge
* Bug fix: "/usr/share/doc/pbuilder/examples/B90linda missing
--force-yes option", thanks to qfunk (Closes: #340715).
Note: --allow-unauthenticated is probably a better option here, but
apt-get in sarge does not support it, we will revisit it after etch.
|
|
|
|
|
|
| |
SUTOUSER is bogus", thanks to Brian Nelson (Closes: #338976).
* Bug fix: "--no-targz option creates tarball in pbuilder create",
thanks to Junichi Uekawa (Closes: #341916).
|
|
|
|
|
|
| |
--allow-unauthenticated option", thanks to qfunk (Closes: #340715).
- fixed other scripts to use --allow-unauthenticated option rather than --force-yes.
* debconf compatibility level 4
|
|
|
|
|
| |
when debootstrap/cdebootstrap does not exist.
Documentation update.
|
|
|
|
|
|
|
|
| |
* Document that --debug option preserves build place.
If the following fails, the build directory will remain intact:
pbuilder create --distribution etch --basetgz a.tgz --debug
(closes: #331635)
* README.Debian, pbuilder-doc.xml: updated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+
+ * debian/control: allow cdebootstrap dependency.
+
+ * testsuite/run-test.sh: complicate the process by testing both
+ cdebootstrap and debootstrap.
+
+ * pbuilder.8: document --debootstrap
+
+ * pbuilder-checkparams: --debootstrap
+
+ * pbuilder-modules: --debootstrap
+
+ * pbuilder-createbuildenv: unset DEBOOTSTRAPSCRIPT instead of setting
+ "". The number of parameter given to cdebootstrap changes.
+ since DEBOOTSTRAPSCRIPT are not supported by cdebootstrap,
+ Giving cdebootstrap this parameter caused it to fail.
+
+ * pbuilderrc.5: Document DEBOOTSTRAP
+
+ * pbuilderrc (DEBOOTSTRAP): new option.
+
+ * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): call ${DEBOOTSTRAP} instead of calling debootstrap directly.
+
|
|
|
|
| |
and apply patch; and apply my own patch.
|
| |
|
|
|
|
|
|
|
| |
+ for the work on debootstrap side.
+ Note that this change does not affect user-mode-linux, since
+ user-mode-linux version uses rootstrap
+ (closes: #154528)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+
+ * pbuilder-buildpackage-funcs:
+ * pbuilder-checkparams: do not error out on
+ failure to unset.
+
+ * pbuilder.8: document --debug.
+
+ * pbuilder-checkparams (IGNORE_UMOUNT): --debug option.
+
+ * pbuilder-createbuildenv:
+ * pbuilder-updatebuildenv: use PBUILDER_DEBUGMODE variable
+
|
|
|
|
|
|
|
| |
+ and set TRAP to trap only when PRESERVE_BUILDPLACE is not yes.
+
+ * Makefile (install): install new examples.
+ * atoron.procmailrc (DUMMY): add daisuke to family.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+ * pbuilder-modules (pbuilder-options): actually, return 101 for policy-rc.d
+
+ * debian/TODO: update
+
+ * pbuilder-modules (pbuilder-options): install policy-rc.d inside chroot if it does not exist,
+ and make it a dummy exit-all one.
+
+ * THANKS: add Aaron here.
+
+ * pbuilder-buildpackage (PACKAGENAME): use echo here, so that su won't
+ mess up the command-line. c.f. 203584, "Aaron M. Ucko" <ucko@debian.org>
+
|
| |
|
|
|
|
|
|
| |
name to E.
+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+
+ * Makefile (check): add check target to makefile, to see if there is
+ any syntax error.
+
+ * pbuilder-updatebuildenv: support --preserve-buildplace
+ apply things from
+ Daniel Schepler <schepler@math.berkeley.edu>
+
+ * pbuilder-satisfydepends: support --preserve-buildplace
+ support Format: field.
+
+ * pbuilder-modules (pbuilder-options): support --preserve-buildplace
+
+ * pbuilder-buildpackage (PACKAGENAME): support --preserve-buildplace
+
+ * pbuilder-buildpackage-funcs: support --preserve-buildplace
+
+ * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): support --preserve-buildplace
+
+ * pbuilder-checkparams (PRESERVE_BUILDPLACE): add PRESERVE_BUILDPLACE
+
+ * pbuilder.8: update docs to add --preserve-buildplace
+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+ * pbuilder-modules (create_basetgz): new function
+ add file locking
+ (extractbuildplace) add file locking.
+
+ * pbuilder-updatebuildenv: use create_basetgz
+
+ * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): make error handling more
+ fine-grained, and add more handling for error cases.
+ (create_basetgz): move function over to -modules.
+ and use it.
+
|
|
|
|
|
|
| |
copying etc/ files.
* pbuilder-modules: split out the function to copy local configuration.
|
|
|
|
|
|
|
|
|
|
| |
set CHROOTEXEC variable.
+
+ * pbuilder-createbuildenv: remove def for CHROOTEXEC
+ * pbuilder-updatebuildenv: ditto
+
+ * pbuilder-checkparams (CHROOTEXEC): CHROOTEXEC is set in checkparams, instead of -buildpackage etc.
|
| |
|
| |
|
| |
|