aboutsummaryrefslogtreecommitdiff
path: root/pbuilder-satisfydepends-aptitude
Commit message (Collapse)AuthorAge
* make longer lines wrap so reading patch files aren't as painful.Junichi Uekawa2012-03-09
|
* Bug#579028: pbuilder: installs untrusted packages without askingSimon Ruderich2012-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package: pbuilder Version: 0.206 Tags: patch Followup-For: Bug #579028 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, The attached patch changes the defaults to always enforce signed repositories and aborts if an untrusted/manipulated package is installed. It adds the new option --keyring (APTKEYRINGS) to add additional keyrings, which are then used to verify the (local) signed repositories. This way no untrusted packages can be installed. To still allow untrusted/unsigned repositories - they are a very bad idea and allow remote attackers performing a MITM to take over the system, including all built packages - the new option - --allow-untrusted (ALLOWUNTRUSTED) was added. I tested it with the official Debian repository, signed and unsigned local repositories and it works fine for me. But I'm only a "normal" pbuilder user, so I might have missed something. Please test the patch. I haven't tested it with cdebootstrap, but it should work as well. The old PBUILDERSATISFYDEPENDSOPT --check-key option was deprecated and is no longer used (it emits a warning now) as validation is the default now. The patch also contains documentation updates for the new options/variables and updates for the NEWS file describing the necessary changes to continue using untrusted packages (but please don't do that - especially as a Debian developer). Please have a look and include the patch as soon as possible to fix this security issue. Regards, Simon - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pbuilder depends on: ii cdebootstrap 0.5.8+b1 ii coreutils 8.13-3 ii debconf [debconf-2.0] 1.5.41 ii debianutils 4.2.1 ii debootstrap 1.0.38 ii dpkg-dev 1.16.1.2 ii wget 1.13.4-2 Versions of packages pbuilder recommends: pn devscripts 2.11.4 pn fakeroot 1.18.2-1 pn sudo <none> Versions of packages pbuilder suggests: pn cowdancer <none> pn gdebi-core <none> pn pbuilder-uml <none> - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3 uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ 7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7 0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH oF3CcmlykKX4SYzhUI/e =6EPj -----END PGP SIGNATURE----- >From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001 Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org> From: Simon Ruderich <simon@ruderich.org> Date: Tue, 6 Mar 2012 02:00:48 +0100 Subject: [PATCH] Enforce valid signed repositories by default.
* Bug#606699: pbuilder NMUEmilio Pozuelo Monfort2011-06-24
| | | | | | | | | | Hi, I talked to Junichi and he told me it was fine if I NMU'ed pbuilder to fix these bugs. This is the debdiff for my NMU. Regards, Emilio
* fix typo.Junichi Uekawa2010-07-05
|
* Add an option to verify key signatures. (closes: #579028)Junichi Uekawa2010-07-05
| | | | | | | By unsetting APTGETOPT, and setting PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option of verifying the key signature of each package against the installed keyring.
* Make satisfydepends-aptitude, -classic relocatableLoïc Minier2010-01-05
| | | | Make pbuilder-satisfydepends-aptitude and -classic relocatable.
* Add get_build_deps() and get_build_conflicts()Loïc Minier2010-01-04
| | | | | Add get_build_deps() and get_build_conflicts() functions wrapping get_control_re() for BD_REGEXP and BC_REGEXP over DEBIAN_CONTROL.
* Only remove/install aptitude on create/updateLoïc Minier2010-01-02
| | | | | | | | Only install aptitude in pbuilder-createbuildenv or pbuilder-updatebuildenv, not in pbuilder-satisfydepends-aptitude, and only when $PBUILDERSATISFYDEPENDSCMD uses aptitude. Remove aptitude in pbuilder-createbuildenv and pbuilder-updatebuildenv otherwise; closes: #539578.
* pbuilder-satisfydepends-aptitude: typo in descLoïc Minier2010-01-02
| | | | pbuilder-satisfydepends-aptitude: Fix typo in package description.
* pass apt-get '-q' option to remove the progress.Junichi Uekawa2009-08-15
| | | | It's probably not too useful when used non-interactively, and clutters output.
* * pbuilder-satisfydepends-aptitude: Pass -o APT::Install-Recommends=false tooLoïc Minier2007-11-23
|
* run dpkg-architecture inside chroot for ↵Junichi Uekawa2007-06-01
| | | | pbuilder-satisfydepends-{aptitude,experimental} also.
* * Pass --without-recommends to aptitude.Loïc Minier2007-04-29
|
* Merge branch 'master' of ssh://git.debian.org/git/pbuilder/pbuilderLoïc Minier2007-04-12
|\
| * remove output of $Id$Junichi Uekawa2007-04-11
| | | | | | | | | | $Id$ is a CVS-specific feature which was useful for showing the version number of pbuilder, but is no longer relevant. Something else is required for git, but that will need to be fixed later.
* | * Pass "-o Aptitude::ProblemResolver::StepScore=100" to aptitude, as discussedLoïc Minier2007-04-12
| | | | | | | | | | with Daniel Burrows to help aptitude resolve dependencies when experimental is in the sources.list
* | * Pass -o Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude; thanksLoïc Minier2007-04-11
|/ | | | Daniel Burrows for the pointed.
* * pbuilder-satisfydepends-aptitude: check whether the dummy dependenciesLoïc Minier2007-04-02
| | | | | package was truly installed or error out; catches situation where "aptitude" did not keep the dummy package but claimed the installation was successful.
* * Misc cleanups.Loïc Minier2007-04-01
|
* * Add function get_control_re() to pbuilder-satisfydepends-funcs to extract theLoïc Minier2007-03-31
| | | | | | | | | value of source headers from a control file. * Add function filter_arch_deps() to pbuilder-satisfydepends-aptitude to filter out arch dependencies not for a certain arch. * Source pbuilder-satisfydepends-funcs in pbuilder-satisfydepends-aptitude. * Add support for arch specific build-deps and build-conflicts to pbuilder-satisfydepends-aptitude.
* * Move command-line parsing logic used in pbuilder-satisfydepends* intoLoïc Minier2007-03-31
| | | | pbuilder-satisfydepends-checkparams.
* * Initial pbuilder-satisfydepends-aptitude implementation; probably breaks forLoïc Minier2007-03-31
arch specific build-deps and for pbuilder environments using unsigned APT repositories.