| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Thanks: Michael Stapelberg for spotting this
|
| | |
|
| |
|
|
| |
pbuilder-satisfydepends-funcs and add tests
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
|
| |
|
|
|
|
|
|
|
|
| |
Hi,
I talked to Junichi and he told me it was fine if I NMU'ed pbuilder to fix these
bugs. This is the debdiff for my NMU.
Regards,
Emilio
|
| | |
|
| |
|
|
|
|
|
| |
By unsetting APTGETOPT, and setting
PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option
of verifying the key signature of each package against the installed
keyring.
|
| |
|
|
| |
Make pbuilder-satisfydepends-aptitude and -classic relocatable.
|
| |
|
|
|
| |
Add get_build_deps() and get_build_conflicts() functions wrapping
get_control_re() for BD_REGEXP and BC_REGEXP over DEBIAN_CONTROL.
|
| |
|
|
|
|
|
|
| |
Only install aptitude in pbuilder-createbuildenv or
pbuilder-updatebuildenv, not in pbuilder-satisfydepends-aptitude, and
only when $PBUILDERSATISFYDEPENDSCMD uses aptitude. Remove aptitude in
pbuilder-createbuildenv and pbuilder-updatebuildenv otherwise;
closes: #539578.
|
| |
|
|
| |
pbuilder-satisfydepends-aptitude: Fix typo in package description.
|
| |
|
|
| |
It's probably not too useful when used non-interactively, and clutters output.
|
| | |
|
| |
|
|
| |
pbuilder-satisfydepends-{aptitude,experimental} also.
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
$Id$ is a CVS-specific feature which was useful for showing the version number of pbuilder, but is no longer relevant.
Something else is required for git, but that will need to be fixed later.
|
| | |
| |
| |
| |
| | |
with Daniel Burrows to help aptitude resolve dependencies when experimental
is in the sources.list
|
| |/
|
|
| |
Daniel Burrows for the pointed.
|
| |
|
|
|
| |
package was truly installed or error out; catches situation where "aptitude"
did not keep the dummy package but claimed the installation was successful.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
value of source headers from a control file.
* Add function filter_arch_deps() to pbuilder-satisfydepends-aptitude to
filter out arch dependencies not for a certain arch.
* Source pbuilder-satisfydepends-funcs in pbuilder-satisfydepends-aptitude.
* Add support for arch specific build-deps and build-conflicts to
pbuilder-satisfydepends-aptitude.
|
| |
|
|
| |
pbuilder-satisfydepends-checkparams.
|
|
|
arch specific build-deps and for pbuilder environments using unsigned APT
repositories.
|