aboutsummaryrefslogtreecommitdiff
path: root/pbuilder-satisfydepends-checkparams
Commit message (Collapse)AuthorAge
* Bug#663283: pbuilder: pbuilder-satisfydepends failed due to --check-key ↵Thorsten Glaser2012-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | deprecation bug Dixi quod… >You should not deprecate an option so suddenly, either. I’m Here’s a possible fix (untested). From 4fce2898d1d2cf292243316dd9f74b7f5f253a3b Mon Sep 17 00:00:00 2001 From: Thorsten Glaser <tg@mirbsd.org> Date: Sat, 10 Mar 2012 02:22:10 +0000 Subject: [PATCH] make --check-key and --allow-untrusted into a toggle of each other MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit so that --check-key A: does not error out (Closes: #663283) B: is silently accepted C: has the ability to un-do a previous --allow-untrusted Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
* Bug#579028: pbuilder: installs untrusted packages without askingSimon Ruderich2012-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package: pbuilder Version: 0.206 Tags: patch Followup-For: Bug #579028 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, The attached patch changes the defaults to always enforce signed repositories and aborts if an untrusted/manipulated package is installed. It adds the new option --keyring (APTKEYRINGS) to add additional keyrings, which are then used to verify the (local) signed repositories. This way no untrusted packages can be installed. To still allow untrusted/unsigned repositories - they are a very bad idea and allow remote attackers performing a MITM to take over the system, including all built packages - the new option - --allow-untrusted (ALLOWUNTRUSTED) was added. I tested it with the official Debian repository, signed and unsigned local repositories and it works fine for me. But I'm only a "normal" pbuilder user, so I might have missed something. Please test the patch. I haven't tested it with cdebootstrap, but it should work as well. The old PBUILDERSATISFYDEPENDSOPT --check-key option was deprecated and is no longer used (it emits a warning now) as validation is the default now. The patch also contains documentation updates for the new options/variables and updates for the NEWS file describing the necessary changes to continue using untrusted packages (but please don't do that - especially as a Debian developer). Please have a look and include the patch as soon as possible to fix this security issue. Regards, Simon - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pbuilder depends on: ii cdebootstrap 0.5.8+b1 ii coreutils 8.13-3 ii debconf [debconf-2.0] 1.5.41 ii debianutils 4.2.1 ii debootstrap 1.0.38 ii dpkg-dev 1.16.1.2 ii wget 1.13.4-2 Versions of packages pbuilder recommends: pn devscripts 2.11.4 pn fakeroot 1.18.2-1 pn sudo <none> Versions of packages pbuilder suggests: pn cowdancer <none> pn gdebi-core <none> pn pbuilder-uml <none> - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3 uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ 7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7 0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH oF3CcmlykKX4SYzhUI/e =6EPj -----END PGP SIGNATURE----- >From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001 Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org> From: Simon Ruderich <simon@ruderich.org> Date: Tue, 6 Mar 2012 02:00:48 +0100 Subject: [PATCH] Enforce valid signed repositories by default.
* minor change in formatting.Junichi Uekawa2010-07-05
|
* Add an option to verify key signatures. (closes: #579028)Junichi Uekawa2010-07-05
| | | | | | | By unsetting APTGETOPT, and setting PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option of verifying the key signature of each package against the installed keyring.
* Simpler logic for inclusion of -Indep build-depsLoïc Minier2010-01-04
| | | | | | | | | Set BINARY_ARCH in pbuilder-satisfydepends-checkparams just as in pbuilder-checkparams instead of setting BC_REGEXP and BD_REGEXP and change get_build_deps and get_build_conflicts to query for Build-Deps / Build-Conflicts only, with an optional separate get_control_re call for the -Indep deps if needed. Update testsuite to also test for build-deps-indep.
* Require gdebi/gdebi-core on host to resolve bdepsLoïc Minier2009-12-12
| | | | | | | Require /usr/bin/gdebi on the host to resolve build-deps using pbuilder-satisfydepends-gdebi instead of installing it in the chroot which resulted in a less minimal build env. Use proper package name in Suggests.
* added test things to --echo as well.Junichi Uekawa2008-08-12
|
* Reorder command-line options, and add error check so that things are better ↵Junichi Uekawa2008-08-11
| | | | | | | checked. --internal-chrootexec "${CHROOTEXEC}" --chroot "${BUILDPLACE}" will always override --internal-chrootexec command, --chroot "${BUILDPLACE}" --internal-chrootexec "${CHROOTEXEC}" is better.
* * Add missing pbuilder-satisfydepends-checkparams file.Loïc Minier2007-03-31