| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Sat, Dec 24, 2011 at 05:22:05PM +0900, Junichi Uekawa wrote:
> Hi,
>
> I'd use a shell array for specifying the values; but yes I think I
> too wanted this feature at one point.
Attached is a patch that uses a shell array and adds some documentation.
Please apply if you see fit.
> Would list of filename (I will imagine there will be requests for all
> sorts of wildcards after release, which is kind of a pain) be useful
> or a directory that a post-build script can write to after build be
> useful? (I think qemubuilder needed something to do with a specific
> directory that you can write to, but I will need to check how I did
> it).
I'd be great to have this in first and see how others use it. It
wouldn't be a problem to introduce an ADDITIONAL_BUILD_RESULTS_DIR
later.
Cheers,
-- Guido
>From ad3569e07a9cc64cd5b126193cddf311e48180a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Mon, 19 Dec 2011 13:31:59 +0100
Subject: [PATCH] Add ADDITIONAL_BUILDRESULTS variable
this can be used to copy additional build results out of the build
directory. It's useful to e.g. preserve a xml testresult file when using
a build system like Jenkins.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.203
Followup-For: Bug #569917
I cooked a little patch that adds a --compressprog command line option and
COMPRESSPROG option in pbuilderrc.
Tested with pigz, to get multithreaded, and therefore much faster
compression/decompression, and xz.
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-00002-g5eeb7f9 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.0.4
ii debootstrap 1.0.38
ii wget 1.13.4-1
Versions of packages pbuilder recommends:
ii devscripts 2.11.2
ii fakeroot 1.18.1-1
ii sudo 1.8.3p1-2
Versions of packages pbuilder suggests:
pn cowdancer 0.65
pn gdebi-core <none>
pn pbuilder-uml <none>
-- debconf information:
pbuilder/mirrorsite: http://ftp.de.debian.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tags 620730 + patch pending
tags 626431 + patch pending
tags 627086 + patch pending
tags 603420 + patch pending
tags 601250 + patch pending
tags 603881 = unreproducible
tags 400848 = unreproducible
tags 622624 = unreproducible
thanks
Dear Junichi, Matt and others,
I’ve prepared an NMU for pbuilder (versioned as 0.199+nmu4) and uploaded
it to Debian unstable, with a two-day delay as per devref §5.11.1 since
this fixes an RC bug older than seven days. The debdiff is attached; it
closes five bugs. I’m also tagging three other bugs as unreproducible as
pbuilder itself (obviously) doesn’t FTBFS on my system and the test pak-
kage I used didn’t exhibit problems with either comment blocks or hori-
zontal tabulator characters in the control file. I’m also attaching the
test package (absolutely minimal, but that’s what you get).
I mostly used patches from the bugs closed as baseline for my changes,
but did a bit more usually. I’m a heavy user of cowbuilder, because on
m68k there’s currently no buildd and cowbuilder is all I know (and love,
really… someone should make a buildd flavour that uses cowbuilder in-
stead of sbuild, if it goes by my will).
Cheers.
|
| |
|
|
|
|
|
| |
By unsetting APTGETOPT, and setting
PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option
of verifying the key signature of each package against the installed
keyring.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.196
Severity: wishlist
Tags: patch
The following patch orders items alphabetically in FORMAT section. This patch
is based on git:
54964ae git://git.debian.org/git/pbuilder/pbuilder.git
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.5 Bootstrap a Debian system
ii coreutils 7.4-2 The GNU core utilities
ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii debianutils 3.2.2 Miscellaneous utilities specific t
ii debootstrap 1.0.22 Bootstrap a basic Debian system
ii wget 1.12-2 retrieves files from the web
Versions of packages pbuilder recommends:
ii devscripts 2.10.64 scripts to make the life of a Debi
ii fakeroot 1.14.4-1 Gives a fake root environment
ii sudo 1.7.2p5-1 Provide limited super user privile
Versions of packages pbuilder suggests:
ii cowdancer 0.61 Copy-on-write directory tree utili
pn gdebi-core <none> (no description available)
pn pbuilder-uml <none> (no description available)
-- debconf information excluded
>From 54964aefb8f4130570e163ebeb4e4268ff1a2872 Mon Sep 17 00:00:00 2001
From: Jari Aalto <jari.aalto@cante.net>
Date: Fri, 30 Apr 2010 04:15:06 +0300
Subject: [PATCH] pbuilderrc.5: (FORMAT): Order items alphabetically
Organization: Private
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Signed-off-by: Jari Aalto <jari.aalto@cante.net>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Add builtin support for using ccache in pbuilder and enable it by
default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and
chown it to BUILDUSERID at build time. Install/remove ccache
automatically on create/update if CCACHEDIR is set/unset. Update docs
and remove old ccache config example. Add a NEWS entry featuring the
change.
|
| |
|
|
|
| |
pbuilder: add support for setting the architecture on the command-line
and in pbuilderrc.
|
| |
|
|
| |
Change default root command from sudo to sudo -E; closes: #361362
|
| | |
|
| |
|
|
|
|
| |
Change --debbuildopts to be additive and reset the list of options to
the empty list if --debbuildopts "" is passed. Update docs and add NEWS
entry.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.181
Severity: normal
Tags: patch
pbuilder.1 does not exists. I assume it meant to be pbuilder.8
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Here is a patch against latest git revision which adds the ability to specify
the components either via $COMPONENTS in pbuilderrc or via the command line with
--components.
It is based on some of the Ubuntu changes [1].
[1] http://patches.ubuntu.com/p/pbuilder/pbuilder_0.170ubuntu1.patch
|
| |
|
|
|
|
| |
install pbuilder-satisfydepends-aptitude as the deafault
pbuilder-satisfydepends
* install aptitude per default in chroot.
|
| | |
|
| | |
|
| |
|
|
| |
web page
|
| |\ |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implementation of pbuilder-satisfydepends which supports pulling
build-deps with a version on the apt-get command-line; this is derived
from pbuilder-satisfydepends with the following changes:
- Add and use new package_versions() and candidate_version() helpers;
the former returns all versions of a package available via APT, the
later APT's candidate version.
- For versionned build-deps, when building the "apt-get install"
command, try APT's candidate version or all available versions
available from APT in ascending order (the reverse order of
apt-cache's output); checkbuilddep_versiondeps() isn't used for this
part of the process anymore, but it is still used to honor
build-conflicts.
- Recover from APT errors caused by unsufficient dependencies
("libfoo-dev Depends: bar but baz is to be installed") and missing
dependencies libfoo-dev Depends: bar but it is not going to be
installed", or simply "libfoo-dev Depends: bar"); this permits
simply listing build-deps when uploading to experimental; achieved
by moving the version matching logic in the new
versioneddep_to_aptcmd() helper.
* pbuilderrc, pbuilderrc.5: document the availability of the alternate
implementation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use $PBUILDERSATISFYDEPENDSCMD instead of
/usr/lib/pbuilder/pbuilder-satisfydepends.
* pbuilderrc: set PBUILDERSATISFYDEPENDSCMD to
/usr/lib/pbuilder/pbuilder-satisfydepends by default.
* pbuilderrc.5: document PBUILDERSATISFYDEPENDSCMD.
* debian/TODO: alternatives implementation of pbuilder-satisfydepends
now possible.
* pdebuild-checkparams, pdebuild-uml-checkparams, pdebuild-internal:
add a new --pbuildersatisfydepends flag to override
PBUILDERSATISFYDEPENDSCMD
* pdebuild: pass --pbuildersatisfydepends to pdebuild-internal.
* pbuilder-modules, pdebuild.1: document --pbuildersatisfydepends.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pbuilder supports pdebuild/cowbuilder
login/execute/update/create etc. can also be --login/--execute/--update/--create etc.
to cater for cowbuilder
documentation updates / XML typesetting fixes.
manpage fixes / spellchecking
generally what I did while I was on plane trip from Debconf Mexico to Japan.
|
| |
|
|
|
|
|
|
|
|
|
| |
* pbuilderrc.5: undocument the restriction that --buildresult
option needs to be specified for pdebuild, and BUILDRESULT cannot
be used.
I should probably warn that the directory should be absolute.
* pdebuild.1: fix man a bit to make --buildresult option doc
unambiguous.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
+
+ * pbuilder.8: update documentation of --pkgname-logfile
+
+ * pbuilder-buildpackage: allow chown, and add support for PKGNAME_LOGFILE_EXTENTION.
+
+ * pbuilderrc (PKGNAME_LOGFILE_EXTENTION): add
+
+ * pbuilderrc.5: document
+
|
| | |
|
| |
|
|
|
|
|
|
|
| |
(Closes: #352224).
* Bug fix: "sudo pbuilder login --save-after-login includes the apt
cache in the base.tgz", thanks to Andreas Beckmann (Closes: #351526).
* Bug fix: "pbuilder: Arch-specific
build-deps printed weird", thanks to Daniel Schepler (Closes:
#184149).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+
+ * debian/control: allow cdebootstrap dependency.
+
+ * testsuite/run-test.sh: complicate the process by testing both
+ cdebootstrap and debootstrap.
+
+ * pbuilder.8: document --debootstrap
+
+ * pbuilder-checkparams: --debootstrap
+
+ * pbuilder-modules: --debootstrap
+
+ * pbuilder-createbuildenv: unset DEBOOTSTRAPSCRIPT instead of setting
+ "". The number of parameter given to cdebootstrap changes.
+ since DEBOOTSTRAPSCRIPT are not supported by cdebootstrap,
+ Giving cdebootstrap this parameter caused it to fail.
+
+ * pbuilderrc.5: Document DEBOOTSTRAP
+
+ * pbuilderrc (DEBOOTSTRAP): new option.
+
+ * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): call ${DEBOOTSTRAP} instead of calling debootstrap directly.
+
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
+
+ * debuild-pbuilder.1:
+ * pbuilder-uml.conf.5:
+ * pbuilderrc.5:
+ * pdebuild.1:
+ * pdebuild-user-mode-linux.1:
+ * pbuilder.8: add \% escape for URL.
+
|
| |
|
|
|
|
|
|
| |
+
+ * Update confusing documentation on --debemail option. (closes: #302855)
+
+ -- Junichi Uekawa <dancer@debian.org> Wed, 6 Apr 2005 08:09:25 +0900
+
|
| | |
|
| |
|
|
|
|
|
| |
+
+ * pbuilderrc.5: Fix formatting errors
+ #279700 from Jordi Mallach
+
|
| |
|
|
|
|
|
| |
+ for the work on debootstrap side.
+ Note that this change does not affect user-mode-linux, since
+ user-mode-linux version uses rootstrap
+ (closes: #154528)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+
+ * Makefile (install): update build rules to install pdebuild-internal
+
+ * pbuilderrc.5: update document USE_PDEBUILD_INTERNAL
+
+ * pdebuild-user-mode-linux.1: document --use-pdebuild-internal
+
+ * pdebuild.1: document --use-pdebuild-internal
+
+ * pbuilder-modules: document use-pdebuild-internal
+
+ * pbuilder-checkparams: --use-pdebuild-internal option.
+
+ * pdebuild: use pdebuild-internal if USE_PDEBUILD_INTERNAL option is 'yes'
+
+ * pdebuild-user-mode-linux: use pdebuild-internal if USE_PDEBUILD_INTERNAL option is 'yes'
+
+ * pdebuild-internal: Implement a pbuilder execute script to be
+ used for pdebuild without doing debian/rules clean outside of chroot.
+
+ * pbuilder-checkparams: support multiple bindmounts;
+ delimit it with spaces.
+
+ * pbuilder-modules: add --debug option here.
+
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+
+ * pdebuild.1: pbuilder will use the config file that is specified
+ as pdebuild command-line.
+
+ * pdebuild (ARCHITECTURE): Add --configfile to the call to pbuilder
+ invocation.
+
+ * pbuilder-checkparams (IGNORE_UMOUNT): EXTRA_CONFIGFILE is an array
+ containing the list of CONFIGFILEs loaded via --configfile.
+
+ * pbuilder-user-mode-linux: rename variable that looked similar to
+ other variable. CONFIGFILE->SYSTEM_CONFIG.
+
+ * pbuilder-checkparams (IGNORE_UMOUNT): add error check to --configfile option
+
+ * pbuilderrc.5: update docs on BUILDRESULT not effective on
+ pdebuild.
+
+ * pdebuild.1: add notes on pdebuild requiring buildresult to be
+ specified.
+
|
| | |
|
| | |
|