aboutsummaryrefslogtreecommitdiff
path: root/pbuilderrc
Commit message (Collapse)AuthorAge
* New config: BUILD_HOME, to be able to set the value of HOME while building. ↵Mattia Rizzolo2015-10-14
| | | | | | | | Default it to /nonexistent to prevent builds from writing to /home. This reverts what was done for #170762 Closes: #441052
* Make the debdelta implementation more rubost and document the new options in ↵Mattia Rizzolo2015-10-05
| | | | the manpages
* Switch all instances of cdn.debian.net to httpredir.debian.orgMattia Rizzolo2015-10-03
| | | | Closes: #774468
* Allow copying the local configuration from a defined directory, instead of ↵Mattia Rizzolo2015-09-18
| | | | | | | | system /etc. New configuration variable: CONFDIR Closes: #580086
* change default BUILDDIR to /buildMattia Rizzolo2015-08-08
| | | | Closes: 789404
* parametrize the build directory using the conf option BUILDDIRMattia Rizzolo2015-08-08
|
* Deprecate the PKGNAME_LOGFILE_EXTENTION conf entry in favour of ↵Mattia Rizzolo2015-06-23
| | | | | | PKGNAME_LOGFILE_EXTENSION to fix the typo Closes: #693458
* Add support for hurdGabriele Giacone2015-06-22
| | | | Closes: #753801
* import 0.125+nmu1Mattia Rizzolo2015-06-17
|
* Do not try to use /dev/shm if /run/shm is not present. (closes: #702811, ↵Junichi Uekawa2013-03-26
| | | | | | | | #702102) falling back to /dev/shm doesn't make sense; /dev/shm is a symlink to /run/shm. rename variable to USERUNSHM instead of USEDEVSHM, we don't need to touch /dev/shm
* Added support for shared memory mounting point (closes: #700591)Agustin Henze2013-02-28
|
* set ccachedir to default to off. It's a minor optimization that a developer ↵Junichi Uekawa2012-06-04
| | | | | | | may choose to enable at the cost of incompatibility and some bugs. (closes: #675691, #675843, #670651) I could go around fixing all those bugs but I would rather like to not force everyone to use ccache when ccache is not for everybody.
* Bug#652634: Allow to copy additional files out of the build directoryGuido Günther2012-03-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Sat, Dec 24, 2011 at 05:22:05PM +0900, Junichi Uekawa wrote: > Hi, > > I'd use a shell array for specifying the values; but yes I think I > too wanted this feature at one point. Attached is a patch that uses a shell array and adds some documentation. Please apply if you see fit. > Would list of filename (I will imagine there will be requests for all > sorts of wildcards after release, which is kind of a pain) be useful > or a directory that a post-build script can write to after build be > useful? (I think qemubuilder needed something to do with a specific > directory that you can write to, but I will need to check how I did > it). I'd be great to have this in first and see how others use it. It wouldn't be a problem to introduce an ADDITIONAL_BUILD_RESULTS_DIR later. Cheers, -- Guido >From ad3569e07a9cc64cd5b126193cddf311e48180a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> Date: Mon, 19 Dec 2011 13:31:59 +0100 Subject: [PATCH] Add ADDITIONAL_BUILDRESULTS variable this can be used to copy additional build results out of the build directory. It's useful to e.g. preserve a xml testresult file when using a build system like Jenkins.
* Bug#579028: pbuilder: installs untrusted packages without askingSimon Ruderich2012-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package: pbuilder Version: 0.206 Tags: patch Followup-For: Bug #579028 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Maintainer, The attached patch changes the defaults to always enforce signed repositories and aborts if an untrusted/manipulated package is installed. It adds the new option --keyring (APTKEYRINGS) to add additional keyrings, which are then used to verify the (local) signed repositories. This way no untrusted packages can be installed. To still allow untrusted/unsigned repositories - they are a very bad idea and allow remote attackers performing a MITM to take over the system, including all built packages - the new option - --allow-untrusted (ALLOWUNTRUSTED) was added. I tested it with the official Debian repository, signed and unsigned local repositories and it works fine for me. But I'm only a "normal" pbuilder user, so I might have missed something. Please test the patch. I haven't tested it with cdebootstrap, but it should work as well. The old PBUILDERSATISFYDEPENDSOPT --check-key option was deprecated and is no longer used (it emits a warning now) as validation is the default now. The patch also contains documentation updates for the new options/variables and updates for the NEWS file describing the necessary changes to continue using untrusted packages (but please don't do that - especially as a Debian developer). Please have a look and include the patch as soon as possible to fix this security issue. Regards, Simon - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages pbuilder depends on: ii cdebootstrap 0.5.8+b1 ii coreutils 8.13-3 ii debconf [debconf-2.0] 1.5.41 ii debianutils 4.2.1 ii debootstrap 1.0.38 ii dpkg-dev 1.16.1.2 ii wget 1.13.4-2 Versions of packages pbuilder recommends: pn devscripts 2.11.4 pn fakeroot 1.18.2-1 pn sudo <none> Versions of packages pbuilder suggests: pn cowdancer <none> pn gdebi-core <none> pn pbuilder-uml <none> - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3 uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ 7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7 0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH oF3CcmlykKX4SYzhUI/e =6EPj -----END PGP SIGNATURE----- >From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001 Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org> From: Simon Ruderich <simon@ruderich.org> Date: Tue, 6 Mar 2012 02:00:48 +0100 Subject: [PATCH] Enforce valid signed repositories by default.
* Bug#660386: pbuilder: Remove /usr/X11R6/bin from default PATHJunichi Uekawa2012-03-09
| | | | It hasn't been around since squeeze time, should be safe to remove.
* Bug#569917: Support base.tar.xz/bz2 as well as tgzTino Keitel2011-11-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Package: pbuilder Version: 0.203 Followup-For: Bug #569917 I cooked a little patch that adds a --compressprog command line option and COMPRESSPROG option in pbuilderrc. Tested with pigz, to get multithreaded, and therefore much faster compression/decompression, and xz. Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-00002-g5eeb7f9 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pbuilder depends on: ii cdebootstrap 0.5.8+b1 ii coreutils 8.13-3 ii debconf [debconf-2.0] 1.5.41 ii debianutils 4.0.4 ii debootstrap 1.0.38 ii wget 1.13.4-1 Versions of packages pbuilder recommends: ii devscripts 2.11.2 ii fakeroot 1.18.1-1 ii sudo 1.8.3p1-2 Versions of packages pbuilder suggests: pn cowdancer 0.65 pn gdebi-core <none> pn pbuilder-uml <none> -- debconf information: pbuilder/mirrorsite: http://ftp.de.debian.org/debian/ pbuilder/nomirror: pbuilder/rewrite: false
* Add an option to verify key signatures. (closes: #579028)Junichi Uekawa2010-07-05
| | | | | | | By unsetting APTGETOPT, and setting PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option of verifying the key signature of each package against the installed keyring.
* add --keyring option as default parameter to DEBOOTSTRAPOPTS (closes: 579028)Junichi Uekawa2010-06-24
| | | | | | | | | | | This is first step into allowing 'trusted packages only' mode in pbuilder. This only enables signature checking for debootstrap when creating Debian chroot. Further changes are required if you want to check for signature in apt / aptitude invocations.
* Drop +x mode on pbuilderrcLoïc Minier2010-01-30
|
* Revert "pbuilderrc: --variant=buildd is temporarily broken, disable."Loïc Minier2010-01-04
| | | | | | | | This reverts commit c4ab4315db070188f3d35701579188674787aa0c. apt does not have to be Build-Essential: yes since e.g. sbuild installs packages with host tools and installation of build-deps does not need to happen with build-essential packages anyway. Installation of apt was fixed in 4a573bcd0d272747c2020071f29570668f81a249.
* Add builtin ccache support, enabled by defaultLoïc Minier2010-01-02
| | | | | | | | | Add builtin support for using ccache in pbuilder and enable it by default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and chown it to BUILDUSERID at build time. Install/remove ccache automatically on create/update if CCACHEDIR is set/unset. Update docs and remove old ccache config example. Add a NEWS entry featuring the change.
* Add aptitude if pbuilder-satisfydepends uses itLoïc Minier2010-01-02
| | | | | Install aptitude (with no possibility to override this) if pbuilder-satisfydepends uses it; closes: 539578.
* pbuilder: Add --architecture and ARCHITECTURE flagLoïc Minier2009-12-30
| | | | | pbuilder: add support for setting the architecture on the command-line and in pbuilderrc.
* pbuilderrc: --variant=buildd is temporarily broken, disable.Junichi Uekawa2009-12-27
| | | | | apt is marked as not build-essential, and we end up with a chroot without apt, which is bad.
* Change default root command to sudo -E; #361362Loïc Minier2009-12-14
| | | | Change default root command from sudo to sudo -E; closes: #361362
* Do not mention codename of testing where possibleLoïc Minier2009-12-14
| | | | | | Avoid mentionning the codename of the current testing distribution where possible as this gets out of date -- except in the rebuild README where the current testig is really what we want.
* Use debootstrap by default instead of cdebootstrapLoïc Minier2009-12-13
|
* set default to 'main' in pbuilderrcJunichi Uekawa2009-12-13
| | | | cowbuilder depends on this variable being set somewhere.
* Comment out COMPONENTS as main is the defaultLoïc Minier2009-12-11
| | | | | pbuilderrc: Comment out COMPONENTS as main is already the default; list all components of Debian and Ubuntu as an example
* Update header of /usr/share/pbuilder/pbuilderrcLoïc Minier2009-12-11
|
* allow --autocleanaptcache to be specified in pbuilderrc.Matt Kraai2009-11-13
|
* install aptitude via EXTRAPACKAGES, and not hard-code. (closes: #539578)Junichi Uekawa2009-08-08
|
* add PDEBUILD_PBUILDER example to use cowbuilderOtavio Salvador2009-01-20
|
* REMOVEPACKAGES="", thanks to Sven Joachim (closes: #500002)Junichi Uekawa2008-09-28
| | | | | lilo is not installed by default anymore, and having it here makes a dpkg warning every time. Good-bye!
* use cdn.debian.netJunichi Uekawa2008-03-07
|
* make ftp.jp.debian.org the default for for the time being. ftp.debian.org ↵Junichi Uekawa2008-03-07
| | | | only has parts of Debian.
* Change back the MIRRORSITE in the example fileEddy Petrișor2008-03-06
| | | | | | | | | Since now the pbuilderrc is just an example, might as well use some correct info that is meaningful for a human. Also, this was broken since the default rc info was not valid anymore (in the absence of /etc/pbuilderrc) Signed-off-by: Eddy Petrișor <eddy.petrisor@gmail.com>
* Merge branch 'master' of git://git.debian.org/git/pbuilder/pbuilderEddy Petrișor2008-02-29
|\ | | | | | | | | | | | | Conflicts: Makefile debian/changelog
| * set COMPONENTS default valueJunichi Uekawa2007-10-25
| |
| * [Pbuilder-maint] Bug#422371: Patch for specifying componentsAdrien Cunin2007-10-22
| | | | | | | | | | | | | | | | | | Here is a patch against latest git revision which adds the ability to specify the components either via $COMPONENTS in pbuilderrc or via the command line with --components. It is based on some of the Ubuntu changes [1]. [1] http://patches.ubuntu.com/p/pbuilder/pbuilder_0.170ubuntu1.patch
* | do not overwrite custom pbuilderrc files, only the defaultEddy Petrisor2007-06-28
|/
* * make pbuilderrc example on DEBBUILDOPTS not contain -b, which is not ↵Junichi Uekawa2007-06-20
| | | | recommended.
* minor documentation update for etch releaseJunichi Uekawa2007-04-10
|
* * Document pbuilder-satisfydepends-aptitude.Loïc Minier2007-04-01
|
* change buildd variant the defaultJunichi Uekawa2007-01-22
|
* * pbuilder-satisfydepends-experimental, Makefile: alternatelool2006-11-06
| | | | | | | | | | | | | | | | | | | | | | | | implementation of pbuilder-satisfydepends which supports pulling build-deps with a version on the apt-get command-line; this is derived from pbuilder-satisfydepends with the following changes: - Add and use new package_versions() and candidate_version() helpers; the former returns all versions of a package available via APT, the later APT's candidate version. - For versionned build-deps, when building the "apt-get install" command, try APT's candidate version or all available versions available from APT in ascending order (the reverse order of apt-cache's output); checkbuilddep_versiondeps() isn't used for this part of the process anymore, but it is still used to honor build-conflicts. - Recover from APT errors caused by unsufficient dependencies ("libfoo-dev Depends: bar but baz is to be installed") and missing dependencies libfoo-dev Depends: bar but it is not going to be installed", or simply "libfoo-dev Depends: bar"); this permits simply listing build-deps when uploading to experimental; achieved by moving the version matching logic in the new versioneddep_to_aptcmd() helper. * pbuilderrc, pbuilderrc.5: document the availability of the alternate implementation.
* * debuild-pbuilder, pbuilder-buildpackage-funcs, pdebuild-internal:lool2006-11-06
| | | | | | | | | | | | | | | use $PBUILDERSATISFYDEPENDSCMD instead of /usr/lib/pbuilder/pbuilder-satisfydepends. * pbuilderrc: set PBUILDERSATISFYDEPENDSCMD to /usr/lib/pbuilder/pbuilder-satisfydepends by default. * pbuilderrc.5: document PBUILDERSATISFYDEPENDSCMD. * debian/TODO: alternatives implementation of pbuilder-satisfydepends now possible. * pdebuild-checkparams, pdebuild-uml-checkparams, pdebuild-internal: add a new --pbuildersatisfydepends flag to override PBUILDERSATISFYDEPENDSCMD * pdebuild: pass --pbuildersatisfydepends to pdebuild-internal. * pbuilder-modules, pdebuild.1: document --pbuildersatisfydepends.
* support PKGNAME_LOGFILE option in pbuilderrc.dancer2006-08-15
|
* updatedancer2006-03-21
|
* +2006-03-18 Junichi Uekawa <dancer@debian.org>dancer2006-03-17
| | | | | | | | | | | | + + * pbuilder.8: update documentation of --pkgname-logfile + + * pbuilder-buildpackage: allow chown, and add support for PKGNAME_LOGFILE_EXTENTION. + + * pbuilderrc (PKGNAME_LOGFILE_EXTENTION): add + + * pbuilderrc.5: document +