| Commit message (Expand) | Author | Age |
|---|
| * | Do not try to use /dev/shm if /run/shm is not present. (closes: #702811, #702...•••falling back to /dev/shm doesn't make sense; /dev/shm is a symlink to /run/shm.
rename variable to USERUNSHM instead of USEDEVSHM, we don't need to touch /dev/shm
| Junichi Uekawa | 2013-03-26 |
| * | Added support for shared memory mounting point (closes: #700591) | Agustin Henze | 2013-02-28 |
| * | set ccachedir to default to off. It's a minor optimization that a developer m...•••I could go around fixing all those bugs but I would rather like to not
force everyone to use ccache when ccache is not for everybody.
| Junichi Uekawa | 2012-06-04 |
| * | Bug#652634: Allow to copy additional files out of the build directory•••On Sat, Dec 24, 2011 at 05:22:05PM +0900, Junichi Uekawa wrote:
> Hi,
>
> I'd use a shell array for specifying the values; but yes I think I
> too wanted this feature at one point.
Attached is a patch that uses a shell array and adds some documentation.
Please apply if you see fit.
> Would list of filename (I will imagine there will be requests for all
> sorts of wildcards after release, which is kind of a pain) be useful
> or a directory that a post-build script can write to after build be
> useful? (I think qemubuilder needed something to do with a specific
> directory that you can write to, but I will need to check how I did
> it).
I'd be great to have this in first and see how others use it. It
wouldn't be a problem to introduce an ADDITIONAL_BUILD_RESULTS_DIR
later.
Cheers,
-- Guido
>From ad3569e07a9cc64cd5b126193cddf311e48180a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Mon, 19 Dec 2011 13:31:59 +0100
Subject: [PATCH] Add ADDITIONAL_BUILDRESULTS variable
this can be used to copy additional build results out of the build
directory. It's useful to e.g. preserve a xml testresult file when using
a build system like Jenkins.
| Guido Günther | 2012-03-13 |
| * | Bug#579028: pbuilder: installs untrusted packages without asking•••Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
| Simon Ruderich | 2012-03-09 |
| * | Bug#660386: pbuilder: Remove /usr/X11R6/bin from default PATH•••It hasn't been around since squeeze time, should be safe to remove.
| Junichi Uekawa | 2012-03-09 |
| * | Bug#569917: Support base.tar.xz/bz2 as well as tgz•••Package: pbuilder
Version: 0.203
Followup-For: Bug #569917
I cooked a little patch that adds a --compressprog command line option and
COMPRESSPROG option in pbuilderrc.
Tested with pigz, to get multithreaded, and therefore much faster
compression/decompression, and xz.
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-00002-g5eeb7f9 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.0.4
ii debootstrap 1.0.38
ii wget 1.13.4-1
Versions of packages pbuilder recommends:
ii devscripts 2.11.2
ii fakeroot 1.18.1-1
ii sudo 1.8.3p1-2
Versions of packages pbuilder suggests:
pn cowdancer 0.65
pn gdebi-core <none>
pn pbuilder-uml <none>
-- debconf information:
pbuilder/mirrorsite: http://ftp.de.debian.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
| Tino Keitel | 2011-11-29 |
| * | Add an option to verify key signatures. (closes: #579028)•••By unsetting APTGETOPT, and setting
PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option
of verifying the key signature of each package against the installed
keyring.
| Junichi Uekawa | 2010-07-05 |
| * | add --keyring option as default parameter to DEBOOTSTRAPOPTS (closes: 579028)•••This is first step into allowing 'trusted packages only' mode in
pbuilder.
This only enables signature checking for debootstrap when creating
Debian chroot.
Further changes are required if you want to check for signature in apt
/ aptitude invocations.
| Junichi Uekawa | 2010-06-24 |
| * | Drop +x mode on pbuilderrc | Loïc Minier | 2010-01-30 |
| * | Revert "pbuilderrc: --variant=buildd is temporarily broken, disable."•••This reverts commit c4ab4315db070188f3d35701579188674787aa0c. apt does
not have to be Build-Essential: yes since e.g. sbuild installs packages
with host tools and installation of build-deps does not need to happen
with build-essential packages anyway. Installation of apt was fixed in
4a573bcd0d272747c2020071f29570668f81a249.
| Loïc Minier | 2010-01-04 |
| * | Add builtin ccache support, enabled by default•••Add builtin support for using ccache in pbuilder and enable it by
default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and
chown it to BUILDUSERID at build time. Install/remove ccache
automatically on create/update if CCACHEDIR is set/unset. Update docs
and remove old ccache config example. Add a NEWS entry featuring the
change.
| Loïc Minier | 2010-01-02 |
| * | Add aptitude if pbuilder-satisfydepends uses it•••Install aptitude (with no possibility to override this) if
pbuilder-satisfydepends uses it; closes: 539578.
| Loïc Minier | 2010-01-02 |
| * | pbuilder: Add --architecture and ARCHITECTURE flag•••pbuilder: add support for setting the architecture on the command-line
and in pbuilderrc.
| Loïc Minier | 2009-12-30 |
| * | pbuilderrc: --variant=buildd is temporarily broken, disable.•••apt is marked as not build-essential, and we end up with a chroot
without apt, which is bad.
| Junichi Uekawa | 2009-12-27 |
| * | Change default root command to sudo -E; #361362•••Change default root command from sudo to sudo -E; closes: #361362
| Loïc Minier | 2009-12-14 |
| * | Do not mention codename of testing where possible•••Avoid mentionning the codename of the current testing distribution where
possible as this gets out of date -- except in the rebuild README where
the current testig is really what we want.
| Loïc Minier | 2009-12-14 |
| * | Use debootstrap by default instead of cdebootstrap | Loïc Minier | 2009-12-13 |
| * | set default to 'main' in pbuilderrc•••cowbuilder depends on this variable being set somewhere.
| Junichi Uekawa | 2009-12-13 |
| * | Comment out COMPONENTS as main is the default•••pbuilderrc: Comment out COMPONENTS as main is already the default; list
all components of Debian and Ubuntu as an example
| Loïc Minier | 2009-12-11 |
| * | Update header of /usr/share/pbuilder/pbuilderrc | Loïc Minier | 2009-12-11 |
| * | allow --autocleanaptcache to be specified in pbuilderrc. | Matt Kraai | 2009-11-13 |
| * | install aptitude via EXTRAPACKAGES, and not hard-code. (closes: #539578) | Junichi Uekawa | 2009-08-08 |
| * | add PDEBUILD_PBUILDER example to use cowbuilder | Otavio Salvador | 2009-01-20 |
| * | REMOVEPACKAGES="", thanks to Sven Joachim (closes: #500002)•••lilo is not installed by default anymore, and having it here makes a
dpkg warning every time. Good-bye!
| Junichi Uekawa | 2008-09-28 |
| * | use cdn.debian.net | Junichi Uekawa | 2008-03-07 |
| * | make ftp.jp.debian.org the default for for the time being. ftp.debian.org onl... | Junichi Uekawa | 2008-03-07 |
| * | Change back the MIRRORSITE in the example file•••Since now the pbuilderrc is just an example, might as well
use some correct info that is meaningful for a human.
Also, this was broken since the default rc info was not valid
anymore (in the absence of /etc/pbuilderrc)
Signed-off-by: Eddy Petrișor <eddy.petrisor@gmail.com>
| Eddy Petrișor | 2008-03-06 |
| * | Merge branch 'master' of git://git.debian.org/git/pbuilder/pbuilder•••Conflicts:
Makefile
debian/changelog
| Eddy Petrișor | 2008-02-29 |
| |\ |
|
| | * | set COMPONENTS default value | Junichi Uekawa | 2007-10-25 |
| | * | [Pbuilder-maint] Bug#422371: Patch for specifying components••• Here is a patch against latest git revision which adds the ability to specify
the components either via $COMPONENTS in pbuilderrc or via the command line with
--components.
It is based on some of the Ubuntu changes [1].
[1] http://patches.ubuntu.com/p/pbuilder/pbuilder_0.170ubuntu1.patch
| Adrien Cunin | 2007-10-22 |
| * | | do not overwrite custom pbuilderrc files, only the default | Eddy Petrisor | 2007-06-28 |
| |/ |
|
| * | * make pbuilderrc example on DEBBUILDOPTS not contain -b, which is not recomm... | Junichi Uekawa | 2007-06-20 |
| * | minor documentation update for etch release | Junichi Uekawa | 2007-04-10 |
| * | * Document pbuilder-satisfydepends-aptitude. | Loïc Minier | 2007-04-01 |
| * | change buildd variant the default | Junichi Uekawa | 2007-01-22 |
| * | * pbuilder-satisfydepends-experimental, Makefile: alternate•••implementation of pbuilder-satisfydepends which supports pulling
build-deps with a version on the apt-get command-line; this is derived
from pbuilder-satisfydepends with the following changes:
- Add and use new package_versions() and candidate_version() helpers;
the former returns all versions of a package available via APT, the
later APT's candidate version.
- For versionned build-deps, when building the "apt-get install"
command, try APT's candidate version or all available versions
available from APT in ascending order (the reverse order of
apt-cache's output); checkbuilddep_versiondeps() isn't used for this
part of the process anymore, but it is still used to honor
build-conflicts.
- Recover from APT errors caused by unsufficient dependencies
("libfoo-dev Depends: bar but baz is to be installed") and missing
dependencies libfoo-dev Depends: bar but it is not going to be
installed", or simply "libfoo-dev Depends: bar"); this permits
simply listing build-deps when uploading to experimental; achieved
by moving the version matching logic in the new
versioneddep_to_aptcmd() helper.
* pbuilderrc, pbuilderrc.5: document the availability of the alternate
implementation.
| lool | 2006-11-06 |
| * | * debuild-pbuilder, pbuilder-buildpackage-funcs, pdebuild-internal:••• use $PBUILDERSATISFYDEPENDSCMD instead of
/usr/lib/pbuilder/pbuilder-satisfydepends.
* pbuilderrc: set PBUILDERSATISFYDEPENDSCMD to
/usr/lib/pbuilder/pbuilder-satisfydepends by default.
* pbuilderrc.5: document PBUILDERSATISFYDEPENDSCMD.
* debian/TODO: alternatives implementation of pbuilder-satisfydepends
now possible.
* pdebuild-checkparams, pdebuild-uml-checkparams, pdebuild-internal:
add a new --pbuildersatisfydepends flag to override
PBUILDERSATISFYDEPENDSCMD
* pdebuild: pass --pbuildersatisfydepends to pdebuild-internal.
* pbuilder-modules, pdebuild.1: document --pbuildersatisfydepends.
| lool | 2006-11-06 |
| * | support PKGNAME_LOGFILE option in pbuilderrc. | dancer | 2006-08-15 |
| * | update | dancer | 2006-03-21 |
| * | +2006-03-18 Junichi Uekawa <dancer@debian.org>•••+
+ * pbuilder.8: update documentation of --pkgname-logfile
+
+ * pbuilder-buildpackage: allow chown, and add support for PKGNAME_LOGFILE_EXTENTION.
+
+ * pbuilderrc (PKGNAME_LOGFILE_EXTENTION): add
+
+ * pbuilderrc.5: document
+
| dancer | 2006-03-17 |
| * | add support for chmod/chown of logfile, needs more work. | dancer | 2006-03-17 |
| * | remove support for --nonusmirror. | dancer | 2006-02-22 |
| * | pbuilder-buildpackage-funcs: 'install' was missing from apt-get for EXTRAPACK...•••pbuilderrc: make fakeroot default.
Documentation/pbuilder-doc.xml: update a note on pdebuild-internal is ran as the outside user uid.
pdebuild-internal: Add a note what I'm doing.
| dancer | 2005-12-05 |
| * | 2005-08-28 Junichi Uekawa <dancer@debian.org>••• * pbuilderrc: SHELL variable is set a default value.
| dancer | 2005-08-28 |
| * | +2005-08-07 Junichi Uekawa <dancer@debian.org>•••+
+ * debian/control: allow cdebootstrap dependency.
+
+ * testsuite/run-test.sh: complicate the process by testing both
+ cdebootstrap and debootstrap.
+
+ * pbuilder.8: document --debootstrap
+
+ * pbuilder-checkparams: --debootstrap
+
+ * pbuilder-modules: --debootstrap
+
+ * pbuilder-createbuildenv: unset DEBOOTSTRAPSCRIPT instead of setting
+ "". The number of parameter given to cdebootstrap changes.
+ since DEBOOTSTRAPSCRIPT are not supported by cdebootstrap,
+ Giving cdebootstrap this parameter caused it to fail.
+
+ * pbuilderrc.5: Document DEBOOTSTRAP
+
+ * pbuilderrc (DEBOOTSTRAP): new option.
+
+ * pbuilder-createbuildenv (DEBOOTSTRAPSCRIPT): call ${DEBOOTSTRAP} instead of calling debootstrap directly.
+
| dancer | 2005-08-07 |
| * | pbuilder (0.128) unstable; urgency=low••• * Add example framework to test package inside chroot
- B92test-pkg
- add debian/pbuilder-test/ directory to test pbuilder itself.
* Documentation/pbuilder-doc.xml:
- add reference on directory structure on pbuilder.
- Add note on pbuilder-test
* Support '--distribution experimental'.
"pbuilder: Please add support for experimental", thanks to
Emanuele Rocca (Closes: #308813).
and also support working with new apt-get by using --force-yes.
(closes: 316281).
* Feature enhancement: "pbuilder: Clean apt cache ", thanks to Daniel Schepler
implement --autocleanaptcache option.
(Closes: #185227).
* pdebuild now checks for unsupported command-line options.
Bug fix: "pbuilder: pdebuild does not warn about --basetgz or
--distribution", thanks to Matt Kraai (Closes: #305944).
* man pages fixup: add \% for non-hyphenation (closes: #310656)
* Fix find options -xdev location. (closes: #312913)
* Bug fix: "pbuilder: Please document proper format of OTHERMIRROR",
thanks to Roberto C. Sanchez (Closes: #312153).
* Bug fix: "pbuilder: Support for preserving environment PATH", thanks
to Brian Nelson (Closes: #306448).
* work around debootstrap 3.0.0 bug which fails to build sid chroot
with --variant=buildd, by not passing --variant=buildd,
see 314858
-- Junichi Uekawa <dancer@debian.org> Sat, 2 Jul 2005 13:20:23 +0900
| dancer | 2005-07-02 |
| * | PATH setting. | dancer | 2005-06-20 |
| * | 2005-02-13 Junichi Uekawa <dancer@debian.org>••• * pbuilder.8: update documentation to include 'sarge'
* pbuilder: set umask 0022 in pbuilder.
276589
* pbuilderrc (BUILDRESULT): make default distribution sarge, instead of woody.
* pbuilder-modules: update to include sarge in list of distributions;
this list is too long, needs some improvement.
289170
* pdebuild: Change build results by default to be owned by the building user, not root:root
This change only required for pdebuild only, UML already runs as user.
286397
* pbuilder.8: clarify documentation for 286602, Do not use --debbuildopts -B, but
use --binary-arch
* Documentation/pbuilder-doc.xml: 293882: Jens Seidel <jensseidel@users.sf.net> small typo fixes.
* pbuilderrc (MIRRORSITE): 295032: change default mirror from www.jp.debian.org to ftp.jp.debian.org
| dancer | 2005-02-13 |
| * | fux | dancer | 2004-04-06 |