| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
valid values are D/I/W/E
Closes: #490184
|
| |
|
|
|
|
|
|
| |
Default it to /nonexistent to prevent builds from writing to /home.
This reverts what was done for #170762
Closes: #441052
|
| |
|
|
| |
the manpages
|
| |
|
|
| |
Closes: #774468
|
| |
|
|
|
|
|
|
| |
system /etc.
New configuration variable: CONFDIR
Closes: #580086
|
| |
|
|
| |
Closes: 789404
|
| | |
|
| |
|
|
|
|
| |
PKGNAME_LOGFILE_EXTENSION to fix the typo
Closes: #693458
|
| |
|
|
| |
Closes: #753801
|
| | |
|
| |
|
|
|
|
|
|
| |
#702102)
falling back to /dev/shm doesn't make sense; /dev/shm is a symlink to /run/shm.
rename variable to USERUNSHM instead of USEDEVSHM, we don't need to touch /dev/shm
|
| | |
|
| |
|
|
|
|
|
| |
may choose to enable at the cost of incompatibility and some bugs. (closes: #675691, #675843, #670651)
I could go around fixing all those bugs but I would rather like to not
force everyone to use ccache when ccache is not for everybody.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Sat, Dec 24, 2011 at 05:22:05PM +0900, Junichi Uekawa wrote:
> Hi,
>
> I'd use a shell array for specifying the values; but yes I think I
> too wanted this feature at one point.
Attached is a patch that uses a shell array and adds some documentation.
Please apply if you see fit.
> Would list of filename (I will imagine there will be requests for all
> sorts of wildcards after release, which is kind of a pain) be useful
> or a directory that a post-build script can write to after build be
> useful? (I think qemubuilder needed something to do with a specific
> directory that you can write to, but I will need to check how I did
> it).
I'd be great to have this in first and see how others use it. It
wouldn't be a problem to introduce an ADDITIONAL_BUILD_RESULTS_DIR
later.
Cheers,
-- Guido
>From ad3569e07a9cc64cd5b126193cddf311e48180a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Mon, 19 Dec 2011 13:31:59 +0100
Subject: [PATCH] Add ADDITIONAL_BUILDRESULTS variable
this can be used to copy additional build results out of the build
directory. It's useful to e.g. preserve a xml testresult file when using
a build system like Jenkins.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.206
Tags: patch
Followup-For: Bug #579028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear Maintainer,
The attached patch changes the defaults to always enforce signed
repositories and aborts if an untrusted/manipulated package is
installed. It adds the new option --keyring (APTKEYRINGS) to add
additional keyrings, which are then used to verify the (local)
signed repositories. This way no untrusted packages can be
installed.
To still allow untrusted/unsigned repositories - they are a very
bad idea and allow remote attackers performing a MITM to take
over the system, including all built packages - the new option
- --allow-untrusted (ALLOWUNTRUSTED) was added.
I tested it with the official Debian repository, signed and
unsigned local repositories and it works fine for me. But I'm
only a "normal" pbuilder user, so I might have missed something.
Please test the patch.
I haven't tested it with cdebootstrap, but it should work as
well.
The old PBUILDERSATISFYDEPENDSOPT --check-key option was
deprecated and is no longer used (it emits a warning now) as
validation is the default now.
The patch also contains documentation updates for the new
options/variables and updates for the NEWS file describing the
necessary changes to continue using untrusted packages (but
please don't do that - especially as a Debian developer).
Please have a look and include the patch as soon as possible to
fix this security issue.
Regards,
Simon
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.2.1
ii debootstrap 1.0.38
ii dpkg-dev 1.16.1.2
ii wget 1.13.4-2
Versions of packages pbuilder recommends:
pn devscripts 2.11.4
pn fakeroot 1.18.2-1
pn sudo <none>
Versions of packages pbuilder suggests:
pn cowdancer <none>
pn gdebi-core <none>
pn pbuilder-uml <none>
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
oF3CcmlykKX4SYzhUI/e
=6EPj
-----END PGP SIGNATURE-----
>From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon@ruderich.org>
From: Simon Ruderich <simon@ruderich.org>
Date: Tue, 6 Mar 2012 02:00:48 +0100
Subject: [PATCH] Enforce valid signed repositories by default.
|
| |
|
|
| |
It hasn't been around since squeeze time, should be safe to remove.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package: pbuilder
Version: 0.203
Followup-For: Bug #569917
I cooked a little patch that adds a --compressprog command line option and
COMPRESSPROG option in pbuilderrc.
Tested with pigz, to get multithreaded, and therefore much faster
compression/decompression, and xz.
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-00002-g5eeb7f9 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pbuilder depends on:
ii cdebootstrap 0.5.8+b1
ii coreutils 8.13-3
ii debconf [debconf-2.0] 1.5.41
ii debianutils 4.0.4
ii debootstrap 1.0.38
ii wget 1.13.4-1
Versions of packages pbuilder recommends:
ii devscripts 2.11.2
ii fakeroot 1.18.1-1
ii sudo 1.8.3p1-2
Versions of packages pbuilder suggests:
pn cowdancer 0.65
pn gdebi-core <none>
pn pbuilder-uml <none>
-- debconf information:
pbuilder/mirrorsite: http://ftp.de.debian.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
|
| |
|
|
|
|
|
| |
By unsetting APTGETOPT, and setting
PBUILDERSATISFYDEPENDSOPT=('--check-key'), the user now has an option
of verifying the key signature of each package against the installed
keyring.
|
| |
|
|
|
|
|
|
|
|
|
| |
This is first step into allowing 'trusted packages only' mode in
pbuilder.
This only enables signature checking for debootstrap when creating
Debian chroot.
Further changes are required if you want to check for signature in apt
/ aptitude invocations.
|
| | |
|
| |
|
|
|
|
|
|
| |
This reverts commit c4ab4315db070188f3d35701579188674787aa0c. apt does
not have to be Build-Essential: yes since e.g. sbuild installs packages
with host tools and installation of build-deps does not need to happen
with build-essential packages anyway. Installation of apt was fixed in
4a573bcd0d272747c2020071f29570668f81a249.
|
| |
|
|
|
|
|
|
|
| |
Add builtin support for using ccache in pbuilder and enable it by
default. Ship a new /var/cache/pbuilder/ccache dir and bind-mount and
chown it to BUILDUSERID at build time. Install/remove ccache
automatically on create/update if CCACHEDIR is set/unset. Update docs
and remove old ccache config example. Add a NEWS entry featuring the
change.
|
| |
|
|
|
| |
Install aptitude (with no possibility to override this) if
pbuilder-satisfydepends uses it; closes: 539578.
|
| |
|
|
|
| |
pbuilder: add support for setting the architecture on the command-line
and in pbuilderrc.
|
| |
|
|
|
| |
apt is marked as not build-essential, and we end up with a chroot
without apt, which is bad.
|
| |
|
|
| |
Change default root command from sudo to sudo -E; closes: #361362
|
| |
|
|
|
|
| |
Avoid mentionning the codename of the current testing distribution where
possible as this gets out of date -- except in the rebuild README where
the current testig is really what we want.
|
| | |
|
| |
|
|
| |
cowbuilder depends on this variable being set somewhere.
|
| |
|
|
|
| |
pbuilderrc: Comment out COMPONENTS as main is already the default; list
all components of Debian and Ubuntu as an example
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
lilo is not installed by default anymore, and having it here makes a
dpkg warning every time. Good-bye!
|
| | |
|
| |
|
|
| |
only has parts of Debian.
|
| |
|
|
|
|
|
|
|
| |
Since now the pbuilderrc is just an example, might as well
use some correct info that is meaningful for a human.
Also, this was broken since the default rc info was not valid
anymore (in the absence of /etc/pbuilderrc)
Signed-off-by: Eddy Petrișor <eddy.petrisor@gmail.com>
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
Makefile
debian/changelog
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Here is a patch against latest git revision which adds the ability to specify
the components either via $COMPONENTS in pbuilderrc or via the command line with
--components.
It is based on some of the Ubuntu changes [1].
[1] http://patches.ubuntu.com/p/pbuilder/pbuilder_0.170ubuntu1.patch
|
| |/ |
|
| |
|
|
| |
recommended.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implementation of pbuilder-satisfydepends which supports pulling
build-deps with a version on the apt-get command-line; this is derived
from pbuilder-satisfydepends with the following changes:
- Add and use new package_versions() and candidate_version() helpers;
the former returns all versions of a package available via APT, the
later APT's candidate version.
- For versionned build-deps, when building the "apt-get install"
command, try APT's candidate version or all available versions
available from APT in ascending order (the reverse order of
apt-cache's output); checkbuilddep_versiondeps() isn't used for this
part of the process anymore, but it is still used to honor
build-conflicts.
- Recover from APT errors caused by unsufficient dependencies
("libfoo-dev Depends: bar but baz is to be installed") and missing
dependencies libfoo-dev Depends: bar but it is not going to be
installed", or simply "libfoo-dev Depends: bar"); this permits
simply listing build-deps when uploading to experimental; achieved
by moving the version matching logic in the new
versioneddep_to_aptcmd() helper.
* pbuilderrc, pbuilderrc.5: document the availability of the alternate
implementation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
use $PBUILDERSATISFYDEPENDSCMD instead of
/usr/lib/pbuilder/pbuilder-satisfydepends.
* pbuilderrc: set PBUILDERSATISFYDEPENDSCMD to
/usr/lib/pbuilder/pbuilder-satisfydepends by default.
* pbuilderrc.5: document PBUILDERSATISFYDEPENDSCMD.
* debian/TODO: alternatives implementation of pbuilder-satisfydepends
now possible.
* pdebuild-checkparams, pdebuild-uml-checkparams, pdebuild-internal:
add a new --pbuildersatisfydepends flag to override
PBUILDERSATISFYDEPENDSCMD
* pdebuild: pass --pbuildersatisfydepends to pdebuild-internal.
* pbuilder-modules, pdebuild.1: document --pbuildersatisfydepends.
|
| | |
|
| | |
|