From 1f2f0398d2034847f54841234ca5e3cc9271816e Mon Sep 17 00:00:00 2001 From: Mattia Rizzolo Date: Wed, 17 Jun 2015 19:19:56 +0000 Subject: import 0.125+nmu1 --- debian/changelog | 12 ++++++++++++ pbuilder-buildpackage | 29 ++++++++++++++++++++++++++--- pbuilder-buildpackage-funcs | 5 ++--- pbuilderrc | 1 + pbuilderrc.5 | 8 ++++++++ 5 files changed, 49 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 295f934..87fa4e4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +pbuilder (0.215+nmu1) unstable; urgency=low + + [ Ivo De Decker ] + * Only set CCACHE_DIR when running as build user. (closes: #666525) + + [ Thorsten Glaser ] + * Non-maintainer upload. + * Disable network access during build by default on Linux (Closes: #748967) + * Replace use of su as requested by Helmut Grohne (Closes: #747946) + + -- Thorsten Glaser Thu, 22 May 2014 20:37:51 +0200 + pbuilder (0.215) unstable; urgency=low * Do not try to use /dev/shm if /run/shm is not present. (closes: #702811, #702102) diff --git a/pbuilder-buildpackage b/pbuilder-buildpackage index 45b1177..81d8d4e 100755 --- a/pbuilder-buildpackage +++ b/pbuilder-buildpackage @@ -37,18 +37,39 @@ if [ -n "$BUILDUSERNAME" -a -n "$BUILDUSERID" ]; then # environment, so cowdancer shouldn't have to run, and fakeroot # should be running later, so it shouldn't matter. # LOGNAME: set this to shut up some tools. - # su -p : switch to user preserving env vars, we need most of them. - SUTOUSER="env LD_PRELOAD= LOGNAME=$BUILDUSERNAME su -p $BUILDUSERNAME" + SUTOUSER=" env LD_PRELOAD= LOGNAME=$BUILDUSERNAME /sbin/start-stop-daemon --start --pidfile /dev/null --chuid $BUILDUSERNAME --startas /bin/sh" DEBBUILDOPTS="${DEBBUILDOPTS:+$DEBBUILDOPTS }-rfakeroot" EXTRAPACKAGES="${EXTRAPACKAGES} fakeroot" log "I: using fakeroot in build." else # run the build in root - SUTOUSER="su -p " BUILDUSERID=0 BUILDUSERNAME=root + SUTOUSER=" env LOGNAME=$BUILDUSERNAME /bin/sh" fi +case $USENETWORK in +yes) + if [ "$DEB_BUILD_ARCH_OS" = "linux" ]; then + # omit the warning when running on kFreeBSD or Hurd + log "W: pbuilder: network will not be disabled during build!" + fi + ;; +*) + if $CHROOTEXEC /usr/bin/unshare -n true; then + USENETWORK=no + SUTOUSER="/usr/bin/unshare -n -- $SUTOUSER" + log "I: pbuilder: network access will be disabled during build" + else + USENETWORK=yes + if [ "$DEB_BUILD_ARCH_OS" = "linux" ]; then + log "W: pbuilder: unshare CLONE_NEWNET not available" + fi + log "I: pbuilder: network access is available during build!" + fi + ;; +esac + # created files should have these UID/GIDs outside of chroot. BUILDRESULTUID="${BUILDRESULTUID:-${SUDO_UID:-0}}" @@ -92,7 +113,9 @@ fi recover_aptcache createbuilduser +CCACHE_ENV= setup_ccache +SUTOUSER=${SUTOUSER/ env / env $CCACHE_ENV} log "I: Installing the build-deps" executehooks "D" trap saveaptcache_umountproc_cleanbuildplace_trap exit sighup sigpipe diff --git a/pbuilder-buildpackage-funcs b/pbuilder-buildpackage-funcs index 3083f03..9ec12e7 100644 --- a/pbuilder-buildpackage-funcs +++ b/pbuilder-buildpackage-funcs @@ -107,8 +107,7 @@ function setup_ccache() { mkdir -p "$BUILDPLACE/$CCACHEDIR" fi chown -R $BUILDUSERID:$BUILDUSERID "$BUILDPLACE/$CCACHEDIR" - # Unfortunate difference between pbuilder-style and ccache-style config - # env vars :-/ - export CCACHE_DIR="$CCACHEDIR" + CCACHE_ENV="CCACHE_DIR=$CCACHEDIR" + unset CCACHE_DIR fi } diff --git a/pbuilderrc b/pbuilderrc index d15eb53..0215971 100644 --- a/pbuilderrc +++ b/pbuilderrc @@ -10,6 +10,7 @@ MIRRORSITE=http://cdn.debian.net/debian #export http_proxy=http://your-proxy:8080/ USEPROC=yes USEDEVPTS=yes +USENETWORK=no USERUNSHM=yes USEDEVFS=no BUILDRESULT=/var/cache/pbuilder/result/ diff --git a/pbuilderrc.5 b/pbuilderrc.5 index 3f42f00..e8a4a81 100644 --- a/pbuilderrc.5 +++ b/pbuilderrc.5 @@ -380,6 +380,14 @@ are many software which fail miserably when there is no .B /dev/pts being mounted. .TP +.BI "USENETWORK=" "no" +Specify +.B yes +when you do not want to disable network access during build. +Network is not available on a Debian buildd, so you might +want to keep the default. +Disabling network access currently only works on Linux. +.TP .BI "USERUNSHM=" "yes" Specify .B yes -- cgit v1.2.3