[buildd-tools-devel] [GIT] schroot branch, master, updated. debian/schroot-1.4.11-1-230-ge7a04df

Roger Leigh rleigh at alioth.debian.org
Sun Dec 5 22:09:12 UTC 2010 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "schroot".

The branch, master has been updated
       via  e7a04dffec40116170ef21f2a47ca80296b728c1 (commit)
       via  86e9f85c045d6803107a90c3601221430a722cf5 (commit)
       via  8d57c6c6a741812c440ae58cfd136178db040191 (commit)
       via  eed74e4f2d13872c57713f10418bc57d845e6480 (commit)
       via  0a67ef07ece85ad55670fecdc5fcce0ca4396812 (commit)
       via  928e83043baa1e7563270347079e0d92987dc703 (commit)
       via  94a8f8978a3c38e566a9f4df7bf60dae3744edc9 (commit)
       via  d5dc7f1e4ea14ec5f9083f7f64f6bfd94747bd89 (commit)
      from  023322db3bbf5b8d5e739dc0a80ea95077675fff (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e7a04dffec40116170ef21f2a47ca80296b728c1
Author: Roger Leigh <rleigh at debian.org>
Date:   Sun Dec 5 21:43:29 2010 +0000

    man: Document chroot naming restrictions

commit 86e9f85c045d6803107a90c3601221430a722cf5
Author: Roger Leigh <rleigh at debian.org>
Date:   Sun Dec 5 21:36:16 2010 +0000

    sbuild::chroot_config: Add comments detailing validation check limitations

commit 8d57c6c6a741812c440ae58cfd136178db040191
Author: Roger Leigh <rleigh at debian.org>
Date:   Sun Dec 5 21:29:14 2010 +0000

    sbuild::util: Relax session name restrictions in is_valid_sessionname
    
    Use of is_valid_sessionname:
      schroot::options_base (validate user input)
       schroot::main_base (actual use of input)
       → session::set_session_id
       → chroot::clone_session
       → chroot_facet_session_clonable::clone_session_setup
       → chroot::set_name
      sbuild::chroot (set_name)
      sbuild::chroot (set_aliases)
      sbuild::chroot_config::add_config_directory (validate filename)
    
    The only function of is_valid_sessionname is to ensure we have a "safe"
    session name when writing out a session file and/or making use of that
    session name in setup scripts.  set_name is the main point of checking;
    everything else is just aborting earlier when a good diagnostic can be
    issued (e.g. validating options and filenames), but they would hit the
    set_name check ultimately if the extra checks weren't present.
    
    Validation requirements:
    • no leading dot to allow writing in parent directories
    • no slashes to allow writing in subdirectories
    • no colons (used as a namespace delimiter, and also LVM snapshot names
      can't contain a colon or else lvcreate errors out)
    • no commas (we use comma-separated lists in the config file, so alias
      names and hence session names can't contain a comma)
    
    A simple regex satisfies all these requirements:
    
      static regex file_namespace("^[^:/,.][^:/,]*$");
      static regex debian_dpkg_conffile_cruft("dpkg-(old|dist|new|tmp)$");
    
      if (regex_search(name, file_namespace) &&
          !regex_search(name, debian_dpkg_conffile_cruft)) {
        match = true;
      }
    
    dpkg cruft checks added from is_valid_filename, because these are also
    needed for avoiding conffile cruft under /etc/schroot/chroot.d
    (previously, the existing restrictions prevented this anyway).  So dots
    are allowed anywhere except the first position, and ':', '/' and ','
    are not permitted anywhere.

commit eed74e4f2d13872c57713f10418bc57d845e6480
Author: Roger Leigh <rleigh at debian.org>
Date:   Sun Dec 5 21:28:03 2010 +0000

    sbuild::chroot: Validate set_aliases as for set_name
    
    Use is_valid_sessionname to validate each alias name.

commit 0a67ef07ece85ad55670fecdc5fcce0ca4396812
Author: Roger Leigh <rleigh at debian.org>
Date:   Sun Dec 5 19:08:45 2010 +0000

    man: Document security implications of profiles in schroot.conf(5)

commit 928e83043baa1e7563270347079e0d92987dc703
Author: Nelson Elhage <nelhage at mit.edu>
Date:   Sun Dec 5 18:44:37 2010 +0000

    setup.d: 10mount: Make all mountable chroots respect mount options from configuration
    
    10mount, when computing mount options for some chroot types
    (e.g. loopback) overrides the mount options set in config, instead of
    using both sets.
    
    For some chroots we were setting mount options inside the script, which
    entirely overrode the ones the user passed in. Combine them instead.
    
    Signed-off-by: Roger Leigh <rleigh at debian.org>

commit 94a8f8978a3c38e566a9f4df7bf60dae3744edc9
Author: Roger Leigh <rleigh at debian.org>
Date:   Sun Dec 5 18:36:43 2010 +0000

    man: Document -- option delimiter

commit d5dc7f1e4ea14ec5f9083f7f64f6bfd94747bd89
Author: Roger Leigh <rleigh at debian.org>
Date:   Sun Nov 14 13:43:29 2010 +0000

    profiles: Add dbus support to desktop profile

-----------------------------------------------------------------------

Summary of changes:
 etc/profile-templates/desktop/freebsd/fstab |    1 +
 etc/profile-templates/desktop/linux/fstab   |    2 +
 etc/setup.d/10mount                         |   10 +++-----
 man/schroot.1.in                            |   10 +++++++-
 man/schroot.conf.5.in                       |   31 +++++++++++++++++++++++++-
 sbuild/sbuild-chroot-config.cc              |    7 ++++++
 sbuild/sbuild-chroot.cc                     |    9 +++++++-
 sbuild/sbuild-util.cc                       |    6 +++-
 8 files changed, 64 insertions(+), 12 deletions(-)


hooks/post-receive
-- 
schroot

More information about the Buildd-tools-devel mailing list