[buildd-tools-devel] Bug#605939: Bug#605939: Bug#605939: Regression: Chroots with periods in the name no longer work.

Mon Dec 6 15:56:15 UTC 2010

On Sun, Dec 05, 2010 at 06:05:51PM -0500, Roger Leigh wrote:
> This is hopefully fixed in git.  This is the logic we're using:
> 
> bool
> sbuild::is_valid_sessionname (std::string const& name)
> {
>   bool match = false;
> 
>   static regex file_namespace("^[^:/,.][^:/,]*$");
>   static regex editor_backup("~$");
>   static regex debian_dpkg_conffile_cruft("dpkg-(old|dist|new|tmp)$");
> 
>   if (regex_search(name, file_namespace) &&
>       !regex_search(name, editor_backup) &&
>       !regex_search(name, debian_dpkg_conffile_cruft)) {
>     match = true;
>   }
> 
>   return match;
> }
> 
> If there are no objections and we're correctly picking out all editor
> and dpkg backup files, I think this is fixed.
> 
> From the updated documentation:
> 
> CHROOT NAMES
>        A  number of characters or words are not permitted in a chroot name, session
>        name or configuration filename.  The name may not contain a  leading  period
>        (‘.’).   The characters ‘:’ (colon), ‘,’ (comma) and ‘/’ (forward slash) are
>        not permitted anywhere in the name.  The name may also not contain a  trail‐
>        ing tilde (‘~’).  The rationale for these restrictions is given below.
> 
>        ‘.’    A  leading period could be used to create a name with a relative path
>               in it, in combination with ‘/’, and this could allow  overwriting  of
>               files on the host filesystem.  Not allowing this character also means
>               hidden files cannot be created.  It also means  some  editor  backups
>               are  automatically ignored.  Periods are allowed anywhere else in the
>               name.
> 
>        ‘:’    A colon is used as a namespace delimiter, and so is not permitted  as
>               part  of  a  chroot or session name.  LVM snapshot names may also not
>               contain this character due to a naming restriction by lvcreate(8).
> 
>        ‘/’    Names containing this character are not valid filenames.   A  forward
>               slash would potentially allow creation of files in subdirectories.
> 
>        ‘,’    Commas are used to separate items in lists.  Aliases are separated by
>               commas and hence can't contain commas in their name.
> 
>        ‘~’    Filenames containing trailing  tildes  are  used  for  editor  backup
>               files,  which  are  ignored.  Tildes are allowed anywhere else in the
>               name.
> 
>        ‘dpkg-old’
>        ‘dpkg-dist’
>        ‘dpkg-new’
>        ‘dpkg-tmp’
>               These names may not appear at the end of a  name.   These  are  saved
>               copies  of  conffiles  used  by the dpkg package manager, and will be
>               ignored.

I am entirely satisfied with those rules.  I wanted periods allowed in
the name but certainly have no need for a leading period and it does
make it simpler to avoid relative paths when you avoid the leading period.

Looks great to me.  Thanks.

-- 
Len Sorensen