[buildd-tools-devel] Bug#681876: Bug#681876: Acknowledgement (dchroot: Bad upgrade path)

Roger Leigh rleigh at codelibre.net
Tue Jul 17 16:52:34 UTC 2012 

On Tue, Jul 17, 2012 at 03:35:37PM +0200, Kurt Roeckx wrote:
> After actually trying this from a squeeze version, I end up with:
> W: line 13 [i386-sid]: Deprecated key 'script-config' used
> I: This option will be removed in the future; please update your configuration
> W: line 10 [i386-sid]: Obsolete key 'priority' used

These are expected: dchroot --config will create a configuration
using the keys it knows about, which are deprecated in the new
version.

> I: This option has been removed, and no longer has any effect
> E: Access not authorised
> I: You do not have permission to access the schroot service.
> I: This failure will be reported.

This is, I think, due to the fact that dchroot (and dchroot-dsa)
have different authentication/authorisation semantics than schroot.
They override the authorisation logic used by schroot when using
dchroot.conf (when using schroot.conf they use the schroot
semantics); in 1.6 they always use the schroot.conf and hence the
schroot semantics (the dchroot code having been removed).

This is due to dchroot allowing all users to use the service by
default, while schroot requires all users/groups allowed to use
it to be specified in the configuration.  The configuration that
dchroot dumps is valid, but only when used with the dchroot
authorisation/authentication semantics; it still requires the
admin to manually edit to allow users to use the service.

We can certainly dump the dchroot configuration to
/etc/schroot/chroot.d/dchroot-XXXXXX in the preinst (so the old
dchroot is used to dump).  For the allowed users/groups, we can't
currently represent dchroot behavour in the schroot.conf format
(users/groups don't currently allow wildcards; I have a patch
to allow regex matching, but this is not currently merged (it's
on my wildcard-auth branch).  So for the time being, we would have
to document this and add to NEWS.Debian.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux    http://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-    GPG Public Key      F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800

More information about the Buildd-tools-devel mailing list