[buildd-tools-devel] Bug#678831: Bug#678831: sbuild: Hardly usable with interactive authentication
Roger Leigh
rleigh at codelibre.net
Sun Jun 24 16:41:42 UTC 2012
On Sun, Jun 24, 2012 at 05:08:05PM +0200, Julian Andres Klode wrote:
> Package: sbuild
> Version: 0.63.1-1
> Severity: normal
>
> sbuild and its tools are hardly usable on chroots where the current
> user is not allowed to be root (e.g. via root-groups). For example,
> sbuild-update requires you to enter your password 14 times just to
> perform one apt-get update.
This is indeed the case. For each separate command run inside the
chroot requiring root access, we ask the user for their password.
Unlike sudo, we don't currently provide any caching of the
credentials for the current tty.
The current intention is that if you want to use sbuild, you need
to be in root-groups. All the chroot setup, including package
installation and removal, all need root. It's an aspect of sbuild's
design I've never been happy with.
Do you have any suggestion about how this could be improved?
My own thoughts are:
1) Only prompt the user once, when creating the session, after which
we retain the credentials for the session lifetime and/or a
configurable time period (for the current tty).
This strategy is at the schroot level, making it behave a bit
more like sudo.
2) Don't to building using the current user; instead do it as an
sbuild system user which has the ability to gain root in the
chroots. This will completely remove any requirement for the
user running sbuild to have root privs at any level. However, the
additional level of indirection removes the ability for the user
to access the chroot.
I'm happy to do both. (1) will have to be post-wheezy for schroot.
(2) is something I've wanted for many years, but will require a setuid
wrapper for running sbuild. This is what the (currently incomplete)
csbuild wrapper in schroot is for. Again, this would require doing
post-wheezy since it's been frozen now.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools
`- GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800
More information about the Buildd-tools-devel
mailing list