[buildd-tools-devel] Bug#678831: Bug#678831: sbuild: Hardly usable with interactive authentication

Julian Andres Klode jak at debian.org
Sun Jun 24 18:25:01 UTC 2012


On Sun, Jun 24, 2012 at 05:41:42PM +0100, Roger Leigh wrote:
> On Sun, Jun 24, 2012 at 05:08:05PM +0200, Julian Andres Klode wrote:
> > Package: sbuild
> > Version: 0.63.1-1
> > Severity: normal
> > 
> > sbuild and its tools are hardly usable on chroots where the current
> > user is not allowed to be root (e.g. via root-groups). For example,
> > sbuild-update requires  you to enter your password 14 times just to
> > perform one apt-get update.
> 
> This is indeed the case.  For each separate command run inside the
> chroot requiring root access, we ask the user for their password.
> Unlike sudo, we don't currently provide any caching of the
> credentials for the current tty.
> 
> The current intention is that if you want to use sbuild, you need
> to be in root-groups.  All the chroot setup, including package
> installation and removal, all need root.  It's an aspect of sbuild's
> design I've never been happy with.
> 
> Do you have any suggestion about how this could be improved?
> 
> My own thoughts are:
> 1) Only prompt the user once, when creating the session, after which
>    we retain the credentials for the session lifetime and/or a
>    configurable time period (for the current tty).
>    This strategy is at the schroot level, making it behave a bit
>    more like sudo.

Yes, with added checking for the current terminal, so that the
credentials cannot be misused from programs running in another
terminal (that's how sudo does it nowadays).

> 2) Don't to building using the current user; instead do it as an
>    sbuild system user which has the ability to gain root in the
>    chroots.  This will completely remove any requirement for the
>    user running sbuild to have root privs at any level.  However, the
>    additional level of indirection removes the ability for the user
>    to access the chroot.

I guess I do want to enter a password before building.

> 
> I'm happy to do both.  (1) will have to be post-wheezy for schroot.
> (2) is something I've wanted for many years, but will require a setuid
> wrapper for running sbuild.  This is what the (currently incomplete)
> csbuild wrapper in schroot is for.  Again, this would require doing
> post-wheezy since it's been frozen now.

I think I prefer (1).

-- 
Julian Andres Klode - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.





More information about the Buildd-tools-devel mailing list