[buildd-tools-devel] Bug#678831: Bug#678831: sbuild: Hardly usable with interactive authentication
Julian Andres Klode
jak at debian.org
Sun Jun 24 18:25:01 UTC 2012
On Sun, Jun 24, 2012 at 05:41:42PM +0100, Roger Leigh wrote:
> On Sun, Jun 24, 2012 at 05:08:05PM +0200, Julian Andres Klode wrote:
> > Package: sbuild
> > Version: 0.63.1-1
> > Severity: normal
> >
> > sbuild and its tools are hardly usable on chroots where the current
> > user is not allowed to be root (e.g. via root-groups). For example,
> > sbuild-update requires you to enter your password 14 times just to
> > perform one apt-get update.
>
> This is indeed the case. For each separate command run inside the
> chroot requiring root access, we ask the user for their password.
> Unlike sudo, we don't currently provide any caching of the
> credentials for the current tty.
>
> The current intention is that if you want to use sbuild, you need
> to be in root-groups. All the chroot setup, including package
> installation and removal, all need root. It's an aspect of sbuild's
> design I've never been happy with.
>
> Do you have any suggestion about how this could be improved?
>
> My own thoughts are:
> 1) Only prompt the user once, when creating the session, after which
> we retain the credentials for the session lifetime and/or a
> configurable time period (for the current tty).
> This strategy is at the schroot level, making it behave a bit
> more like sudo.
Yes, with added checking for the current terminal, so that the
credentials cannot be misused from programs running in another
terminal (that's how sudo does it nowadays).
> 2) Don't to building using the current user; instead do it as an
> sbuild system user which has the ability to gain root in the
> chroots. This will completely remove any requirement for the
> user running sbuild to have root privs at any level. However, the
> additional level of indirection removes the ability for the user
> to access the chroot.
I guess I do want to enter a password before building.
>
> I'm happy to do both. (1) will have to be post-wheezy for schroot.
> (2) is something I've wanted for many years, but will require a setuid
> wrapper for running sbuild. This is what the (currently incomplete)
> csbuild wrapper in schroot is for. Again, this would require doing
> post-wheezy since it's been frozen now.
I think I prefer (1).
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
More information about the Buildd-tools-devel
mailing list