[buildd-tools-devel] [GIT] sbuild branch master updated. release/sbuild-0.69.0-19-g956fc29

Johannes Schauer josch at moszumanska.debian.org
Fri Jul 1 06:11:14 UTC 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "sbuild".

The branch, master has been updated
       via  956fc29b2e297e20f1ab9a9ddb80ae8fa04c3370 (commit)
       via  3aa506b5cd2921c5c3349ddfdeff096f818815a8 (commit)
       via  0d997aefa37288e0b6bc984e326b00bbd59823dd (commit)
       via  ca66503b58ba8b46d98de4f25942670e010f4959 (commit)
      from  49f73182c0bc987da0d2e96585fa12ab0b07c93d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 956fc29b2e297e20f1ab9a9ddb80ae8fa04c3370
Author: Johannes 'josch' Schauer <josch at mister-muffin.de>
Date:   Thu Jun 30 21:18:28 2016 +0200

    Use armored ASCII GPG key pairs instead of the GPG binary format and support GPG 2.x inside the chroot
    
    The GPG binary key format is not guaranteed to be compatible between
    different versions of GPG. For example the 2.x format is incompatible
    with the 1.x format and the other way round. Still, key pairs might be
    generated with GPG 1.x outside the chroot and will be used with GPG 2.x
    inside the chroot or the other way round. Thus, a solution is needed
    which allows GPG 1.x key pairs to be used by GPG 2.x and the other way
    round.  One solution is the one implemented by this commit and was
    proposed by Daniel Kahn Gillmor in #debian-gnupg (Thanks!!). Instead of
    using the binary format, `sbuild-update --keygen` will now export the
    key pair in armored ASCII format and GPG inside the chroot will import
    the key pair. Since the armored ASCII key format is independent of the
    GPG version generating or importing it, it doesn't matter which
    combination of GPG is installed on the machine running `sbuild-update
    --keygen` or inside the chroot. Thus, no limitations are created when
    sbuild is to work on the same host with chroots containing different GPG
    versions (for example of the 1.x and 2.x versions).
    
    To implement this new handling of GPG key pairs, the
    SBUILD_BUILD_DEPENDS_SECRET_KEY_ARMORED and
    SBUILD_BUILD_DEPENDS_PUBLIC_KEY_ARMORED configuration options are
    introduced by this commit and they deprecate the
    SBUILD_BUILD_DEPENDS_SECRET_KEY and SBUILD_BUILD_DEPENDS_PUBLIC_KEY
    option pair.
    
    Sbuild will still be able to work with the old binary format for a
    while. It will just not be able to handle chroots with an incompatible
    GPG version until `sbuild-update --keygen` has been re-run on the host
    to create the armored ASCII keys.
    
    Furthermore, this commit adds support for GPG 2.x inside the chroot.
    Those GPG versions will start a gpg-agent process once gpg is run. If
    that process is not cleaned up before the chroot is exited, then closing
    the chroot might fail because gpg-agent will still have open file
    descriptors and thus unmounting filesystems might fail. Thus, if the
    gpgconf executable exists, `gpgconf --kill gpg-agent` will be executed
    to clean up any remaining gpg-agent processes after operations involving
    gpg.

commit 3aa506b5cd2921c5c3349ddfdeff096f818815a8
Author: Johannes 'josch' Schauer <josch at mister-muffin.de>
Date:   Thu Jun 30 21:17:39 2016 +0200

    lib/Sbuild/Chroot.pm: add can_run() function to allow checking whether a program can be executed inside the chroot

commit 0d997aefa37288e0b6bc984e326b00bbd59823dd
Author: Johannes 'josch' Schauer <josch at mister-muffin.de>
Date:   Thu Jun 30 21:16:01 2016 +0200

    lib/Sbuild/Chroot.pm: escape special shell characters in get_read_file_handle() and get_write_file_handle()

commit ca66503b58ba8b46d98de4f25942670e010f4959
Author: Johannes 'josch' Schauer <josch at mister-muffin.de>
Date:   Fri Jun 17 08:27:09 2016 +0200

    lib/Sbuild/ResolverBase.pm: The generate_keys() function is not useful anymore.
    
    It used to instruct users of missing keypairs and how to generate and
    where to put them. But now that signing of the internal repository is
    optional, this function was only executed when the keypairs were known
    to exist, making this function essentially a no-op.

-----------------------------------------------------------------------

Summary of changes:
 lib/Sbuild/Chroot.pm       |  35 ++++++++++-
 lib/Sbuild/ChrootSetup.pm  |  35 +++++++++--
 lib/Sbuild/Conf.pm         |  18 +++++-
 lib/Sbuild/ResolverBase.pm | 149 ++++++++++++++++++++++++++++++---------------
 4 files changed, 178 insertions(+), 59 deletions(-)


hooks/post-receive
-- 
sbuild

More information about the Buildd-tools-devel mailing list