[buildd-tools-devel] Bug#864390: sbuild: world-readable key file for recent versions of apt

Peter Pentchev roam at ringlet.net
Wed Jun 7 21:12:16 UTC 2017 

Package: sbuild
Version: 0.73.0-4+0~roam1
Severity: important
Tags: patch

Hi,

First of all, thanks for maintaining and developing sbuild!

Recent versions of apt started dropping privileges to an _apt
user account; thus, the keyring file that sbuild creates for
use in the chroot is no longer readable by apt, so it issues
a warning, exits with a non-zero code, and breaks the build.

What do you think about the attached two patches?  The second
one fixes the problem itself; the first one is a drive-by fix.

Thanks again for your work on sbuild and Debian in general!

G'luck,
Peter

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sbuild depends on:
ii  adduser         3.115
ii  libsbuild-perl  0.73.0-4+0~roam1
ii  perl            5.24.1-3

Versions of packages sbuild recommends:
ii  autopkgtest  4.4
ii  debootstrap  1.0.89
ii  schroot      1.7.2-3

Versions of packages sbuild suggests:
ii  deborphan  1.7.28.8-0.3+b1
ii  kmod       23-2
ii  wget       1.18-5

-- no debconf information
-------------- next part --------------
From eec3335c7e62658325e65e56d1ce873382bad499 Mon Sep 17 00:00:00 2001
From: Peter Pentchev <roam at ringlet.net>
Date: Wed, 7 Jun 2017 22:28:39 +0300
Subject: [PATCH 1/2] Check the result of a rename() operation

---
 lib/Sbuild/ResolverBase.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/Sbuild/ResolverBase.pm b/lib/Sbuild/ResolverBase.pm
index 24d14643..78f00b75 100644
--- a/lib/Sbuild/ResolverBase.pm
+++ b/lib/Sbuild/ResolverBase.pm
@@ -1383,7 +1383,11 @@ EOF
 	    &$kill_gpgagent();
 	    return 0;
 	}
-	$session->rename($tmpfilename, $self->get('Dummy archive key file'));
+	if (!$session->rename($tmpfilename, $self->get('Dummy archive key file'))) {
+	    $self->log("Failed to rename the dummy archive key.\n");
+	    &$kill_gpgagent();
+	    return 0;
+	}
 	&$kill_gpgagent();
     }
 
-- 
2.11.0

-------------- next part --------------
From 86c5720ba2b8f9a0093ff549ac54541abe837185 Mon Sep 17 00:00:00 2001
From: Peter Pentchev <roam at ringlet.net>
Date: Wed, 7 Jun 2017 22:29:48 +0300
Subject: [PATCH 2/2] Make the dummy archive key file world-readable

Recent versions of apt drop privileges by switching to the _apt
user account.
---
 lib/Sbuild/ResolverBase.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/Sbuild/ResolverBase.pm b/lib/Sbuild/ResolverBase.pm
index 78f00b75..deb36172 100644
--- a/lib/Sbuild/ResolverBase.pm
+++ b/lib/Sbuild/ResolverBase.pm
@@ -1388,6 +1388,11 @@ EOF
 	    &$kill_gpgagent();
 	    return 0;
 	}
+	if (!$session->chmod($self->get('Dummy archive key file'), '0644')) {
+	    $self->log("Failed to set the permissions on the dummy archive key.\n");
+	    &$kill_gpgagent();
+	    return 0;
+	}
 	&$kill_gpgagent();
     }
 
-- 
2.11.0

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20170608/f939faee/attachment.sig>

More information about the Buildd-tools-devel mailing list