pbuilder git tree: Changes to 'master'

Junichi Uekawa dancer at alioth.debian.org
Thu Mar 8 22:56:56 UTC 2012 

 debian/NEWS                         |   19 +++++++++++++++++++
 debian/pbuilder-test/00_prepinstall |    2 +-
 pbuilder-checkparams                |   18 ++++++++++++++++++
 pbuilder-createbuildenv             |    5 +++++
 pbuilder-satisfydepends-aptitude    |    2 +-
 pbuilder-satisfydepends-checkparams |   19 ++++++++++---------
 pbuilder-updatebuildenv             |    6 ++++++
 pbuilder.8                          |   20 +++++++++++++++++++-
 pbuilderrc                          |   23 ++++++++++++++++++-----
 pbuilderrc.5                        |   36 +++++++++++++++++++++++++++---------
 10 files changed, 124 insertions(+), 26 deletions(-)

New commits:
commit 78747b5f1081e3afa1d5e0147c4efdbd833b7d14
Author: Simon Ruderich <simon at ruderich.org>
Date:   Tue Mar 6 02:29:25 2012 +0100

    Bug#579028: pbuilder: installs untrusted packages without asking
    
    Package: pbuilder
    Version: 0.206
    Tags: patch
    Followup-For: Bug #579028
    
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    Dear Maintainer,
    
    The attached patch changes the defaults to always enforce signed
    repositories and aborts if an untrusted/manipulated package is
    installed. It adds the new option --keyring (APTKEYRINGS) to add
    additional keyrings, which are then used to verify the (local)
    signed repositories. This way no untrusted packages can be
    installed.
    
    To still allow untrusted/unsigned repositories - they are a very
    bad idea and allow remote attackers performing a MITM to take
    over the system, including all built packages - the new option
    - --allow-untrusted (ALLOWUNTRUSTED) was added.
    
    I tested it with the official Debian repository, signed and
    unsigned local repositories and it works fine for me. But I'm
    only a "normal" pbuilder user, so I might have missed something.
    Please test the patch.
    
    I haven't tested it with cdebootstrap, but it should work as
    well.
    
    The old PBUILDERSATISFYDEPENDSOPT --check-key option was
    deprecated and is no longer used (it emits a warning now) as
    validation is the default now.
    
    The patch also contains documentation updates for the new
    options/variables and updates for the NEWS file describing the
    necessary changes to continue using untrusted packages (but
    please don't do that - especially as a Debian developer).
    
    Please have a look and include the patch as soon as possible to
    fix this security issue.
    
    Regards,
    Simon
    
    - -- System Information:
    Debian Release: wheezy/sid
      APT prefers unstable
      APT policy: (500, 'unstable')
    Architecture: amd64 (x86_64)
    
    Kernel: Linux 3.2.0-1-amd64 (SMP w/8 CPU cores)
    Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
    Shell: /bin/sh linked to /bin/dash
    
    Versions of packages pbuilder depends on:
    ii  cdebootstrap           0.5.8+b1
    ii  coreutils              8.13-3
    ii  debconf [debconf-2.0]  1.5.41
    ii  debianutils            4.2.1
    ii  debootstrap            1.0.38
    ii  dpkg-dev               1.16.1.2
    ii  wget                   1.13.4-2
    
    Versions of packages pbuilder recommends:
    pn  devscripts  2.11.4
    pn  fakeroot    1.18.2-1
    pn  sudo        <none>
    
    Versions of packages pbuilder suggests:
    pn  cowdancer     <none>
    pn  gdebi-core    <none>
    pn  pbuilder-uml  <none>
    
    - -- debconf information excluded
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)
    
    iQIcBAEBCAAGBQJPVWhvAAoJEJL+/bfkTDL5ivAP/iayE8NRQnyk2HW8R+NiRXU3
    uavLilwwpmEZyuciu8GxMQIAhT9HYd/DlkhF9I+yBSd30TO3fl0xW7YV9SaIZ+bv
    IPwnZbHri4KfeV9Zob/gd2jrT9A2QCoFRW0ny4XNCK3NvtWH5KuH+TG2Mq5CQqdN
    j4VJ3+76oJcbQbU7AUYXfvKDAsEb7gX+VwTEFLS4GrPkni/FIQJ8HHJhlTscyuCD
    gQANCoRFZHVSMaas3xqi9KYFKgVS4BZ5Z/9FZuLeY5kWBfcbnIhQloVOWTQZIMRI
    PhnqP1g62XlPu71K3a/Y2RMAcy3Gs6sUbW4OianIr2iskCndejih/MCb+3LmBFCg
    Ekxi/CcJGrc7a0pV57Qs8Iwkm1siRZZUxcp4xdD3mo9iayoOt4sfFyrvBCYryilQ
    7JKpQc3iNoV3EQql6KBu5G+GmFFWHmokpLvVY27n8LgkV2YSb2wrgxqXPfxcYHj7
    0j/y2MFw+HOX/d5YSESMLxn9aiZBi7CkMtlMemzqizxlNlL/+OOZiDsi4vdH8L/j
    Y0c2i9efjNeooc0/B9wASu/Ck8SWV8wW1EcfTag0p9Rp0avy4hoQUmG+MtgQsV0l
    MQuWWysyxeJFX4Z8ooau82L6sIGC0L073JH6Y/C7uTOz9gKt+e5tV3fnU+pkWpqH
    oF3CcmlykKX4SYzhUI/e
    =6EPj
    -----END PGP SIGNATURE-----
    
    >From cadc48fb599d436577a6efedc7f25e175652a3a1 Mon Sep 17 00:00:00 2001
    Message-Id: <cadc48fb599d436577a6efedc7f25e175652a3a1.1330997290.git.simon at ruderich.org>
    From: Simon Ruderich <simon at ruderich.org>
    Date: Tue, 6 Mar 2012 02:00:48 +0100
    Subject: [PATCH] Enforce valid signed repositories by default.

More information about the Pbuilder-maint mailing list