[Buildd-tools-devel] Bug#492327: Bug#492327: Patch
Roger Leigh
rleigh at whinlatter.ukfsn.org
Sun Jul 27 12:01:51 UTC 2008
tags 492327 + fixed-upstream pending
thanks
Enrico Zini <enrico at enricozini.org> writes:
> I made myself the patched version, it was actually quite easy.
>
> I'm attaching the patch, which includes a new configuration option to
> turn the behaviour on and off (with signature checking enabled by
> default).
Thanks. It was committed with one minor change (exporting from
Sbuild::Conf).
I also rewrite sbuild-createchroot in perl to do more, and this
includes supporting --keyring (defaulting to use
/etc/apt/trusted.gpg). This is also now in git.
I'll include this in the next upload, once I've fixed a few more bits.
This will probably be later in the week.
Regards,
Roger
http://git.debian.org/?p=buildd-tools/sbuild.git;a=commitdiff;h=28a510c7d768c22e4738cc45aad91c29069dc2f9
commit 28a510c7d768c22e4738cc45aad91c29069dc2f9
Author: Enrico Zini <enrico at debian.org>
AuthorDate: Sun Jul 27 12:51:04 2008 +0100
Commit: Roger Leigh <rleigh at debian.org>
CommitDate: Sun Jul 27 12:51:04 2008 +0100
[Sbuild::Conf] New parameter apt_allow_unauthenticated
APT authentication is now enabled by default, with this configuration
parameter disabling the default behaviour.
Closes: #492327.
Signed-off-by: Roger Leigh <rleigh at debian.org>
diff --git a/AUTHORS b/AUTHORS
index d0e0ed3..b1bfcaf 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -4,6 +4,9 @@ principal areas that each contributed to are listed in addition.
Ben Collins <bcollins at debian.org>
the "apt patch" for sbuild for finding source
+Enrico Zini <enrico at debian.org>
+ support for disabling APT package authentication
+
Roman Hodek <Roman.Hodek at informatik.uni-erlangen.de>
wanna-build
sbuild
diff --git a/debian/changelog b/debian/changelog
index 20036d4..eb1d3dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,9 @@ sbuild (0.57.5-1) unstable; urgency=low
* Sbuild::Build::new: Check if 'DSC' exists rather than 'DSC File' to allow
the .dsc to be in any directory (Closes: #489794). Thanks to
Francois-Denis Gonthier for this patch.
+ * $Sbuild::Conf::apt_allow_unauthenticated: New configuration parameter
+ to disable APT package authentication, which is now enabled by default
+ (Closes: #492327). Thanks to Enrico Zini for this patch.
-- Roger Leigh <rleigh at debian.org> Mon, 07 Jul 2008 21:59:30 +0100
diff --git a/etc/sbuild.conf b/etc/sbuild.conf
index 282ea2f..992ef53 100644
--- a/etc/sbuild.conf
+++ b/etc/sbuild.conf
@@ -78,6 +78,10 @@
# failures) for use in a buildd setup.
#$sbuild_mode = "user";
+# Force APT to accept unauthenticated packages.
+# This is disabled by default: only enable it if you know what you are doing.
+#$apt_allow_unauthenticated = 0;
+
# APT policy. 1 to enable additional checking of package versions
# available in the APT cache, or 0 to disable. 0 is the traditional
# sbuild behaviour; 1 is needed to build from additional repositories
diff --git a/lib/Sbuild/Chroot.pm b/lib/Sbuild/Chroot.pm
index 592cb3e..e5cdc0c 100644
--- a/lib/Sbuild/Chroot.pm
+++ b/lib/Sbuild/Chroot.pm
@@ -114,7 +114,10 @@ sub _setup_options (\$\$) {
DIR => $self->get('Location'),
UNLINK => 0) ) {
- print $F "APT::Get::AllowUnauthenticated true;\n";
+ if ($Sbuild::Conf::apt_allow_unauthenticated)
+ {
+ print $F "APT::Get::AllowUnauthenticated true;\n";
+ }
print $F "APT::Install-Recommends false;\n";
if (! rename $F->filename, $chroot_aptconf) {
diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm
index 7603ad0..9e60776 100644
--- a/lib/Sbuild/Conf.pm
+++ b/lib/Sbuild/Conf.pm
@@ -34,19 +34,20 @@ BEGIN {
@ISA = qw(Exporter);
@EXPORT = qw($HOME %alternatives $apt_policy $apt_update
- $check_watches $cwd $username $verbose $nolog
- $mailprog $dpkg $su $schroot $schroot_options
- $fakeroot $apt_get $apt_cache $dpkg_source $dcmd
- $md5sum $avg_time_db $avg_space_db $stats_dir
- $package_checklist $build_env_cmnd $pgp_options
- $log_dir $mailto $mailfrom @no_auto_upgrade
- $check_depends_algorithm $purge_build_directory
- @toolchain_regex $stalled_pkg_timeout
- $srcdep_lock_dir $srcdep_lock_wait $max_lock_trys
- $lock_interval @ignore_watches_no_build_deps
- $build_dir $sbuild_mode $debug $force_orig_source
- %individual_stalled_pkg_timeout $path
- $maintainer_name $uploader_name %watches $key_id);
+ $apt_allow_unauthenticated $check_watches $cwd
+ $username $verbose $nolog $mailprog $dpkg $su
+ $schroot $schroot_options $fakeroot $apt_get
+ $apt_cache $dpkg_source $dcmd $md5sum $avg_time_db
+ $avg_space_db $stats_dir $package_checklist
+ $build_env_cmnd $pgp_options $log_dir $mailto
+ $mailfrom @no_auto_upgrade $check_depends_algorithm
+ $purge_build_directory @toolchain_regex
+ $stalled_pkg_timeout $srcdep_lock_dir
+ $srcdep_lock_wait $max_lock_trys $lock_interval
+ @ignore_watches_no_build_deps $build_dir $sbuild_mode
+ $debug $force_orig_source
+ %individual_stalled_pkg_timeout $path
+ $maintainer_name $uploader_name %watches $key_id);
}
INIT {
@@ -111,6 +112,7 @@ our $maintainer_name;
our $uploader_name;
our $key_id;
our $apt_update = 0;
+our $apt_allow_unauthenticated = 0;
our %alternatives = ("info-browser" => "info",
"httpd" => "apache",
"postscript-viewer" => "ghostview",
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20080727/1fead7c2/attachment.pgp
More information about the Buildd-tools-devel
mailing list