[buildd-tools-devel] Bug#629004: Bug#629004: sbuild-update --keygen wants my sudo password
Roger Leigh
rleigh at codelibre.net
Thu Jun 2 23:57:13 UTC 2011
On Fri, Jun 03, 2011 at 12:27:47AM +0200, Cyril Brulebois wrote:
> Why is it sbuild-update --keygen wants my sudo password? The manpage
> doesn't mention it, and I find it quite strange to need root privileges
> to generate a key…
This changed in commit d2a2d43a (Sbuild::ChrootSetup), which
introduced privilege separation.
[The key is generated by the build user, not the invoking user,
since the key is owned by sbuild, not the user. The sudo prompt
is because we're running gpg on the host, and sudo (rather than
schroot) is used for the user switching there.]
Note that since last week I reverted the build user to be the
invoking user (in git), which would mean you'll not see this unless
you alter BUILD_USER in the config. This is due to moving the
sbuild-schroot wrapper from sbuild to schroot so that sbuild can
remain arch-all. It can be re-enabled once the new schroot is
released. [The privilege separation is in general a separate issue
from this bug though, since in all other cases it's done via
schroot where it works just fine.]
I'll need to revisit why we don't generate the key as the invoking
user. It was, I think, something to do with the key ownership, but
it needs checking.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20110603/1308b8da/attachment.pgp>
More information about the Buildd-tools-devel
mailing list