Bug#748967: pbuilder: NMU diff for upload 0.215+nmu1

Thorsten Glaser tg at mirbsd.de
Mon Jun 23 13:47:59 UTC 2014 

Dear maintainer,

as announced, I have NMUd pbuilder with the precise debdiff attached.
I have uploaded this to DELAYED/10.

bye,
//mirabilos
-- 
“ah that reminds me, thanks for the stellar entertainment that you and certain
other people provide on the Debian mailing lists │ sole reason I subscribed to
them (I'm not using Debian anywhere) is the entertainment factor │ Debian does
not strike me as a place for good humour, much less German admin-style humour”
-------------- next part --------------
diff -Nru pbuilder-0.215/debian/changelog pbuilder-0.215+nmu1/debian/changelog
--- pbuilder-0.215/debian/changelog	2013-03-30 03:06:05.000000000 +0100
+++ pbuilder-0.215+nmu1/debian/changelog	2014-06-23 15:38:36.000000000 +0200
@@ -1,3 +1,15 @@
+pbuilder (0.215+nmu1) unstable; urgency=low
+
+  [ Ivo De Decker ]
+  * Only set CCACHE_DIR when running as build user. (closes: #666525)
+
+  [ Thorsten Glaser ]
+  * Non-maintainer upload.
+  * Disable network access during build by default on Linux (Closes: #748967)
+  * Replace use of su as requested by Helmut Grohne (Closes: #747946)
+
+ -- Thorsten Glaser <tg at mirbsd.de>  Thu, 22 May 2014 20:37:51 +0200
+
 pbuilder (0.215) unstable; urgency=low
 
   * Do not try to use /dev/shm if /run/shm is not present. (closes: #702811, #702102)
diff -Nru pbuilder-0.215/pbuilder-buildpackage pbuilder-0.215+nmu1/pbuilder-buildpackage
--- pbuilder-0.215/pbuilder-buildpackage	2012-03-13 09:25:15.000000000 +0100
+++ pbuilder-0.215+nmu1/pbuilder-buildpackage	2014-06-23 15:37:33.000000000 +0200
@@ -37,18 +37,39 @@
     # environment, so cowdancer shouldn't have to run, and fakeroot
     # should be running later, so it shouldn't matter.
     # LOGNAME: set this to shut up some tools.
-    # su -p : switch to user preserving env vars, we need most of them. 
-    SUTOUSER="env LD_PRELOAD= LOGNAME=$BUILDUSERNAME su -p $BUILDUSERNAME"
+    SUTOUSER=" env LD_PRELOAD= LOGNAME=$BUILDUSERNAME /sbin/start-stop-daemon --start --pidfile /dev/null --chuid $BUILDUSERNAME --startas /bin/sh"
     DEBBUILDOPTS="${DEBBUILDOPTS:+$DEBBUILDOPTS }-rfakeroot"
     EXTRAPACKAGES="${EXTRAPACKAGES} fakeroot"
     log "I: using fakeroot in build."
 else
     # run the build in root
-    SUTOUSER="su -p "
     BUILDUSERID=0
     BUILDUSERNAME=root
+    SUTOUSER=" env LOGNAME=$BUILDUSERNAME /bin/sh"
 fi
 
+case $USENETWORK in
+yes)
+	if [ "$DEB_BUILD_ARCH_OS" = "linux" ]; then
+		# omit the warning when running on kFreeBSD or Hurd
+		log "W: pbuilder: network will not be disabled during build!"
+	fi
+	;;
+*)
+	if $CHROOTEXEC /usr/bin/unshare -n true; then
+		USENETWORK=no
+		SUTOUSER="/usr/bin/unshare -n -- $SUTOUSER"
+		log "I: pbuilder: network access will be disabled during build"
+	else
+		USENETWORK=yes
+		if [ "$DEB_BUILD_ARCH_OS" = "linux" ]; then
+			log "W: pbuilder: unshare CLONE_NEWNET not available"
+		fi
+		log "I: pbuilder: network access is available during build!"
+	fi
+	;;
+esac
+
 
 # created files should have these UID/GIDs outside of chroot.
 BUILDRESULTUID="${BUILDRESULTUID:-${SUDO_UID:-0}}"
@@ -92,7 +113,9 @@
 
 recover_aptcache
 createbuilduser
+CCACHE_ENV=
 setup_ccache
+SUTOUSER=${SUTOUSER/ env / env $CCACHE_ENV}
 log "I: Installing the build-deps"
 executehooks "D"
 trap saveaptcache_umountproc_cleanbuildplace_trap exit sighup sigpipe
diff -Nru pbuilder-0.215/pbuilder-buildpackage-funcs pbuilder-0.215+nmu1/pbuilder-buildpackage-funcs
--- pbuilder-0.215/pbuilder-buildpackage-funcs	2012-03-31 06:51:11.000000000 +0200
+++ pbuilder-0.215+nmu1/pbuilder-buildpackage-funcs	2014-06-23 15:38:09.000000000 +0200
@@ -107,8 +107,7 @@
             mkdir -p "$BUILDPLACE/$CCACHEDIR"
         fi
         chown -R $BUILDUSERID:$BUILDUSERID "$BUILDPLACE/$CCACHEDIR"
-        # Unfortunate difference between pbuilder-style and ccache-style config
-        # env vars   :-/
-        export CCACHE_DIR="$CCACHEDIR"
+	CCACHE_ENV="CCACHE_DIR=$CCACHEDIR"
+	unset CCACHE_DIR
     fi
 }
diff -Nru pbuilder-0.215/pbuilderrc pbuilder-0.215+nmu1/pbuilderrc
--- pbuilder-0.215/pbuilderrc	2013-03-26 09:49:45.000000000 +0100
+++ pbuilder-0.215+nmu1/pbuilderrc	2014-06-23 15:29:47.000000000 +0200
@@ -10,6 +10,7 @@
 #export http_proxy=http://your-proxy:8080/
 USEPROC=yes
 USEDEVPTS=yes
+USENETWORK=no
 USERUNSHM=yes
 USEDEVFS=no
 BUILDRESULT=/var/cache/pbuilder/result/
diff -Nru pbuilder-0.215/pbuilderrc.5 pbuilder-0.215+nmu1/pbuilderrc.5
--- pbuilder-0.215/pbuilderrc.5	2013-03-26 10:04:06.000000000 +0100
+++ pbuilder-0.215+nmu1/pbuilderrc.5	2014-06-23 15:29:47.000000000 +0200
@@ -380,6 +380,14 @@
 .B /dev/pts
 being mounted.
 .TP
+.BI "USENETWORK=" "no"
+Specify
+.B yes
+when you do not want to disable network access during build.
+Network is not available on a Debian buildd, so you might
+want to keep the default.
+Disabling network access currently only works on Linux.
+.TP
 .BI "USERUNSHM=" "yes"
 Specify
 .B yes

More information about the Pbuilder-maint mailing list