The attached patch removes, during the recreation of base tgz,
all files from /tmp and /var/tmp (which is also world-writable).
It is made for the git version at salsa.debian.org but can also be applied
to the current (0.231) version as-is.
I have also modified a comment during the creation of BUILDDIR to alert for
the possibility of a user who keeps (still) in his/her configuration
/tmp/buildd
as the build directory.
It is not essential to the issue (only the tar command is), but I thought
it would be nice to have also. I can send a modified version of the patch,
if deemed necessary.
Cheers,
Georgios
diff --git a/pbuilder-modules b/pbuilder-modules
index aca876de..8d8a0c59 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -730,8 +730,9 @@ function extractbuildplace () {
fi
mountproc
- # FIXME maybe add more checks here? - actually it's not even really needed,
- # since it's created at chroot creation time too.
+ # FIXME maybe add more checks here? - Always create it, since it may be set
+ # in the configuration to be inside one of the excluded (at 'create_basetgz')
+ # directories of the chroot (for example: '/tmp/buildd').
mkdir -p "${BUILDPLACE}${BUILDDIR}"
# XXX added in 0.216, to be deprecated in the future
# Add a compatibility symlink from the old BUILDDIR (/tmp/buildd) to the new
@@ -834,7 +835,7 @@ function create_basetgz() {
if [ -h "$BUILDPLACE/tmp/buildd" ] && [ "$(readlink -f "$BUILDPLACE/tmp/buildd")" = "${BUILDPLACE}$BUILDDIR" ]; then
rm "$BUILDPLACE/tmp/buildd"
fi
- if ! tar -c --use-compress-program "$COMPRESSPROG" -f "${BASETGZ}.tmp" --exclude ./sys/* --exclude ./proc/* ./* ; then
+ if ! tar -c --use-compress-program "$COMPRESSPROG" -f "${BASETGZ}.tmp" --exclude "./sys/*" --exclude "./proc/*" --exclude "./tmp/*" --exclude "./tmp/.*" --exclude "./var/tmp/*" --exclude "./var/tmp/.*" ./* ; then
log.e "failed building base tarball"
rm -f "${BASETGZ}.tmp"
exit 1;
