Your message dated Sat, 02 Aug 2008 21:17:04 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#492327: fixed in sbuild 0.57.5-1 has caused the Debian Bug report #492327, regarding APT signature checking should be on by default to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 492327: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492327 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: sbuild Version: 0.57.4-1 Severity: important Hello, thank you for packaging sbuild. I noticed that when I use sbuild+schroot to build my own packages, apt signature checking is turned off. I tried to turn it on, but it requires patching /usr/share/perl5/Sbuild/Chroot.pm, as (unless I misread the code) disabling signature checking is currently hardcoded in sbuild: sub _setup_options (\$\$) { [...] if (defined($info) && defined($info->{'Location'}) && -d $info->{'Location'}) { [...] my $aptconf = "/var/lib/sbuild/apt.conf"; [...] # Always write out apt.conf, because it may become outdated. if (my $F = new File::Temp( TEMPLATE => "$aptconf.XXXXXX", DIR => $self->get('Location'), UNLINK => 0) ) { print $F "APT::Get::AllowUnauthenticated true;\n"; print $F "APT::Install-Recommends false;\n"; if (! rename $F->filename, $chroot_aptconf) { die "Can't rename $F->filename to $chroot_aptconf: $!\n"; } } } else { die $self->get('Chroot ID') . " chroot does not exist\n"; } } I don't want to upload packages built with untrusted build-deps, so at them moment I'm not using sbuild (I might make myself a patched version now that I dug out the code). I'd say however that once the feature is implemented it should be enabled by default: it's supposed to be getting quite easy to attack random DDs' DNSes and hijack their debian mirrors. Ciao, Enrico -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sbuild depends on: ii adduser 3.108 add and remove users and groups ii apt 0.7.14+b1 Advanced front-end for dpkg ii dctrl-tools 2.13.0 Command-line tools to process Debi ii devscripts 2.10.33 scripts to make the life of a Debi ii dpkg-dev 1.14.20 Debian package development tools ii perl 5.10.0-11 Larry Wall's Practical Extraction ii perl-modules 5.10.0-11 Core Perl modules ii postfix [mail-transport-agent 2.5.2-1 High-performance mail transport ag ii schroot 1.2.1-1 Execute commands in a chroot envir Versions of packages sbuild recommends: ii debootstrap 1.0.10 Bootstrap a basic Debian system ii fakeroot 1.9.5 Gives a fake root environment Versions of packages sbuild suggests: ii deborphan 1.7.24 Find orphaned libraries ii wget 1.11.4-1 retrieves files from the web -- no debconf information
--- End Message ---
--- Begin Message ---Source: sbuild Source-Version: 0.57.5-1 We believe that the bug you reported is fixed in the latest version of sbuild, which is due to be installed in the Debian FTP archive: sbuild_0.57.5-1.diff.gz to pool/main/s/sbuild/sbuild_0.57.5-1.diff.gz sbuild_0.57.5-1.dsc to pool/main/s/sbuild/sbuild_0.57.5-1.dsc sbuild_0.57.5-1_all.deb to pool/main/s/sbuild/sbuild_0.57.5-1_all.deb sbuild_0.57.5.orig.tar.gz to pool/main/s/sbuild/sbuild_0.57.5.orig.tar.gz wanna-build_0.57.5-1_all.deb to pool/main/s/sbuild/wanna-build_0.57.5-1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Roger Leigh <[EMAIL PROTECTED]> (supplier of updated sbuild package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 02 Aug 2008 21:23:13 +0100 Source: sbuild Binary: sbuild wanna-build Architecture: source all Version: 0.57.5-1 Distribution: unstable Urgency: low Maintainer: Debian buildd-tools Developers <[EMAIL PROTECTED]> Changed-By: Roger Leigh <[EMAIL PROTECTED]> Description: sbuild - Tool for building Debian binary packages from Debian sources wanna-build - Database to track building of Debian binary packages from Debian Closes: 489557 489794 492327 492577 493150 493325 Changes: sbuild (0.57.5-1) unstable; urgency=low . * New release. * Sbuild::Build::new: Check if 'DSC' exists rather than 'DSC File' to allow the .dsc to be in any directory (Closes: #489794). Thanks to Francois-Denis Gonthier for this patch. * $Sbuild::Conf::apt_allow_unauthenticated: New configuration parameter to disable APT package authentication, which is now enabled by default (Closes: #492327). Thanks to Enrico Zini for this patch. * Sbuild::Options: Use isin from Sbuild.pm (Closes: #492577). * Sbuild::Log: Add version number and correctly-formatted date to the package log name instead of a raw time_t (Closes: #493150). Additionally add user and architecture to the name. * Sbuild::Options: --make-binNMU no longer tries to assign an lvalue (Closes: #493325). Thanks to Greg Hudson for this patch. * $maintainer_name, $uploader_name and $key_id are now optional in .sbuildrc; one is only required with performing binary NMUs for the entry in debian/changelog (Closes: #489557). * debian/sbuild.postrm: Correct use of local to remove bashisms. Checksums-Sha1: 5ba58776cdcd59bf708775ebde56cf14cc122a1f 1244 sbuild_0.57.5-1.dsc 8670b0a3ca22b6dbed95c6344150e90b9f88d660 295964 sbuild_0.57.5.orig.tar.gz 9d5a2832556dc18afa1c8dfb288aa3ba703e24e8 23131 sbuild_0.57.5-1.diff.gz 5b79931e6dbee218c29ac39beaa8748ab778d508 103472 sbuild_0.57.5-1_all.deb 6f6af28a0836e1eccbb0db818be49c3a981afbe6 59514 wanna-build_0.57.5-1_all.deb Checksums-Sha256: 2a98d35525e32f5d042c1caded68b4e790c3c60f65d69fad3580d7dc15b4a1c4 1244 sbuild_0.57.5-1.dsc fa71b827c964d1642e8c79a741a2412228fd1a96afcbd527e44f01489c687c96 295964 sbuild_0.57.5.orig.tar.gz 05e6cb364ccbffd1507098511d2a8bec53081fbfe68580d1ba5eb54aa434ba85 23131 sbuild_0.57.5-1.diff.gz 27bc7495e8b6ce5996b90c746186af2dd2aedc83e5698d879ec50ffc1834fa80 103472 sbuild_0.57.5-1_all.deb a6f3b4f4c35626c47bf693bcc283a4ea787733b6b4a20df13290f09cff5283c4 59514 wanna-build_0.57.5-1_all.deb Files: 657c5ed1a696eee286bb245358e975e6 1244 devel extra sbuild_0.57.5-1.dsc 54ddc0b8f01fda5860e7bb80992b6c78 295964 devel extra sbuild_0.57.5.orig.tar.gz 083e26676ab7de20e6e312180ca6cf1b 23131 devel extra sbuild_0.57.5-1.diff.gz c1e92fc8940e78f44bfc9fa0cfd69163 103472 devel extra sbuild_0.57.5-1_all.deb 6b5d4384c47fa985d99f1a773235f6b5 59514 devel extra wanna-build_0.57.5-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkiUy3QACgkQVcFcaSW/uEiMEwCgjfWCRvu6GCuKTr+TyVn+axEJ 9zMAoIExjobToN2nJqYHPXtxApHtfDZP =dNa2 -----END PGP SIGNATURE-----
--- End Message ---
