Your message dated Sun, 12 Jun 2016 13:20:05 +0000
with message-id <[email protected]>
and subject line Bug#506917: fixed in pbuilder 0.225
has caused the Debian Bug report #506917,
regarding pbuilder does not work correctly with selinux if selinux-utils is not
installed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
506917: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506917
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pbuilder
Version: 0.181
Severity: normal
Hello,
While testing my self created debian package with pbuilder, I came across
the following error message when calling "sudo pbuilder build hexec_0.1.1-1.dsc"
...
Extracting source
+ echo 'chown pbuilder:pbuilder /tmp/buildd /tmp/buildd/*'
+ chroot /home/ablock/work/pbuilder-cache/build//26610 /bin/bash
+ :
++ basename hexec_0.1.1-1.dsc
+ chroot /home/ablock/work/pbuilder-cache/build//26610 env LOGNAME=pbuilder su
-p pbuilder
+ echo '( cd tmp/buildd; /usr/bin/dpkg-source -x hexec_0.1.1-1.dsc )'
Password: su: Authentication failure
+ echo 'pbuilder: Failed extracting the source'
pbuilder: Failed extracting the source
+ exit 1
+ umountproc_cleanbuildplace_trap
+ umountproc_cleanbuildplace
+ '[' 1 -ne 0 ']'
+ echo ' -> Aborting with an error'
-> Aborting with an error
...
I've done some tests with "sudo pbuilder login" to figure out what the
problem is. In the pbuilder shell, root had nearly no rights
(no su, passwd, ...) and often super user programs did give selinux
error messages (system_u:system_r:kernel_t:s0 is not authorized to XXX).
So the problem was selinux.
/usr/lib/pbuilder/pbuilder-modules is looking for /usr/sbin/selinuxenabled
to decide if mounting /selinux is required or not. The problem is, that
/usr/sbin/selinuxenabled is only available if the package selinux-utils
is installed. selinux-utils was not installed on my machine. When installing
selinux-utils, pbuilder works as expected.
Some suggested solutions:
- Set selinux-utils as dependency for pbuilder
- Mount /selinux always if it is present (ignoring /usr/sbin/selinuxenabled)
- Always try to mount /selinux (even ignoring the presence of /selinux on the
real root fs)
I'm not sure what mount will do if you try to call "mount -t selinuxfs
/selinux", but
I would expect it to fail if the kernel has no selinux support. I'm also not
sure
about possible side effects.
- Add a hint to the documentation for users who encounter similar problems.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.27.7-c1 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages pbuilder depends on:
ii coreutils 6.10-6 The GNU core utilities
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii debianutils 2.30 Miscellaneous utilities specific t
ii debootstrap 1.0.10 Bootstrap a basic Debian system
ii gcc 4:4.3.2-2 The GNU C compiler
ii wget 1.11.4-2 retrieves files from the web
Versions of packages pbuilder recommends:
ii cowdancer 0.47 Copy-on-write directory tree utili
ii devscripts 2.10.35 scripts to make the life of a Debi
ii fakeroot 1.11 Gives a fake root environment
ii sudo 1.6.9p17-1 Provide limited super user privile
Versions of packages pbuilder suggests:
pn pbuilder-uml <none> (no description available)
-- debconf information:
pbuilder/mirrorsite: http://cdn.debian.net/debian
pbuilder/nomirror:
pbuilder/rewrite: false
--- End Message ---
--- Begin Message ---
Source: pbuilder
Source-Version: 0.225
We believe that the bug you reported is fixed in the latest version of
pbuilder, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mattia Rizzolo <[email protected]> (supplier of updated pbuilder package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Jun 2016 12:50:16 +0000
Source: pbuilder
Binary: pbuilder
Architecture: source
Version: 0.225
Distribution: unstable
Urgency: medium
Maintainer: Debian pbuilder maintenance team
<[email protected]>
Changed-By: Mattia Rizzolo <[email protected]>
Description:
pbuilder - personal package builder for Debian packages
Closes: 506917 593100 606158 635697 635698 773767 805494 823408
Changes:
pbuilder (0.225) unstable; urgency=medium
.
[ Mattia Rizzolo ]
* debian/rules:
+ change default ubuntu distribution to yakkety.
+ enable universe by default in Ubuntu. LP: #237591
* Add builtin eatmydata support (Closes: #606158)
* Add a USESYSFS option (defaulting to yes) to mount a sysfs filesystem in
/sys. Closes: #773767
* Strip leading path from when calling external programs. They are all in
PATH, so let the shell finding them instead of calling them directly with
the full path, so exiting things can be done. Closes: #635698
* modules:
+ take care of saving the mount point instead of the device name when
bind-mounting. This avoids umounting of unrelated mount points in case
of errors. LP: #1156636
+ support specifying BINDMOUNTS destination. Thanks to Austin Phillips
<[email protected]> for the initial patch. Closes: #593100
+ for selinux, only check for the precense of the selinux mount, instead of
using selinuxenabled. Closes: #506917
+ in the help message be more clear about what the `execute` command is
for.
Closes: #805494
* pbuilder.8: use BUILDDIR instead of the old /tmp/buildd.
* create/update:
+ move the code picking extra packages to install for optional features in
a common function in modules.
* checkparams: add a "--use-network yes|no" cmdline flag. Closes: #823408
* satisfydepends-funcs:
+ nicer formatting of the --help output, with a "Debugging options"
section.
+ document the --internal-chrootexec option. Closes: #635697
.
[ James Clarke ]
* pdebuild: fix typo in error message (debsign, not debsing).
* modules:
+ pass -q, -y and APTGETOPT to apt-get in remove_packages.
+ add linsysfs support for KFreeBSD.
Checksums-Sha1:
c60af3787600dc05553592b3d26cd59ad7e9028f 1706 pbuilder_0.225.dsc
d635fc4f4e56cf022fe3ed48ee4518a9b7fcb106 307140 pbuilder_0.225.tar.xz
Checksums-Sha256:
7167c88e74ac791987cb33a229832ecf0b81d270ff46884e89bac142e0ea3330 1706
pbuilder_0.225.dsc
66965d7c29261ed722c9d8bfecbc19696e29ec5f92b5ff1a384712a420244373 307140
pbuilder_0.225.tar.xz
Files:
d6fc6bec6ca962ca81649bfa12ce8580 1706 devel extra pbuilder_0.225.dsc
41481a332108356e214b701aa87afdba 307140 devel extra pbuilder_0.225.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJXXVqmAAoJEEsEP825REVAkjMQALId8q4ISr2B2ybxClk0+1Gy
nnnk5ec5kdHNWuWfd5I2ekPYF4M7Q40HW6iCRiGqsZG3QYfxvM95vpdwjDkxb8F+
aaR7qoQSr9fGX0DfmvTAe3F9qftRw32GVRASfF9jefwVDUBReIz3jnIIFb5KZniQ
+/yGuqjFsL+egpCS4HonMKQGWUqAEw5O9n0ucOLbGOHydwaFloJ+salmNWFlNYvl
Dck+bD5xaPdN22PIPruDvnAEPKvdFvQN/xaGW7X7XMt3V8RrUhVYpzmOTX9LtWDm
kT73JN2wxmgy54rU/h5jZzNBwQCHUKwr7gis7TQOpig6mRZnBrN8IFcYR1J9UQnX
DIM9XpwvHfVOVE2kOCoboqPZC9hkpJ5zfuRDy4GqpyWMv5PsDtEZH75E26W4YpxC
q8sC70LNfCjR765LfWnRr2ZtMB7QKapNz4vxEpZaEF/OJHKsaTzi0Th2G3aOsz/x
sK/g2BCBjrD29v1l83KEXMAEkBjKYTyU26EHXu2Y1znzkH9Drug/IIFbkeJ1vhkq
cpuZACt/wtu25PugyTElw/QUwG7i5Ql0aj2iX3xJ3fpP6woVXW9Iqz1vI947fN0Z
bmvuXS1WAuADQe7rjjUsDqdYQp3y56BixKAKdQ49s1hpqmT9e/GfKzXnYt17zWHM
5IH2i5543fnEJjaFLcGz
=FKNW
-----END PGP SIGNATURE-----
--- End Message ---
