tags 492327 + fixed-upstream pending thanks Enrico Zini <[EMAIL PROTECTED]> writes:
> I made myself the patched version, it was actually quite easy. > > I'm attaching the patch, which includes a new configuration option to > turn the behaviour on and off (with signature checking enabled by > default). Thanks. It was committed with one minor change (exporting from Sbuild::Conf). I also rewrite sbuild-createchroot in perl to do more, and this includes supporting --keyring (defaulting to use /etc/apt/trusted.gpg). This is also now in git. I'll include this in the next upload, once I've fixed a few more bits. This will probably be later in the week. Regards, Roger http://git.debian.org/?p=buildd-tools/sbuild.git;a=commitdiff;h=28a510c7d768c22e4738cc45aad91c29069dc2f9 commit 28a510c7d768c22e4738cc45aad91c29069dc2f9 Author: Enrico Zini <[EMAIL PROTECTED]> AuthorDate: Sun Jul 27 12:51:04 2008 +0100 Commit: Roger Leigh <[EMAIL PROTECTED]> CommitDate: Sun Jul 27 12:51:04 2008 +0100 [Sbuild::Conf] New parameter apt_allow_unauthenticated APT authentication is now enabled by default, with this configuration parameter disabling the default behaviour. Closes: #492327. Signed-off-by: Roger Leigh <[EMAIL PROTECTED]> diff --git a/AUTHORS b/AUTHORS index d0e0ed3..b1bfcaf 100644 --- a/AUTHORS +++ b/AUTHORS @@ -4,6 +4,9 @@ principal areas that each contributed to are listed in addition. Ben Collins <[EMAIL PROTECTED]> the "apt patch" for sbuild for finding source +Enrico Zini <[EMAIL PROTECTED]> + support for disabling APT package authentication + Roman Hodek <[EMAIL PROTECTED]> wanna-build sbuild diff --git a/debian/changelog b/debian/changelog index 20036d4..eb1d3dc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,9 @@ sbuild (0.57.5-1) unstable; urgency=low * Sbuild::Build::new: Check if 'DSC' exists rather than 'DSC File' to allow the .dsc to be in any directory (Closes: #489794). Thanks to Francois-Denis Gonthier for this patch. + * $Sbuild::Conf::apt_allow_unauthenticated: New configuration parameter + to disable APT package authentication, which is now enabled by default + (Closes: #492327). Thanks to Enrico Zini for this patch. -- Roger Leigh <[EMAIL PROTECTED]> Mon, 07 Jul 2008 21:59:30 +0100 diff --git a/etc/sbuild.conf b/etc/sbuild.conf index 282ea2f..992ef53 100644 --- a/etc/sbuild.conf +++ b/etc/sbuild.conf @@ -78,6 +78,10 @@ # failures) for use in a buildd setup. #$sbuild_mode = "user"; +# Force APT to accept unauthenticated packages. +# This is disabled by default: only enable it if you know what you are doing. +#$apt_allow_unauthenticated = 0; + # APT policy. 1 to enable additional checking of package versions # available in the APT cache, or 0 to disable. 0 is the traditional # sbuild behaviour; 1 is needed to build from additional repositories diff --git a/lib/Sbuild/Chroot.pm b/lib/Sbuild/Chroot.pm index 592cb3e..e5cdc0c 100644 --- a/lib/Sbuild/Chroot.pm +++ b/lib/Sbuild/Chroot.pm @@ -114,7 +114,10 @@ sub _setup_options (\$\$) { DIR => $self->get('Location'), UNLINK => 0) ) { - print $F "APT::Get::AllowUnauthenticated true;\n"; + if ($Sbuild::Conf::apt_allow_unauthenticated) + { + print $F "APT::Get::AllowUnauthenticated true;\n"; + } print $F "APT::Install-Recommends false;\n"; if (! rename $F->filename, $chroot_aptconf) { diff --git a/lib/Sbuild/Conf.pm b/lib/Sbuild/Conf.pm index 7603ad0..9e60776 100644 --- a/lib/Sbuild/Conf.pm +++ b/lib/Sbuild/Conf.pm @@ -34,19 +34,20 @@ BEGIN { @ISA = qw(Exporter); @EXPORT = qw($HOME %alternatives $apt_policy $apt_update - $check_watches $cwd $username $verbose $nolog - $mailprog $dpkg $su $schroot $schroot_options - $fakeroot $apt_get $apt_cache $dpkg_source $dcmd - $md5sum $avg_time_db $avg_space_db $stats_dir - $package_checklist $build_env_cmnd $pgp_options - $log_dir $mailto $mailfrom @no_auto_upgrade - $check_depends_algorithm $purge_build_directory - @toolchain_regex $stalled_pkg_timeout - $srcdep_lock_dir $srcdep_lock_wait $max_lock_trys - $lock_interval @ignore_watches_no_build_deps - $build_dir $sbuild_mode $debug $force_orig_source - %individual_stalled_pkg_timeout $path - $maintainer_name $uploader_name %watches $key_id); + $apt_allow_unauthenticated $check_watches $cwd + $username $verbose $nolog $mailprog $dpkg $su + $schroot $schroot_options $fakeroot $apt_get + $apt_cache $dpkg_source $dcmd $md5sum $avg_time_db + $avg_space_db $stats_dir $package_checklist + $build_env_cmnd $pgp_options $log_dir $mailto + $mailfrom @no_auto_upgrade $check_depends_algorithm + $purge_build_directory @toolchain_regex + $stalled_pkg_timeout $srcdep_lock_dir + $srcdep_lock_wait $max_lock_trys $lock_interval + @ignore_watches_no_build_deps $build_dir $sbuild_mode + $debug $force_orig_source + %individual_stalled_pkg_timeout $path + $maintainer_name $uploader_name %watches $key_id); } INIT { @@ -111,6 +112,7 @@ our $maintainer_name; our $uploader_name; our $key_id; our $apt_update = 0; +our $apt_allow_unauthenticated = 0; our %alternatives = ("info-browser" => "info", "httpd" => "apache", "postscript-viewer" => "ghostview", -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
pgpci5jBSz8Wl.pgp
Description: PGP signature