On Fri, Jun 03, 2011 at 12:27:47AM +0200, Cyril Brulebois wrote: > Why is it sbuild-update --keygen wants my sudo password? The manpage > doesn't mention it, and I find it quite strange to need root privileges > to generate a key…
This changed in commit d2a2d43a (Sbuild::ChrootSetup), which introduced privilege separation. [The key is generated by the build user, not the invoking user, since the key is owned by sbuild, not the user. The sudo prompt is because we're running gpg on the host, and sudo (rather than schroot) is used for the user switching there.] Note that since last week I reverted the build user to be the invoking user (in git), which would mean you'll not see this unless you alter BUILD_USER in the config. This is due to moving the sbuild-schroot wrapper from sbuild to schroot so that sbuild can remain arch-all. It can be re-enabled once the new schroot is released. [The privilege separation is in general a separate issue from this bug though, since in all other cases it's done via schroot where it works just fine.] I'll need to revisit why we don't generate the key as the invoking user. It was, I think, something to do with the key ownership, but it needs checking. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
signature.asc
Description: Digital signature