Your message dated Thu, 15 Oct 2015 06:47:27 +0000
with message-id <[email protected]>
and subject line Re: Bug#789868: pbuilder: pdebuild fails with sudo error
has caused the Debian Bug report #789868,
regarding pbuilder: pdebuild fails with sudo error
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
789868: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789868
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pbuilder
Version: 0.215+nmu3
Severity: normal
When following the steps in
https://www.debian.org/doc/manuals/maint-guide/build.en.html#pbuilder
I get the following error when running "pdebuild":
sudo: sorry, you are not allowed to preserve the environment
Note that I use sudo's default config.
With "/bin/bash -x pdebuild", I can see a line starting with:
sudo -E pbuilder --build --buildresult /var/cache/pbuilder/result/ [...]
But it seems that for security reasons, the -E option no longer works.
So, this would no longer be the right method.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages pbuilder depends on:
ii coreutils 8.23-4
ii debconf [debconf-2.0] 1.5.56
ii debianutils 4.5.1
ii debootstrap 1.0.70
ii dpkg-dev 1.18.1
ii wget 1.16.3-3
Versions of packages pbuilder recommends:
ii devscripts 2.15.5
ii fakeroot 1.20.2-1
ii iproute2 4.0.0-1
ii net-tools 1.60-26+b1
ii sudo 1.8.12-1
Versions of packages pbuilder suggests:
pn cowdancer <none>
ii gdebi-core 0.9.5.5+nmu1
pn pbuilder-uml <none>
-- debconf information:
* pbuilder/mirrorsite: http://ftp.debian.org/debian/
pbuilder/nomirror:
pbuilder/rewrite: false
--- End Message ---
--- Begin Message ---
On Fri, Oct 09, 2015 at 02:02:48AM +0200, Vincent Lefevre wrote:
> On 2015-10-08 22:22:10 +0000, Mattia Rizzolo wrote:
> > So, I created a really fresh VM (with an old testing from the time
> > testing was jessie), dist-upgrade it to sid.
>
> VM's may behave differently. Try with a real machine.
erm, I'm pretty confident that if I try sudo inside a virtualbox VM it
behaves the same than a real machine, if that's not the case we have
much bigger problems.
And I don't have a spare real machine atm.
> Try exactly:
>
> 1. By default, a normal user cannot use sudo for obvious security
> reasons. So, one needs to enable pbuilder in some sudoers.d file
> with "visudo -f /etc/sudoers.d/username":
>
> username ALL = PASSWD: /usr/sbin/pbuilder
ok, then just use
username ALL=(ALL) SETENV: PASSSWD: /usr/sbin/pbuilder
Your config is broken, in the following way:
* by default there is a 'env_reset' option on top of the sudoers file
* by default everything is granted to users in the 'sudo' group, by
using
%sudo ALL=(ALL:ALL) ALL
* from sudoers(5):
If the command matched is ALL, the SETENV tag is implied for that
command; this default may be overridden by use of the NOSETENV tag.
* so with the default conf a user in the "sudo" group can run `sudo -E`,
adding people to the sudo team is nowaday a norm when you don't need
too deal with too much complicated sudo configuration that are too
easy to get wrong
Given that this is not a standard sudo configuration, either you add the
SETENV tag to your line there, or change the default in the top of the
file.
This is not a bug in pbuilder.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: http://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
--- End Message ---
