Package: sbuild Version: 0.73.0-4+0~roam1 Severity: important Tags: patch Hi,
First of all, thanks for maintaining and developing sbuild! Recent versions of apt started dropping privileges to an _apt user account; thus, the keyring file that sbuild creates for use in the chroot is no longer readable by apt, so it issues a warning, exits with a non-zero code, and breaks the build. What do you think about the attached two patches? The second one fixes the problem itself; the first one is a drive-by fix. Thanks again for your work on sbuild and Debian in general! G'luck, Peter -- System Information: Debian Release: 9.0 APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sbuild depends on: ii adduser 3.115 ii libsbuild-perl 0.73.0-4+0~roam1 ii perl 5.24.1-3 Versions of packages sbuild recommends: ii autopkgtest 4.4 ii debootstrap 1.0.89 ii schroot 1.7.2-3 Versions of packages sbuild suggests: ii deborphan 1.7.28.8-0.3+b1 ii kmod 23-2 ii wget 1.18-5 -- no debconf information
From eec3335c7e62658325e65e56d1ce873382bad499 Mon Sep 17 00:00:00 2001
From: Peter Pentchev <r...@ringlet.net>
Date: Wed, 7 Jun 2017 22:28:39 +0300
Subject: [PATCH 1/2] Check the result of a rename() operation
---
lib/Sbuild/ResolverBase.pm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/Sbuild/ResolverBase.pm b/lib/Sbuild/ResolverBase.pm
index 24d14643..78f00b75 100644
--- a/lib/Sbuild/ResolverBase.pm
+++ b/lib/Sbuild/ResolverBase.pm
@@ -1383,7 +1383,11 @@ EOF
&$kill_gpgagent();
return 0;
}
- $session->rename($tmpfilename, $self->get('Dummy archive key file'));
+ if (!$session->rename($tmpfilename, $self->get('Dummy archive key
file'))) {
+ $self->log("Failed to rename the dummy archive key.\n");
+ &$kill_gpgagent();
+ return 0;
+ }
&$kill_gpgagent();
}
--
2.11.0
From 86c5720ba2b8f9a0093ff549ac54541abe837185 Mon Sep 17 00:00:00 2001
From: Peter Pentchev <r...@ringlet.net>
Date: Wed, 7 Jun 2017 22:29:48 +0300
Subject: [PATCH 2/2] Make the dummy archive key file world-readable
Recent versions of apt drop privileges by switching to the _apt
user account.
---
lib/Sbuild/ResolverBase.pm | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/Sbuild/ResolverBase.pm b/lib/Sbuild/ResolverBase.pm
index 78f00b75..deb36172 100644
--- a/lib/Sbuild/ResolverBase.pm
+++ b/lib/Sbuild/ResolverBase.pm
@@ -1388,6 +1388,11 @@ EOF
&$kill_gpgagent();
return 0;
}
+ if (!$session->chmod($self->get('Dummy archive key file'), '0644')) {
+ $self->log("Failed to set the permissions on the dummy archive
key.\n");
+ &$kill_gpgagent();
+ return 0;
+ }
&$kill_gpgagent();
}
--
2.11.0
signature.asc
Description: PGP signature
