On Sat, Jun 12, 2010 at 11:06:28PM -0400, Rob Owens wrote:
> I'm playing around with pbuilder.  While building a package, pbuilder
> needed to reference another package that I built and did not sign.
> Pbuilder happily ignored the lack of signature and gave this warning,
> but did not pause so I could read it:
> 
> 
> Untrusted packages could compromise your system's security.
> You should only proceed with the installation if you are certain that
> this is what you want to do.
> 
>   debhelper 
> 
> *** WARNING ***   Ignoring these trust violations because
>                   aptitude::CmdLine::Ignore-Trust-Violations is 'true'!
> 
> 
> I'd like to change this behavior so that pbuilder at least stops and
> asks me how to proceed.  I've been looking through the man pages and
> googling, but I'm not seeing it.  
> 
> 
I've found a couple of bugs referencing this problem, and the pbuilder
devs seem to think this is the way it should be.  I disagree, so I
worked around it like this:

In /usr/lib/pbuilder I made a copy of pbuilder-satisfydepends-aptitude,
and called it pbuilder-satisfydepends-aptitude-safe.  I edited the
"safe" file and changed 

Ignore-Trust-Violations=true
to
Ignore-Trust-Violations=false

Then in my ~/.pbuilderrc I added the line

PBUILDERSATISFYDEPENDSCMD="/usr/lib/pbuilder/pbuilder-satisfydepends-aptitude-safe"

Now pbuilder exits when it encounters an unsigned deb.  As far as I can
tell, that is.  I'm still in the process of testing it but so far it
seems to work.

If anyone knows of a better way, please post it.

-Rob


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20100613033334.ga10...@aurora.owens.net

Reply via email to