Bug#588035: [buildd-tools-devel] Bug#588035: Bug#588035: Sbuild::AptitudeBuildDepSatisfier: Always passes Aptitude::CmdLine::Ignore-Trust-Violations=true
tags 588035 + fixed-upstream pending thanks On Mon, Jul 05, 2010 at 05:21:29PM +0900, Ansgar Burchardt wrote: > · No longer pass '-o Apt::Install-Recommends=false' to aptitude. >This option is implied by --without-recommends according to >aptitude(8). >(This should only be a cosmetic change.) > > · Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending >on the $apt_allow_unauthenticated option. > > The patches are against the 0.60.0 version currently in unstable. > > I tested the patch with $apt_allow_unauthenticated set to both true and > false and the correct option is passed to aptitude. I have applied your patches to the current sbuild master branch in our git repository, and they will be in the next release. I did need to alter them slightly because they would no longer apply due to interim changes, but they should work as you intended. http://git.debian.org/?p=buildd-tools/sbuild.git;a=commitdiff;h=7ac00d6608e54c9a7365451701ee12af73ba8303 http://git.debian.org/?p=buildd-tools/sbuild.git;a=commitdiff;h=b572872e0ef8a26c4ab174a79304323ac9118338 http://git.debian.org/?p=buildd-tools/sbuild.git;a=commitdiff;h=51d8b818c65101ec0145fb5bc53baf1c4a12aa7d Thanks for your patience, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Bug#588035: [buildd-tools-devel] Bug#588035: Sbuild::AptitudeBuildDepSatisfier: Always passes Aptitude::CmdLine::Ignore-Trust-Violations=true
tags 588035 + patch thanks Roger Leigh writes: > On Sun, Jul 04, 2010 at 07:56:49PM +0900, Ansgar Burchardt wrote: >> Sbuild::AptitudeBuildDepSatisfier always passes the option >> Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude, allowing >> the installation of unauthenticated packages. I think this should >> depend on the $apt_allow_unauthenticated option in the configuration >> file: >> >> # Force APT to accept unauthenticated packages. >> # This is disabled by default: only enable it if you know what you are >> # doing. >> #$apt_allow_unauthenticated = 0; > > This certainly looks like we should be defaulting to what is > set in $apt_allow_unauthenticated, unless there's some reason > not to do that for dependency resolving? Do you see any > problems if you set > Aptitude::CmdLine::Ignore-Trust-Violations=false ? I changed the setting in the source and it works just fine. I have prepared two patches to · No longer pass '-o Apt::Install-Recommends=false' to aptitude. This option is implied by --without-recommends according to aptitude(8). (This should only be a cosmetic change.) · Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending on the $apt_allow_unauthenticated option. The patches are against the 0.60.0 version currently in unstable. I tested the patch with $apt_allow_unauthenticated set to both true and false and the correct option is passed to aptitude. Regards, Ansgar >From dfd1dd20fd4fe57357e3f03e256b59ae700958b6 Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt Date: Mon, 5 Jul 2010 17:02:24 +0900 Subject: [PATCH 1/2] Do not pass -o Apt::Install-Recommends=false to aptitude The option --without-recommends corresponds to the configuration options Apt::Install-Recommends and Apt::AutoRemove::InstallRecommends. There is no need to pass the option explicitly. Signed-off-by: Ansgar Burchardt --- lib/Sbuild/AptitudeBuildDepSatisfier.pm |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/lib/Sbuild/AptitudeBuildDepSatisfier.pm b/lib/Sbuild/AptitudeBuildDepSatisfier.pm index 6dbf287..6f362b2 100644 --- a/lib/Sbuild/AptitudeBuildDepSatisfier.pm +++ b/lib/Sbuild/AptitudeBuildDepSatisfier.pm @@ -152,7 +152,6 @@ EOF 'aptitude', '-y', '--without-recommends', - '-o', 'APT::Install-Recommends=false', '-o', 'Aptitude::CmdLine::Ignore-Trust-Violations=true', '-o', 'Aptitude::ProblemResolver::StepScore=100', 'install', -- 1.7.1 >From 629b9fb435c8fce2693b49eb24a349b28b19ce41 Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt Date: Mon, 5 Jul 2010 17:11:25 +0900 Subject: [PATCH 2/2] Do not ignore trust violations Set the value of Aptitude::CmdLine::Ignore-Trust-Violations depending on the $apt_allow_unauthenticated option. Bug-Debian: http://bugs.debian.org/588035 Signed-off-by: Ansgar Burchardt --- lib/Sbuild/AptitudeBuildDepSatisfier.pm |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/lib/Sbuild/AptitudeBuildDepSatisfier.pm b/lib/Sbuild/AptitudeBuildDepSatisfier.pm index 6f362b2..c4cec31 100644 --- a/lib/Sbuild/AptitudeBuildDepSatisfier.pm +++ b/lib/Sbuild/AptitudeBuildDepSatisfier.pm @@ -148,11 +148,13 @@ EOF my @non_default_deps = $self->get_non_default_deps($dep, {}); +my $ignore_trust_violations = $self->get_conf('APT_ALLOW_UNAUTHENTICATED') ? 'true' : 'false'; + my @aptitude_install_command = ( 'aptitude', '-y', '--without-recommends', - '-o', 'Aptitude::CmdLine::Ignore-Trust-Violations=true', + '-o', "Aptitude::CmdLine::Ignore-Trust-Violations=$ignore_trust_violations", '-o', 'Aptitude::ProblemResolver::StepScore=100', 'install', $dummy_pkg_name, -- 1.7.1
Bug#588035: [buildd-tools-devel] Bug#588035: Sbuild::AptitudeBuildDepSatisfier: Always passes Aptitude::CmdLine::Ignore-Trust-Violations=true
On Sun, Jul 04, 2010 at 07:56:49PM +0900, Ansgar Burchardt wrote: > Sbuild::AptitudeBuildDepSatisfier always passes the option > Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude, allowing > the installation of unauthenticated packages. I think this should > depend on the $apt_allow_unauthenticated option in the configuration > file: > > # Force APT to accept unauthenticated packages. > # This is disabled by default: only enable it if you know what you are > # doing. > #$apt_allow_unauthenticated = 0; This certainly looks like we should be defaulting to what is set in $apt_allow_unauthenticated, unless there's some reason not to do that for dependency resolving? Do you see any problems if you set Aptitude::CmdLine::Ignore-Trust-Violations=false ? Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Bug#588035: Sbuild::AptitudeBuildDepSatisfier: Always passes Aptitude::CmdLine::Ignore-Trust-Violations=true
Package: sbuild Version: 0.60.0-1 Severity: important Hi, Sbuild::AptitudeBuildDepSatisfier always passes the option Aptitude::CmdLine::Ignore-Trust-Violations=true to aptitude, allowing the installation of unauthenticated packages. I think this should depend on the $apt_allow_unauthenticated option in the configuration file: # Force APT to accept unauthenticated packages. # This is disabled by default: only enable it if you know what you are # doing. #$apt_allow_unauthenticated = 0; Regards, Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org