Bug#659015: apt-build disables apt's signature verification
Axel Beckert writes: > I've though observed two possibly minor issues with it: > > * An existing /etc/apt/sources.list.d/apt-build.list is not updated to > add "[trusted=yes]". Could probably be added in postinst (apt-build.list is not a conffile), e.g. something like sed -i 's/^deb file:/deb [trusted=yes] file:/' or something more strict to make sure it doesn't touch other repositories. > * Upon purge and (re)installation, I had the "deb" line twice in > /etc/apt/sources.list.d/apt-build.list and it's not clear to me why. The filename is generated differently in postinst and postrm: +--- | eval $(apt-config shell sourceslist Dir::Etc::sourcelist/f) | eval $(apt-config shell sourcesparts Dir::Etc::sourceparts/d) | aptbuildsource="$sourcesparts"apt-build.list +---[ postinst ] +--- | eval $(apt-config shell etcdir Dir::Etc) | eval $(apt-config shell sourceslist Dir::Etc::sourcelist) | eval $(apt-config shell sourcesparts Dir::Etc::sourceparts) | sourceslist=/"$etcdir""$sourceslist" | sourcesparts=/"$etcdir""$sourcesparts" | aptbuildsource="$sourcesparts"/apt-build.list +---[ postrm ] > I've not yet done much testing, so any feedback is welcome. I'll > definitely do some more testing before uploading that fix. I can't give to much feedback as I don't use apt-build myself. Just noticed the thread on -security@. Ansgar -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/878ued7h13@deep-thought.43-1.org
Processed: Re: Bug#659015: apt-build disables apt's signature verification
Processing control commands: > tag -1 + pending Bug #659015 [apt-build] apt-build: disables apt's signature checking Added tag(s) pending. -- 659015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b659015.142784599513553.transcr...@bugs.debian.org
Bug#659015: apt-build disables apt's signature verification
Control: tag -1 + pending Hi, Ansgar Burchardt wrote: > Axel Beckert writes: > > I've though observed two possibly minor issues with it: > > > > * An existing /etc/apt/sources.list.d/apt-build.list is not updated to > > add "[trusted=yes]". > > Could probably be added in postinst (apt-build.list is not a conffile), > e.g. something like > > sed -i 's/^deb file:/deb [trusted=yes] file:/' > > or something more strict to make sure it doesn't touch other > repositories. Thanks for that idea and note about not being a conffile. > > * Upon purge and (re)installation, I had the "deb" line twice in > > /etc/apt/sources.list.d/apt-build.list and it's not clear to me why. > > The filename is generated differently in postinst and postrm: That wasn't the issue, but using grep without -F to search for the whole line -- which now contains brackets and they have special meanings in grep basic regular expressions. So adding -F to the according grep call fixes that. Regards, Axel -- ,''`. | Axel Beckert , http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150331235309.gp5...@sym.noone.org
Processing of apt-build_0.12.45_amd64.changes
apt-build_0.12.45_amd64.changes uploaded successfully to localhost along with the files: apt-build_0.12.45.dsc apt-build_0.12.45.tar.xz apt-build_0.12.45_amd64.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yd7dt-0004pq...@franck.debian.org
apt-build_0.12.45_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 01 Apr 2015 02:42:19 +0200 Source: apt-build Binary: apt-build Architecture: source amd64 Version: 0.12.45 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Axel Beckert Description: apt-build - frontend to apt to build, optimize and install packages Closes: 659015 Changes: apt-build (0.12.45) unstable; urgency=medium . * QA upload * Use per-repo "deb [trusted=yes] ..." instead of global "-o Apt::Get::AllowUnauthenticated=true". (Closes: #659015) + Bump versioned apt dependency to 0.8.16~exp3 for trusted=yes + Automatically add [trusted=yes] to existing generated file /etc/apt/sources.list.d/apt-build.list in postinst. + Use "grep -F" instead of "grep" to search for the whole "deb" line in postinst to avoid the brackets around trusted=yes being parsed as character class. * Update Vcs-* URLs to current canonical forms and use collab-maint repository instead of the apt-build project one's while being under QA maintenance to allow write access to all DDs. Checksums-Sha1: ae9e387f019f95f426c94350668a7728145747c9 1551 apt-build_0.12.45.dsc f07d38bdbdbd04894bf133879704bda71260b6fd 44816 apt-build_0.12.45.tar.xz ebaf63efbe6203eff742a3e20bbadb936ae5a724 42102 apt-build_0.12.45_amd64.deb Checksums-Sha256: f3bc5badea15967b1d0796cfd988f5946504d9f20f5a64f44603593fd5c512e8 1551 apt-build_0.12.45.dsc 13cfff75f47fcf8321395b2bd4108120f6f058148c36910ac367ee3dcba6fe2f 44816 apt-build_0.12.45.tar.xz 58fa5860d00f1737427c6eafaccb2d932c2c8a287a79aea48fad02b0d2678a66 42102 apt-build_0.12.45_amd64.deb Files: 71a85d498d4a781b7ef8e52ed4472d38 1551 devel optional apt-build_0.12.45.dsc a0274158a6f2a9ec8b0c684eb406084d 44816 devel optional apt-build_0.12.45.tar.xz 0cf887b5aeab6c5e550f489312ae6a04 42102 devel optional apt-build_0.12.45_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVG0KLAAoJEGvmY8daNcl1UScP+gKlGcBFvkD877LguLpDIVla WoSgGA7P0nLwzHU0bc1R0H/Y8OOlk8t4NlqBNSGNz67GShgNQcckfsRIqZf4dU1Y muAH/qtIO2My0x6DnrtgsS7r6Dole2dMzG7+dM6v1CZxpkBRboDF72QvlYRsz19D uBMRHiNJjDR36KTt7JiY+Yzh9k21aJJOz4dDXzXbKW9bxDpYtj6lx41eqafdecaq LmP+mbossJPdkF5Si7nckqPDWjnR24RiF8lA7Kvtt2yckIy71nO91/6snUbQTNLr kOtZfQo36aQ67hsLmT6563weRghvSHHTtyp9G7abkduZZk+ISpQhIlXgMzZXEkVP hLzB/SmZQsvl7cKoswOBWKOvp4NwBzPAtyZzv1s81kizZ4f4Sgqq4BL4lR8Kld8y Aa4xIZH62WaLRh+xHClA95tJHuTHUGnsS7nqVzaVkEcPKMjrJV5SVCzu3cMwVewy mY/Hfkqs9662GictUz7x42EXqeteTJQPDp0mGIIo8e2dL9YOsae0OMVFDR9aI2NN a1OYSBEhWP2Q+ODL7fsHr0EqB0IOlolsSwrpqCPYPNyvYemwMRHCb+JnTu7M1MAK YGOfJjiSp/TZ24/EHz4qGKvzgOo8waoeHLUy/lL3bCLD4Ma04FoTu2oS/KvES+GZ /X9OVBlvduCfkynfXXVO =O9Bf -END PGP SIGNATURE- Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yd7ik-0005ld...@franck.debian.org
Bug#659015: marked as done (apt-build: disables apt's signature checking)
Your message dated Wed, 01 Apr 2015 01:18:38 + with message-id and subject line Bug#659015: fixed in apt-build 0.12.45 has caused the Debian Bug report #659015, regarding apt-build: disables apt's signature checking to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 659015: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659015 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: apt-build Severity: wishlist apt-build repository is unsigned, so Apt::Get::AllowUnauthenticated is needed to install packages. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPMSHUAAoJENONJ1Ky5PTzty8IAJz/yApd01tiX8bueiTVbI8F zrli3zhHHhTyw1reBoB/hmfG6owh4uVJ5DzvN3FYRLv3r9J/m6PliSTFHivKk9IR Bpucm9ks1FRSZvAxbX39w3tX4BJ5Y5PqCxn0S710Mn2YhB62R7Mp+orHFeAglgYK AcvVVNjcKr9RjR/JOGXai6G9GTk7l6AhLPgKjONFvE0dFW50eQArpP+cawx3ilQg fM7aDlDp8fwGGTbJqHes8ocvnJHv3FXfXx0XBzmdhxtq9650/prk2DTzRjsAknW4 zvGlzDKBeskjtaPNrDC8UbpatxwQjDABpbtxE2IKWR8mNkmcIh812K4jsfcJqME= =A/Dd -END PGP SIGNATURE- --- End Message --- --- Begin Message --- Source: apt-build Source-Version: 0.12.45 We believe that the bug you reported is fixed in the latest version of apt-build, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 659...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Axel Beckert (supplier of updated apt-build package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 01 Apr 2015 02:42:19 +0200 Source: apt-build Binary: apt-build Architecture: source amd64 Version: 0.12.45 Distribution: unstable Urgency: medium Maintainer: Debian QA Group Changed-By: Axel Beckert Description: apt-build - frontend to apt to build, optimize and install packages Closes: 659015 Changes: apt-build (0.12.45) unstable; urgency=medium . * QA upload * Use per-repo "deb [trusted=yes] ..." instead of global "-o Apt::Get::AllowUnauthenticated=true". (Closes: #659015) + Bump versioned apt dependency to 0.8.16~exp3 for trusted=yes + Automatically add [trusted=yes] to existing generated file /etc/apt/sources.list.d/apt-build.list in postinst. + Use "grep -F" instead of "grep" to search for the whole "deb" line in postinst to avoid the brackets around trusted=yes being parsed as character class. * Update Vcs-* URLs to current canonical forms and use collab-maint repository instead of the apt-build project one's while being under QA maintenance to allow write access to all DDs. Checksums-Sha1: ae9e387f019f95f426c94350668a7728145747c9 1551 apt-build_0.12.45.dsc f07d38bdbdbd04894bf133879704bda71260b6fd 44816 apt-build_0.12.45.tar.xz ebaf63efbe6203eff742a3e20bbadb936ae5a724 42102 apt-build_0.12.45_amd64.deb Checksums-Sha256: f3bc5badea15967b1d0796cfd988f5946504d9f20f5a64f44603593fd5c512e8 1551 apt-build_0.12.45.dsc 13cfff75f47fcf8321395b2bd4108120f6f058148c36910ac367ee3dcba6fe2f 44816 apt-build_0.12.45.tar.xz 58fa5860d00f1737427c6eafaccb2d932c2c8a287a79aea48fad02b0d2678a66 42102 apt-build_0.12.45_amd64.deb Files: 71a85d498d4a781b7ef8e52ed4472d38 1551 devel optional apt-build_0.12.45.dsc a0274158a6f2a9ec8b0c684eb406084d 44816 devel optional apt-build_0.12.45.tar.xz 0cf887b5aeab6c5e550f489312ae6a04 42102 devel optional apt-build_0.12.45_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVG0KLAAoJEGvmY8daNcl1UScP+gKlGcBFvkD877LguLpDIVla WoSgGA7P0nLwzHU0bc1R0H/Y8OOlk8t4NlqBNSGNz67GShgNQcckfsRIqZf4dU1Y muAH/qtIO2My0x6DnrtgsS7r6Dole2dMzG7+dM6v1CZxpkBRboDF72QvlYRsz19D uBMRHiNJjDR36KTt7JiY+Yzh9k21aJJOz4dDXzXbKW9bxDpYtj6lx41eqafdecaq LmP+mbossJPdkF5Si7nckqPDWjnR24RiF8lA7Kvtt2yckIy71nO91/6snUbQTNLr kOtZfQo36aQ67hsLmT6563weRghvSHHTtyp9G7abkduZZk+ISpQhIlXgMzZXEkVP hLzB/SmZQsvl7cKoswOBWKOvp4NwBzPAtyZzv1s81kizZ4f4Sgqq4BL4lR8Kld8y Aa4xIZH62WaLRh+xHClA95tJHuTHUGnsS7nqVzaVkEcPKMjrJV5SVCzu3cMwVewy mY/Hfkqs9662GictUz7x42EXqeteTJQPDp0mGIIo8e2dL9YOsae0OMVFDR9aI2NN a1OYSBEhWP2Q+ODL7fsHr0EqB0IOlolsSwrpqCPYPNyvYemwMRHCb+JnTu7M1MAK YGOfJjiSp/TZ24/EHz4qGKv
