Bug#718225: live-build should authenticate files it downloads

Patrick (adrelanos) from the Kicksecure team and myself discovered this vulnerability before realizing this bug existed. I developed a full proof-of-concept exploit for it, and informed the Debian Security Team about it. They got back to me and don't appear to have a problem with me publishing the

Bug#1089624: live-build: Remove obsolete modification to cryptsetup-initramfs conf-hook file

Package: live-build Version: 1:20240810 Severity: minor X-Debbugs-Cc: adrela...@kicksecure.com live-build/share/hooks/normal/1010-enable-cryptsetup.hook.chroot currently adds the line 'CRYPTSETUP=y' to /etc/cryptsetup-initramfs/conf-hook during the live system build process. This conf-hook file do

Bug#1088650: Bookworm arm64 builds are broken with `--debian-installer live`

Just tested the patch sent in the initial report, it appears this does indeed fix the build. The ISO build succeeds, and the generated ISO boots properly into both live mode and debian-installer using qemu-system-aarch64. pgpkiYmMUTfW2.pgp Description: OpenPGP digital signature

Bug#1088650: Bookworm arm64 builds are broken with `--debian-installer live`

Package: live-build Version: 1:20240810 Severity: normal Tags: upstream, patch X-Debbugs-Cc: adrela...@kicksecure.com, arraybo...@gmail.com (Note, I'm using a version of live-build installed with `sudo make install` that is currently six commits behind git master, however I've checked the code and

Bug#1087470: live-build: Binary stage runs apt commands, breaking certain image build workflows

On Fri, 15 Nov 2024 08:39:19 +0100 Roland Clobus wrote: > Before delving deeper into the code, could you post a minimal > configuration that shows the behaviour? Perhaps there are other ways > to achieve the same goal. Hopefully, yes. I haven't lost track of this, but I haven't yet gotten a w

Bug#1087470: live-build: Binary stage runs apt commands, breaking certain image build workflows

Package: live-build Version: 1:20240810 Severity: wishlist X-Debbugs-Cc: adrela...@kicksecure.com I'm using live-build to build ISO images of Kicksecure, a Debian derivative. Currently, we use apt-cacher-ng to cache package downloads for speed's sake. We also install special apt sources.list files

Bug#1085869: live-build: ISO build crashes when an environment.chroot variable's value contains spaces

Package: live-build Version: 1:20240810 Severity: normal X-Debbugs-Cc: adrela...@kicksecure.com Expected result: I should be able to specify arbitrary environment variables in config/environment.chroot and have them be picked up by commands that run within the chroot. Actual result: If I specify

Re: live-build is utterly determined to pull in jh7100-bootloader-recovery?

On Mon, Oct 14, 2024 at 8:22 PM Aaron Rainbolt wrote: > > On Mon, 14 Oct 2024 19:40:19 -0500 > Aaron Rainbolt wrote: > > > I'm currently banging my head against a proverbial wall trying to > > figure out why there are some packages being incorrectly pulled into >

Re: live-build is utterly determined to pull in jh7100-bootloader-recovery?

On Mon, 14 Oct 2024 19:40:19 -0500 Aaron Rainbolt wrote: > I'm currently banging my head against a proverbial wall trying to > figure out why there are some packages being incorrectly pulled into > an ISO I'm building. I assume all of the packages are being pulled in > fo

live-build is utterly determined to pull in jh7100-bootloader-recovery?

I'm currently banging my head against a proverbial wall trying to figure out why there are some packages being incorrectly pulled into an ISO I'm building. I assume all of the packages are being pulled in for a similar reason, so right now I just want to focus on one particular package. My live-bui