Re: Another pbuilder run finished
On Thu, 2 Jan 2003 09:27 pm, Russell Coker wrote:
> > Actually, the root requirement was a reason for me not to use
> > pbuilder.
Ditto. I don't really want to trust arbitrary build scripts written by
people I don't know to run as root on my machine.
> > And personally, I would not like to have an automated
> > building process running as root on any box that has productive
> > jobs.
Another partial solution that no-one appears to have mentioned is to
use sbuild instead. Although it does require sudo root on the build
machine (for chroot), I think the actual build processes run under
fakeroot, which should protect against rogue maintainer scripts. It
does not, however, protect against rogue packages which are installed
as dependencies in the chroot.
> What if the process is in a secure chroot provided by SE Linux or
Sounds like a good solution, I wish I'd thought of that last time I
had this problem.
> I would be happy to assist on setting up SE Linux for this task...
Hmmm... I'd love to try this when I get time.
email@example.com aka firstname.lastname@example.org
GPG key fingerprint:
C746 38A9 D3E4 A171 FB6A 56D4 5E30 DFCC BE11 F437