[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tainted builds (was Re: usrmerge -- plan B?)

On Wed, Nov 28, 2018 at 02:57:52PM +0100, Guillem Jover wrote:
> Hi!
> On Wed, 2018-11-28 at 07:52:08 +0500, Alexander E. Patrakov wrote:
> > Well, the buildd configuration change has been reverted. What worries me now
> > is that there is a risk not yet mitigated, coming from personal systems of
> > Debian developers, and we should also check porter boxes.
> > 
> > As long as there is one Debian Developer (or any other person who has the
> > right to upload binary packages) who has a merged /usr on his system used
> > for building packages, there is a risk of reintroducing the bug through his
> > package. Maybe we should somehow, in the short term, modify dpkg to add
> > something like "Tainted-By: usr-merge" control field to all binary packages
> > produced, if a package is built on a system with merged /usr (detected via
> > /bin being a symlink). And a corresponding automatic check that would
> > auto-reject binary packages with any Tainted-By control field from being
> > uploaded to the Debian archive.
> This is actually a great idea! I went ahead and implemented this, see
> attached tentative patch which I'm planning on including in dpkg 1.19.3.

Would you be willing to also implement

	Tainted-By: not-built-in-a-chroot


(ischroot(1) is from debianutils which is Essential).

a few nits in the manpage:

> diff --git i/man/deb-buildinfo.man w/man/deb-buildinfo.man
> index 5013aa047..8aa333965 100644
> --- i/man/deb-buildinfo.man
> +++ w/man/deb-buildinfo.man
> @@ -149,6 +149,19 @@ via some pattern match to avoid leaking possibly sensitive information.
>  On Debian and derivatives only build paths starting with \fI/build/\fP
>  will emit this field.
>  .TP
> +.BR Build\-Tainted\-By: " \fItaint-reasons...\fP"
> +The list of reasons in the form of string tags (alphanumeric and dash),
> +that can taint the current build.

Other fields explicitly mention being space-separated, you might want to do the
same here.

> +.RS
> +.TP
> +.B merged-usr-via-symlinks
> +The system has a merged /usr via symlinks.
> +This will confuse \fBdpkg\-query\fP as it messes with the \fBdpkg\fP
> +understanding of the filesystem it manages.
> +It can also produce packages with hardcoded paths that will be incompatible
> +with non-usr-merged filesystems.

I would say here:

For packages that hardcode paths to specific binaries at build time, it can
also produce packages that are incompatible with non-usr-merged systems.

Attachment: signature.asc
Description: PGP signature

Reply to: