[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#857475: marked as done (unblock: pbuilder/0.228.6 (pre-approval))

Your message dated Sun, 12 Mar 2017 17:27:59 +0100
with message-id <20170312162758.vvl4kx3xgxexvgu5@mapreri.org>
and subject line Re: Bug#857475: unblock: pbuilder/0.228.6 (pre-approval)
has caused the Debian Bug report #857475,
regarding unblock: pbuilder/0.228.6 (pre-approval)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
857475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857475
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
package: release.debian.org
user: release.debian.org@packages.debian.org
usertags: unblock
x-debbugs-cc: pbuilder-maint@lists.alioth.debian.org

We pbuilder maintainers would like to fix #841935 for good, so James did
some great work and testing to fix it.  I also cofirm that all my tests
went well.
While on it I'd like to slip in some very other minor changes.
See the attached debdiff for the details.

TIA.

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

diffstat for pbuilder-0.228.5 pbuilder-0.228.5+

 debian/NEWS          |    4 +---
 debian/changelog     |   23 +++++++++++++++++++++++
 debian/control       |    1 +
 pbuilder-checkparams |    2 +-
 pbuilder-modules     |   38 +++++++++++++++++++++++++++++++++++++-
 pbuilder.8           |    3 ++-
 pbuilderrc.5         |   38 ++++++++++++++++++++++----------------
 7 files changed, 87 insertions(+), 22 deletions(-)

diff -Nru pbuilder-0.228.5/debian/changelog pbuilder-0.228.5+/debian/changelog
--- pbuilder-0.228.5/debian/changelog	2017-03-02 17:16:19.000000000 +0100
+++ pbuilder-0.228.5+/debian/changelog	2017-03-10 14:33:53.000000000 +0100
@@ -1,3 +1,26 @@
+pbuilder (0.228.5+) UNRELEASED; urgency=medium
+
+  [ James Clarke ]
+  * modules: Use a new /dev/pts instance inside the chroot.
+    This allows for better isolation as the build process is no longer able
+    to see the host's PTYs, other than the controlling terminal (if there is
+    one).  By using a new instance, we can also control the permissions of
+    /dev/pts/ptmx, ensuring that the build process is always able to create
+    new PTYs, even if the host's has the default 000 mode.
+    Thanks to Simon McVittie <smcv@debian.org> for the thorough investigation.
+    Closes: #841935
+
+  [ Mattia Rizzolo ]
+  * pbuilderrc.5:
+    + Update the details about the currently available dependency resolvers.
+  * debian/NEWS:
+    + Remove changes reverted in successive fixup uploads.
+  * checkparams:
+    + Make --extrapackages cumulative.  Specifying --extrapackages multiple
+      times will now add packages to the list.
+
+ -- Mattia Rizzolo <mattia@debian.org>  Fri, 10 Mar 2017 14:33:53 +0100
+
 pbuilder (0.228.5) unstable; urgency=medium
 
   [ Thorsten Glaser ]
diff -Nru pbuilder-0.228.5/debian/control pbuilder-0.228.5+/debian/control
--- pbuilder-0.228.5/debian/control	2017-01-24 00:51:09.000000000 +0100
+++ pbuilder-0.228.5+/debian/control	2017-03-10 14:05:32.000000000 +0100
@@ -25,6 +25,7 @@
 Depends:
  debootstrap | cdebootstrap,
  dpkg-dev (>= 1.17.0),
+ util-linux (>= 2.26.2-4) | initscripts (<< 2.88dsf-59.1),
  wget,
  ${misc:Depends},
 Recommends:
diff -Nru pbuilder-0.228.5/debian/NEWS pbuilder-0.228.5+/debian/NEWS
--- pbuilder-0.228.5/debian/NEWS	2017-01-18 12:34:59.000000000 +0100
+++ pbuilder-0.228.5+/debian/NEWS	2017-03-10 14:28:34.000000000 +0100
@@ -10,9 +10,7 @@
   in pbuilder, such as bind-mounting /dev/shm from the host, to avoid
   situations like over-mounting.
 
-  Pdebuild now uses dpkg-source directly to generate the dsc to pass to
-  pbuilder rather than dpkg-buildpackage -S, therefore DEBBUILDOPTS no
-  longer affect this.  It will also no longer generate a source changes file
+  Pdebuild  will no longer generate a source changes file
   if BUILDRESULT is the parent directory, since the dsc will be overwritten
   when copying back the build results, possibly invalidating the previous
   changes file; please use pbuilder's new --source-only-changes option.
diff -Nru pbuilder-0.228.5/pbuilder.8 pbuilder-0.228.5+/pbuilder.8
--- pbuilder-0.228.5/pbuilder.8	2017-01-15 18:04:50.000000000 +0100
+++ pbuilder-0.228.5+/pbuilder.8	2017-03-10 14:28:36.000000000 +0100
@@ -638,7 +638,8 @@
 and
 .BR "update" .
 
-The packages should be specified as a space-delimited list.
+The packages should be specified as a space-delimited list, or by specifying
+\-\-extrapcakges multiple times.
 
 .TP
 .BI "\-\-debemail [" "maintainer-name <email-address>" "]"
diff -Nru pbuilder-0.228.5/pbuilder-checkparams pbuilder-0.228.5+/pbuilder-checkparams
--- pbuilder-0.228.5/pbuilder-checkparams	2017-01-15 18:04:50.000000000 +0100
+++ pbuilder-0.228.5+/pbuilder-checkparams	2017-03-10 14:28:36.000000000 +0100
@@ -170,7 +170,7 @@
         shift; shift;
         ;;
     --extrapackages)
-        EXTRAPACKAGES="$2";
+        EXTRAPACKAGES="${EXTRAPACKAGES:+$EXTRAPACKAGES }$2";
         shift; shift;
         ;;
     --hookdir)
diff -Nru pbuilder-0.228.5/pbuilder-modules pbuilder-0.228.5+/pbuilder-modules
--- pbuilder-0.228.5/pbuilder-modules	2017-02-05 16:38:30.000000000 +0100
+++ pbuilder-0.228.5+/pbuilder-modules	2017-03-10 14:05:32.000000000 +0100
@@ -276,6 +276,12 @@
         umount_one "$SELINUX"
     fi
     if [ "$DEB_BUILD_ARCH_OS" = "linux" ] && [ "$USEDEVPTS" = "yes" ]; then
+        if mountpoint -q "$BUILDPLACE/dev/console"; then
+            umount_one "dev/console"
+        fi
+        if mountpoint -q "$BUILDPLACE/dev/ptmx"; then
+            umount_one "dev/ptmx"
+        fi
         umount_one "dev/pts"
     fi
     if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ] || [ "$USEDEVFS" = "yes" ]; then
@@ -383,8 +389,38 @@
         TTYGRP=5
         TTYMODE=620
         [ -f /etc/default/devpts ] && . /etc/default/devpts
-        mount -t devpts none "$BUILDPLACE/dev/pts" -onoexec,nosuid,gid=$TTYGRP,mode=$TTYMODE
+        # Even wheezy has CONFIG_DEVPTS_MULTIPLE_INSTANCES=y, so no need to
+        # fall back to the old method with just /dev/ptmx.
+        mount -t devpts devpts "$BUILDPLACE/dev/pts" -o newinstance,noexec,nosuid,gid=$TTYGRP,mode=$TTYMODE,ptmxmode=0666
         mounted[${#mounted[@]}]="$BUILDPLACE/dev/pts"
+
+        # If /dev/ptmx is a symlink, it should be /dev/ptmx -> pts/ptmx
+        # and since ptmxmode is 0666, /dev/pts/ptmx will have mode 0666.
+        # However, if it is not a symlink, then any PTYs created inside the
+        # chroot will not be visible. We could delete /dev/ptmx and replace
+        # it with a symlink, but it's safer just to bind-mount it.
+        # This is based on the recommendations in
+        # Documentation/filesystems/devpts.txt
+        # (linux.git commit 784c4d8b1b1e66f8c45e8b889613f4982f525b2b)
+        if [ ! -L "$BUILDPLACE/dev/ptmx" ]; then
+            log.i "redirecting /dev/ptmx to /dev/pts/ptmx"
+            mount --bind "$BUILDPLACE/dev/pts/ptmx" "$BUILDPLACE/dev/ptmx"
+            mounted[${#mounted[@]}]="$BUILDPLACE/dev/ptmx"
+        fi
+
+        # If there is a controlling TTY, it must be available to the chroot.
+        # The standard practice (at least by lxc and systemd-nspawn) is to
+        # bind-mount it onto /dev/console.
+        if CURRENT_TTY="$(tty)"; then
+            # We need /dev/console to exist to be able to bind-mount onto it.
+            # Might as well make the proper device node rather than a file.
+            if [ ! -e "$BUILDPLACE/dev/console" ]; then
+                log.i "creating /dev/console"
+                mknod -m 600 "$BUILDPLACE/dev/console" c 5 1
+            fi
+            log.i "mounting $CURRENT_TTY over /dev/console"
+            mount --bind "$CURRENT_TTY" "$BUILDPLACE/dev/console"
+        fi
     fi
     if [ -n "$SELINUX" ]; then
         log.i "mounting selinux filesystem"
diff -Nru pbuilder-0.228.5/pbuilderrc.5 pbuilder-0.228.5+/pbuilderrc.5
--- pbuilder-0.228.5/pbuilderrc.5	2017-02-05 16:38:30.000000000 +0100
+++ pbuilder-0.228.5+/pbuilderrc.5	2017-03-10 14:28:22.000000000 +0100
@@ -383,25 +383,31 @@
 .TP
 .BI "PBUILDERSATISFYDEPENDSCMD=" "/usr/lib/pbuilder/pbuilder\-satisfydepends"
 This option is used by various parts of pbuilder to satisfy
-(i.e. install) the build-dependencies of a package.  There are four
-implementations:
+(i.e. install) the build-dependencies of a package.
+These are the available implementations:
 
-The "experimental" implementation,
-"pbuilder\-satisfydepends\-experimental", which might be useful to pull
-packages from experimental or from repositories with a low APT Pin
-Priority.
-
-The "aptitude" implementation, which will resolve build-dependencies
-and build-conflicts with aptitude which helps dealing with complex
-cases but does not support unsigned APT repositories.
-
-The "gdebi" implementation, which will resolve build-dependencies
-using gdebi tool, faster than classic implementation, and does not
-require installation of a dummy package like the aptitude
+.I pbuilder\-satisfydepends\-apt
+the newest implementation, which leverage the ability of apt 1.4 to satisfy
+build dependencies and build conflicts from a .dsc; useful since it's pretty
+fast and doesn't require the installation of any non-required package in the
+chroot, nor of dummy packages.
+
+.I pbuilder\-satisfydepends\-experimental
+might be useful to pull packages from repositories with a low APT Pin Priority
+(for example, Debian's experimental or stable-backports).
+
+.I pbuilder\-satisfydepends\-aptitude
+will resolve build-dependencies and build-conflicts with aptitude which helps
+dealing with complex cases but does not support unsigned APT repositories.
+
+.I pbuilder\-satisfydepends\-gdebi
+will resolve build-dependencies using gdebi, faster than classic implementation,
+and does not require installation of a dummy package like the aptitude
 implementation.
 
-The "classic" implementation, which was the original implementation
-used until 0.172.
+.I pbuilder\-satisfydepnds\-classic
+the "classic" implementation, which was the original implementation used by
+default until v0.172.
 
 The default is now "aptitude".
 .TP

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
On Sun, Mar 12, 2017 at 09:32:00AM +0000, Niels Thykier wrote:
> Please go ahead and remove the moreinfo tag once the upload has been
> completed (and built if necessary).

uploaded, built, unblocked.  yay!

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

Attachment: signature.asc
Description: PGP signature


--- End Message ---
Reply to: