Your message dated Sun, 12 Mar 2017 17:27:59 +0100 with message-id <20170312162758.vvl4kx3xgxexvgu5@mapreri.org> and subject line Re: Bug#857475: unblock: pbuilder/0.228.6 (pre-approval) has caused the Debian Bug report #857475, regarding unblock: pbuilder/0.228.6 (pre-approval) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 857475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857475 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: unblock: pbuilder/0.228.6 (pre-approval)
- From: Mattia Rizzolo <mattia@debian.org>
- Date: Sat, 11 Mar 2017 21:30:57 +0100
- Message-id: <[🔎] 20170311203053.4bu6ecji76aiu6yu@mapreri.org>
package: release.debian.org user: release.debian.org@packages.debian.org usertags: unblock x-debbugs-cc: pbuilder-maint@lists.alioth.debian.org We pbuilder maintainers would like to fix #841935 for good, so James did some great work and testing to fix it. I also cofirm that all my tests went well. While on it I'd like to slip in some very other minor changes. See the attached debdiff for the details. TIA. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-diffstat for pbuilder-0.228.5 pbuilder-0.228.5+ debian/NEWS | 4 +--- debian/changelog | 23 +++++++++++++++++++++++ debian/control | 1 + pbuilder-checkparams | 2 +- pbuilder-modules | 38 +++++++++++++++++++++++++++++++++++++- pbuilder.8 | 3 ++- pbuilderrc.5 | 38 ++++++++++++++++++++++---------------- 7 files changed, 87 insertions(+), 22 deletions(-) diff -Nru pbuilder-0.228.5/debian/changelog pbuilder-0.228.5+/debian/changelog --- pbuilder-0.228.5/debian/changelog 2017-03-02 17:16:19.000000000 +0100 +++ pbuilder-0.228.5+/debian/changelog 2017-03-10 14:33:53.000000000 +0100 @@ -1,3 +1,26 @@ +pbuilder (0.228.5+) UNRELEASED; urgency=medium + + [ James Clarke ] + * modules: Use a new /dev/pts instance inside the chroot. + This allows for better isolation as the build process is no longer able + to see the host's PTYs, other than the controlling terminal (if there is + one). By using a new instance, we can also control the permissions of + /dev/pts/ptmx, ensuring that the build process is always able to create + new PTYs, even if the host's has the default 000 mode. + Thanks to Simon McVittie <smcv@debian.org> for the thorough investigation. + Closes: #841935 + + [ Mattia Rizzolo ] + * pbuilderrc.5: + + Update the details about the currently available dependency resolvers. + * debian/NEWS: + + Remove changes reverted in successive fixup uploads. + * checkparams: + + Make --extrapackages cumulative. Specifying --extrapackages multiple + times will now add packages to the list. + + -- Mattia Rizzolo <mattia@debian.org> Fri, 10 Mar 2017 14:33:53 +0100 + pbuilder (0.228.5) unstable; urgency=medium [ Thorsten Glaser ] diff -Nru pbuilder-0.228.5/debian/control pbuilder-0.228.5+/debian/control --- pbuilder-0.228.5/debian/control 2017-01-24 00:51:09.000000000 +0100 +++ pbuilder-0.228.5+/debian/control 2017-03-10 14:05:32.000000000 +0100 @@ -25,6 +25,7 @@ Depends: debootstrap | cdebootstrap, dpkg-dev (>= 1.17.0), + util-linux (>= 2.26.2-4) | initscripts (<< 2.88dsf-59.1), wget, ${misc:Depends}, Recommends: diff -Nru pbuilder-0.228.5/debian/NEWS pbuilder-0.228.5+/debian/NEWS --- pbuilder-0.228.5/debian/NEWS 2017-01-18 12:34:59.000000000 +0100 +++ pbuilder-0.228.5+/debian/NEWS 2017-03-10 14:28:34.000000000 +0100 @@ -10,9 +10,7 @@ in pbuilder, such as bind-mounting /dev/shm from the host, to avoid situations like over-mounting. - Pdebuild now uses dpkg-source directly to generate the dsc to pass to - pbuilder rather than dpkg-buildpackage -S, therefore DEBBUILDOPTS no - longer affect this. It will also no longer generate a source changes file + Pdebuild will no longer generate a source changes file if BUILDRESULT is the parent directory, since the dsc will be overwritten when copying back the build results, possibly invalidating the previous changes file; please use pbuilder's new --source-only-changes option. diff -Nru pbuilder-0.228.5/pbuilder.8 pbuilder-0.228.5+/pbuilder.8 --- pbuilder-0.228.5/pbuilder.8 2017-01-15 18:04:50.000000000 +0100 +++ pbuilder-0.228.5+/pbuilder.8 2017-03-10 14:28:36.000000000 +0100 @@ -638,7 +638,8 @@ and .BR "update" . -The packages should be specified as a space-delimited list. +The packages should be specified as a space-delimited list, or by specifying +\-\-extrapcakges multiple times. .TP .BI "\-\-debemail [" "maintainer-name <email-address>" "]" diff -Nru pbuilder-0.228.5/pbuilder-checkparams pbuilder-0.228.5+/pbuilder-checkparams --- pbuilder-0.228.5/pbuilder-checkparams 2017-01-15 18:04:50.000000000 +0100 +++ pbuilder-0.228.5+/pbuilder-checkparams 2017-03-10 14:28:36.000000000 +0100 @@ -170,7 +170,7 @@ shift; shift; ;; --extrapackages) - EXTRAPACKAGES="$2"; + EXTRAPACKAGES="${EXTRAPACKAGES:+$EXTRAPACKAGES }$2"; shift; shift; ;; --hookdir) diff -Nru pbuilder-0.228.5/pbuilder-modules pbuilder-0.228.5+/pbuilder-modules --- pbuilder-0.228.5/pbuilder-modules 2017-02-05 16:38:30.000000000 +0100 +++ pbuilder-0.228.5+/pbuilder-modules 2017-03-10 14:05:32.000000000 +0100 @@ -276,6 +276,12 @@ umount_one "$SELINUX" fi if [ "$DEB_BUILD_ARCH_OS" = "linux" ] && [ "$USEDEVPTS" = "yes" ]; then + if mountpoint -q "$BUILDPLACE/dev/console"; then + umount_one "dev/console" + fi + if mountpoint -q "$BUILDPLACE/dev/ptmx"; then + umount_one "dev/ptmx" + fi umount_one "dev/pts" fi if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ] || [ "$USEDEVFS" = "yes" ]; then @@ -383,8 +389,38 @@ TTYGRP=5 TTYMODE=620 [ -f /etc/default/devpts ] && . /etc/default/devpts - mount -t devpts none "$BUILDPLACE/dev/pts" -onoexec,nosuid,gid=$TTYGRP,mode=$TTYMODE + # Even wheezy has CONFIG_DEVPTS_MULTIPLE_INSTANCES=y, so no need to + # fall back to the old method with just /dev/ptmx. + mount -t devpts devpts "$BUILDPLACE/dev/pts" -o newinstance,noexec,nosuid,gid=$TTYGRP,mode=$TTYMODE,ptmxmode=0666 mounted[${#mounted[@]}]="$BUILDPLACE/dev/pts" + + # If /dev/ptmx is a symlink, it should be /dev/ptmx -> pts/ptmx + # and since ptmxmode is 0666, /dev/pts/ptmx will have mode 0666. + # However, if it is not a symlink, then any PTYs created inside the + # chroot will not be visible. We could delete /dev/ptmx and replace + # it with a symlink, but it's safer just to bind-mount it. + # This is based on the recommendations in + # Documentation/filesystems/devpts.txt + # (linux.git commit 784c4d8b1b1e66f8c45e8b889613f4982f525b2b) + if [ ! -L "$BUILDPLACE/dev/ptmx" ]; then + log.i "redirecting /dev/ptmx to /dev/pts/ptmx" + mount --bind "$BUILDPLACE/dev/pts/ptmx" "$BUILDPLACE/dev/ptmx" + mounted[${#mounted[@]}]="$BUILDPLACE/dev/ptmx" + fi + + # If there is a controlling TTY, it must be available to the chroot. + # The standard practice (at least by lxc and systemd-nspawn) is to + # bind-mount it onto /dev/console. + if CURRENT_TTY="$(tty)"; then + # We need /dev/console to exist to be able to bind-mount onto it. + # Might as well make the proper device node rather than a file. + if [ ! -e "$BUILDPLACE/dev/console" ]; then + log.i "creating /dev/console" + mknod -m 600 "$BUILDPLACE/dev/console" c 5 1 + fi + log.i "mounting $CURRENT_TTY over /dev/console" + mount --bind "$CURRENT_TTY" "$BUILDPLACE/dev/console" + fi fi if [ -n "$SELINUX" ]; then log.i "mounting selinux filesystem" diff -Nru pbuilder-0.228.5/pbuilderrc.5 pbuilder-0.228.5+/pbuilderrc.5 --- pbuilder-0.228.5/pbuilderrc.5 2017-02-05 16:38:30.000000000 +0100 +++ pbuilder-0.228.5+/pbuilderrc.5 2017-03-10 14:28:22.000000000 +0100 @@ -383,25 +383,31 @@ .TP .BI "PBUILDERSATISFYDEPENDSCMD=" "/usr/lib/pbuilder/pbuilder\-satisfydepends" This option is used by various parts of pbuilder to satisfy -(i.e. install) the build-dependencies of a package. There are four -implementations: +(i.e. install) the build-dependencies of a package. +These are the available implementations: -The "experimental" implementation, -"pbuilder\-satisfydepends\-experimental", which might be useful to pull -packages from experimental or from repositories with a low APT Pin -Priority. - -The "aptitude" implementation, which will resolve build-dependencies -and build-conflicts with aptitude which helps dealing with complex -cases but does not support unsigned APT repositories. - -The "gdebi" implementation, which will resolve build-dependencies -using gdebi tool, faster than classic implementation, and does not -require installation of a dummy package like the aptitude +.I pbuilder\-satisfydepends\-apt +the newest implementation, which leverage the ability of apt 1.4 to satisfy +build dependencies and build conflicts from a .dsc; useful since it's pretty +fast and doesn't require the installation of any non-required package in the +chroot, nor of dummy packages. + +.I pbuilder\-satisfydepends\-experimental +might be useful to pull packages from repositories with a low APT Pin Priority +(for example, Debian's experimental or stable-backports). + +.I pbuilder\-satisfydepends\-aptitude +will resolve build-dependencies and build-conflicts with aptitude which helps +dealing with complex cases but does not support unsigned APT repositories. + +.I pbuilder\-satisfydepends\-gdebi +will resolve build-dependencies using gdebi, faster than classic implementation, +and does not require installation of a dummy package like the aptitude implementation. -The "classic" implementation, which was the original implementation -used until 0.172. +.I pbuilder\-satisfydepnds\-classic +the "classic" implementation, which was the original implementation used by +default until v0.172. The default is now "aptitude". .TPAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 857475-done@bugs.debian.org
- Subject: Re: Bug#857475: unblock: pbuilder/0.228.6 (pre-approval)
- From: Mattia Rizzolo <mattia@debian.org>
- Date: Sun, 12 Mar 2017 17:27:59 +0100
- Message-id: <20170312162758.vvl4kx3xgxexvgu5@mapreri.org>
- In-reply-to: <[🔎] 9134bbc1-c653-830a-33f5-3d93fe58ab70@thykier.net>
- References: <[🔎] 20170311203053.4bu6ecji76aiu6yu@mapreri.org> <[🔎] 9134bbc1-c653-830a-33f5-3d93fe58ab70@thykier.net>
On Sun, Mar 12, 2017 at 09:32:00AM +0000, Niels Thykier wrote: > Please go ahead and remove the moreinfo tag once the upload has been > completed (and built if necessary). uploaded, built, unblocked. yay! -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-Attachment: signature.asc
Description: PGP signature
--- End Message ---