Re: pbuilder ignoring trust violations -- SOLVED (sort of)
On Sat, Jun 12, 2010 at 11:06:28PM -0400, Rob Owens wrote:
> I'm playing around with pbuilder. While building a package, pbuilder
> needed to reference another package that I built and did not sign.
> Pbuilder happily ignored the lack of signature and gave this warning,
> but did not pause so I could read it:
>
>
> Untrusted packages could compromise your system's security.
> You should only proceed with the installation if you are certain that
> this is what you want to do.
>
> debhelper
>
> *** WARNING *** Ignoring these trust violations because
> aptitude::CmdLine::Ignore-Trust-Violations is 'true'!
>
>
> I'd like to change this behavior so that pbuilder at least stops and
> asks me how to proceed. I've been looking through the man pages and
> googling, but I'm not seeing it.
>
>
I've found a couple of bugs referencing this problem, and the pbuilder
devs seem to think this is the way it should be. I disagree, so I
worked around it like this:
In /usr/lib/pbuilder I made a copy of pbuilder-satisfydepends-aptitude,
and called it pbuilder-satisfydepends-aptitude-safe. I edited the
"safe" file and changed
Ignore-Trust-Violations=true
to
Ignore-Trust-Violations=false
Then in my ~/.pbuilderrc I added the line
PBUILDERSATISFYDEPENDSCMD="/usr/lib/pbuilder/pbuilder-satisfydepends-aptitude-safe"
Now pbuilder exits when it encounters an unsigned deb. As far as I can
tell, that is. I'm still in the process of testing it but so far it
seems to work.
If anyone knows of a better way, please post it.
-Rob
Reply to: