Debian Bug report logs - #846776
multistrap: secure apt should not be disabled when fakeroot is used

version graph

Package: multistrap; Maintainer for multistrap is Johannes Schauer <josch@debian.org>; Source for multistrap is src:multistrap (PTS, buildd, popcon).

Reported by: Johannes Schauer <josch@debian.org>

Date: Sat, 3 Dec 2016 09:18:01 UTC

Severity: normal

Found in version multistrap/2.2.1

Fixed in version multistrap/2.2.4

Done: Johannes Schauer <josch@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, josch@debian.org, Neil Williams <codehelp@debian.org>:
Bug#846776; Package multistrap. (Sat, 03 Dec 2016 09:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Johannes Schauer <josch@debian.org>:
New Bug report received and forwarded. Copy sent to josch@debian.org, Neil Williams <codehelp@debian.org>. (Sat, 03 Dec 2016 09:18:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: multistrap: secure apt should not be disabled when fakeroot is used
Date: Sat, 03 Dec 2016 10:14:21 +0100
Package: multistrap
Version: 2.2.1
Severity: normal

Currently, when multistrap is run inside fakeroot, apt is run with
Apt::Get::AllowUnauthenticated=true. This is because retrieving the keys
is done by "sudo apt-get install debian-archive-keyring". This could
easily be replaced by a root-less "apt-get download
debian-archive-keyring" and would at the same time then also avoid
having to install packages on the host system.

Reply sent to Johannes Schauer <josch@debian.org>:
You have taken responsibility. (Sun, 04 Dec 2016 01:09:05 GMT) (full text, mbox, link).

Notification sent to Johannes Schauer <josch@debian.org>:
Bug acknowledged by developer. (Sun, 04 Dec 2016 01:09:05 GMT) (full text, mbox, link).

Message #10 received at 846776-close@bugs.debian.org (full text, mbox, reply):

From: Johannes Schauer <josch@debian.org>
To: 846776-close@bugs.debian.org
Subject: Bug#846776: fixed in multistrap 2.2.4
Date: Sun, 04 Dec 2016 01:04:40 +0000
Source: multistrap
Source-Version: 2.2.4

We believe that the bug you reported is fixed in the latest version of
multistrap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 846776@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Johannes Schauer <josch@debian.org> (supplier of updated multistrap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 04 Dec 2016 01:37:28 +0100
Source: multistrap
Binary: multistrap
Architecture: source
Version: 2.2.4
Distribution: unstable
Urgency: medium
Maintainer: Johannes Schauer <josch@debian.org>
Changed-By: Johannes Schauer <josch@debian.org>
Description:
 multistrap - multiple repository bootstrap based on apt
Closes: 787438 846776
Changes:
 multistrap (2.2.4) unstable; urgency=medium
 .
   * handle keyring download differently:
       - do not (re)install keyring package on the host system (closes: #787438 )
       - do not disable SecureApt when using fakeroot (closes: #846776)
Checksums-Sha1:
 54dbc00c1f2c9361fb58e376a8ee39def0ab1cf5 1698 multistrap_2.2.4.dsc
 e62531feb931101d82dd83a18b5027902f39668c 123684 multistrap_2.2.4.tar.xz
Checksums-Sha256:
 a24ffceab0ba7db060a73974908eacf38fbf184b24d362906990f6c6e9be0364 1698 multistrap_2.2.4.dsc
 99a6e337ad0d992359d6fe202403ebf965f5af0c50e3d009c757a17412fc314e 123684 multistrap_2.2.4.tar.xz
Files:
 1a348f7b1e879e9539956b1c834f0fcd 1698 utils optional multistrap_2.2.4.dsc
 0de768cf389cdc6028eed937b1fa3cf6 123684 utils optional multistrap_2.2.4.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIuBAEBCAAYBQJYQ2XmERxqb3NjaEBkZWJpYW4ub3JnAAoJEPLLpcePvYPhKoMP
/0OVQrwPvbXoes6Hvq9tyv0nJ49aanzFnb1js3gEUDhxx9/S1WjatAY1VVOQoUtY
fCF8IG8XwZ0hBSwNxZDncOGAQW8JiE0cf/SO/4fRFzjnQvzEIah+VjmV4yVxBjZs
QQfixtDXONH85E4Sb0NpCPWu8XbYZ/Xjgo/VtNELSB4Q5O+Iud0M4zi+1x4ihCNe
FoHDmBWYjoqHDnllILrWSMX/Uj+GA8QgRn7W6EyO2W4X3NQ3mTiz9QygAgam9VBc
axI/YGB+GJQmAVvHjl74ZyXBtHhrqswJN4oIxsU6hCJgebRq6axAPCuXE6z9zcGF
46qrpu1/2D+e4qEHSjbxGXnCs06IgvEu132re45F+tiyqzqpWZyxnvPV6iHweGM7
uC1tcotb51Cgojr+tmlWS/Ukftj3VMtqgBLtJKHjP5bzIC+o1uJ4SMBK5CHNB4XX
wmjwrT4q8X9J5M07YlXYrVXK8jyB0MjglnzD9jn/zwkrtUWzxOBZdZWbbSzVGCaY
v30zV48H2tOieEJjjHgrwIxv0IwawnGKvff9qKEdc5itc0d9WSSoo64iBMJ9GJl8
1XPBQUlR7lzXjC74awSmU5jpxc0SG5fPVUMzdsAoT6ajZ2E2O1ZT80aeqWDWAPfg
34TxLnDS/rO/TSA9nwg296sBD9EKhV8EC8MbEKazAFFb
=514f
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 27 Jan 2017 11:08:11 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jan 10 10:54:39 2018; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.