Hi, Quoting Roger Leigh (2015-10-08 09:54:25) > > The bug could nevertheless be in sbuild though because sbuild is the package > > with the postinst maintainer script that changes the ownership. I now have > > to > > figure out whether this chown call is actually useful or not. In the former > > case, the wiki page would have to be adapted to not recommend this location. > > The file needs to be owned by root for security reasons: if it was owned > by another user, it could be altered and then when unpacked and used > these files are then used with full root privileges.
Thank you, that does make sense. > Regarding /var/lib/sbuild: this is owned by sbuild and used for > maintaining its own state. That's why we do the chown--if we don't then > sbuild can't modify its own data. Bottom line: the chroot tarfiles do > not belong under this location--they are not sbuild's concern; put them > somewhere else. E.g. I use /srv/chroot/xxx. That also makes sense. As a result I edited https://wiki.debian.org/sbuild to not use /var/lib/sbuild as the recommended chroot location anymore. Instead I used /srv/chroot/ until somebody comes up with a better location. Thanks! cheers, josch
signature.asc
Description: signature
