[Reproducible-builds] [buildd-tools-devel] Bug#825991: sbuild: /etc/sbuild/sbuild.conf leaks the user home path
Johannes Schauer
josch at debian.org
Wed Jun 1 09:08:27 UTC 2016
Hi
Quoting Aurelien Jarno (2016-06-01 09:53:37)
> The default sbuild.conf shipped with the sbuild package is generated
> using the "sbuild-dumpconfig sbuild config" command. This causes the
> stats_dir entry to contain the home path of the user who has build the
> package:
>
> | # STATS_DIR
> | # Type: STRING
> | # Directory for writing build statistics to
> | # See also related command line options in sbuild(1):
> | # --stats-dir
> | #$stats_dir = '/home/aurel32/stats';
>
> Fortunately as sbuild is usually built on the build daemons,
> /home/buildd/stats is used, which makes more sense.
Indeed, looking at the code, the default is set to $HOME/stats so your
observation makes sense.
Though I am surprised that the reproducible builds machinery didn't catch this
at all. It seems that sbuild is still marked as reproducible:
https://tests.reproducible-builds.org/rb-pkg/unstable/amd64/sbuild.html
Is there something wrong with how $HOME is set in the reproducible builds
pbuilder?
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20160601/3f3f8986/attachment.sig>
More information about the Reproducible-builds
mailing list