1. Forum
  2. Usenet
  3. LINUX.DEBIAN.DEVEL

  • schroot: Stricter rule for chroot names

    From Christoph Biedl@21:1/5 to All on Fri Aug 12 18:00:01 2022
    Hello debian-devel,

    a new version of schroot (1.6.12-2) will hit unstable in a few hours.
    As the only but major change, the rule about allowed characters in a
    chroot (or session) name got a lot stricter to avoid some harm that can
    be done. If you're using names with various punctation or 8bit
    characters, the upgrade will croak in preinst. This hard breaking is the
    lesser evil since these chroots and sessions will be invisible to the
    new schroot binary.

    Consider putting schroot on hold if you need some time to resolve this.


    In the future, names must match the following regular expression:

    ^[a-zA-Z0-9][a-zA-Z0-9_.@%+-]*$

    Or: Letters and digits are always okay, and in all but the first place,
    the characters dot ('.'), dash ('-'), underscore ('_'), at ('@'),
    percent ('%'), or plus sign ('+') are allowed, too.

    Therefore, the usual convention of grouping words with dashes like for
    example "buster-backports-source" will just continue to work.


    Sorry for any inconvenience caused by this - given the circumstances it
    seems any other approach will either require a lot of work to implement
    or might leave some holes open that would require another urgent upload.

    Special thanks to Julian Gilbey <jdg@debian.org> who reported the
    underlying issue and helped discussing a fix.

    Christoph

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmL2d1oACgkQxCxY61kU kv1Yjw/9F7LR5TAlxljKgEQB2Hc6vKf+3SmvnpUzWYkWlH9kORwzYCNkmMPkRF8V vBi26JVUYqGwECQpxT/C4QrekyppLZVHxf8Oq7T22XFOrplkOaevdWQVu4Z9i7VE 1Du8jUcVYisBnTxodGeyWI25YLBkBmbglSm67y0ctt5D7fKpUH0qpHiGzTVoBIPe rwH2e9B2YPNWtsXi1fKOMlO2M03mkLXdM93l/YjPWBxS6gTto4sR+ErUoHISP85q YMGXi0ytNWj2jENHyTAnjl8DUbazS04dDyGSrem/etPrQuegQpAz4LpWkmbkIi4f nFIpSGBMHcdTlYD+AiNcJnvAJRDE3hMioLFUfrlk/LjGU9SWLQGxHdLz/prz00nj sq4prJ5kN3oNIGNnKKI/zq2Howlpl/SEYKh+tsuVTE0Cp2gjmtyjxY3Lz6t4BhOM MCozRnIms1mp2eF2m5O6UsrzKMep5e648Fpb38XSj74780C/TFHphvCJrt2v6wic jY6QtFrr1nwnu+A1pzGewgZGDGXoB1vSic1gqU4iYYgLmWoBWK2X4ZUL0VdYhYpR ZBApCQSrzcH51hz0KvKfILfjZ5RBN+YVsVwvcWn+DtzVUw+RvfpxX/3P3GRHVvoJ WrqDz0iqR+Nuyus6qAZ/BqJW2wLxFSCyHCAUekDyBWELZVLnI6M=
    =rvxf
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Christoph Biedl@21:1/5 to All on Fri Aug 12 19:00:01 2022
    Christoph Biedl wrote...

    In the future, names must match the following regular expression:

    ^[a-zA-Z0-9][a-zA-Z0-9_.@%+-]*$

    Some last-minute inspection revealed [@%+] can *not* be considered safe,
    so they'll have to be disallowed as well, at least for the time being.

    In other words, if

    schroot --list --all | LC_ALL=C grep -vE '^[a-z]+:[a-zA-Z0-9][a-zA-Z0-9_.-]*$'

    lists anything, you'll be in trouble.

    Christoph

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmL2hukACgkQxCxY61kU kv2bhQ//WCkGAr38YkPgDDF4Kbe+qisStlFB6e0TBcMJZezcPtW6m3EjQQICL/9y 7rYRWOS35FLse6iLE8tC210UP4OQ6HU36bFYlEr0r8yMYuUkdPZapL/TRzQQ6szM tEfzo8T/7g/K6P/MM6XN66LaEJhHqQK0VFc8qgA0TJD1qLp88nKrB2/7zJwMUs9H qjfuo3QzawsD6i4Oeu0mbw29Ew0XrZsaWKUeEH/y36gdo47SpEZDZ9lbWTB8jl2U DOtjdFuNvBZdiD1fcYOdSmyHETSGI5VQSLYi6lEG3zE8qFcVszwBfdKEfnKH5b8g 4KveyJHjkiG2p3o5q810vxdGUP/Q/qxgjFBdJPYrkGUR6/ciV3VBGNdZClNHONrn qcdiFoVBxKbL6/CTLHrDCjsoqfHp5i2/WcNvXO7O2GDfM8NMmU99L+GDKKlH1aw9 DDa5cMAOp4PfN5DVuWK+MrDk5Jy24RhkV0RmEP9FP62iWTANYzg93X9b2KQnmemg 5oGqdFQ4uViiOBebpatiDzcM84xbdVVO5Jb5onqhy+0MEDDwoqC67ry+aQ7iOzRY RSFJ4iZfh4pefUEjDvrxG1B0SngyRHOoaNO2Tbxb5MIg65PCN0B4zkv+PvcsPPPq zXrriOk+XK525tiRwZJk3oLgb6mkWfEWM5EkQPK6CrG5aI83ChA=
    =KB0a
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)