<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 27 April 2015 at 18:26, Patrick Schleizer <span dir="ltr"><<a href="mailto:adrelanos@riseup.net" target="_blank">adrelanos@riseup.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br>
<br>
From<br>
qubes-linux-template-builder/scripts_debian/vars.sh<br>
<a href="https://github.com/QubesOS/qubes-builder-debian/blob/33109b3ed425fc5c590b5e551ed4739373076609/template_qubuntu/vars.sh#L25" target="_blank">https://github.com/QubesOS/qubes-builder-debian/blob/33109b3ed425fc5c590b5e551ed4739373076609/template_qubuntu/vars.sh#L25</a><br>
<br>
APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes"<br>
<br>
Could be a security issue. The combination of --force-yes and --yes is<br>
insecure. Could lead to installation of unsigned packages.<br>
<br>
Concluded that by reading the source and by remembering a bug report<br>
against a similar Debian image build script where I did some testing.<br>
<br>
- <a href="https://github.com/grml/grml-debootstrap/issues/62" target="_blank">https://github.com/grml/grml-debootstrap/issues/62</a><br>
-<br>
<a href="https://www.whonix.org/wiki/Dev/apt-get#apt-get_Install_Signed_vs_Unsigned_Packages" target="_blank">https://www.whonix.org/wiki/Dev/apt-get#apt-get_Install_Signed_vs_Unsigned_Packages</a><br>
<br>
I didn't actually test here but I find this quite possible. Highly<br>
recommend to drop the --force-yes.<br></blockquote><div><br></div><div>Good catch. I will investigate it further. The purpose is the `--force-yes` is to all the over riding package configuration when initially building the template. Will see what happens without the force option. <br></div></div></div></div>