<div dir="ltr"><br><br>On Monday, 27 April 2015 18:34:12 UTC-4, Jason M wrote:<blockquote class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><div dir="ltr"><div><div class="gmail_quote">On 27 April 2015 at 18:26, Patrick Schleizer<span dir="ltr"></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi!<br>
<br>
From<br>
qubes-linux-template-builder/<wbr>scripts_debian/vars.sh<br>
<a href="https://github.com/QubesOS/qubes-builder-debian/blob/33109b3ed425fc5c590b5e551ed4739373076609/template_qubuntu/vars.sh#L25" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FQubesOS%2Fqubes-builder-debian%2Fblob%2F33109b3ed425fc5c590b5e551ed4739373076609%2Ftemplate_qubuntu%2Fvars.sh%23L25\46sa\75D\46sntz\0751\46usg\75AFQjCNHbOB_H_jWFkEKo8IaZ4Nnpc8oMWQ';return true;" onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FQubesOS%2Fqubes-builder-debian%2Fblob%2F33109b3ed425fc5c590b5e551ed4739373076609%2Ftemplate_qubuntu%2Fvars.sh%23L25\46sa\75D\46sntz\0751\46usg\75AFQjCNHbOB_H_jWFkEKo8IaZ4Nnpc8oMWQ';return true;">https://github.com/QubesOS/<wbr>qubes-builder-debian/blob/<wbr>33109b3ed425fc5c590b5e551ed473<wbr>9373076609/template_qubuntu/<wbr>vars.sh#L25</a><br>
<br>
APT_GET_OPTIONS="-o Dpkg::Options::="--force-<wbr>confnew" --force-yes --yes"<br>
<br>
Could be a security issue. The combination of --force-yes and --yes is<br>
insecure. Could lead to installation of unsigned packages.<br>
<br>
Concluded that by reading the source and by remembering a bug report<br>
against a similar Debian image build script where I did some testing.<br>
<br>
- <a href="https://github.com/grml/grml-debootstrap/issues/62" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2Fgrml%2Fgrml-debootstrap%2Fissues%2F62\46sa\75D\46sntz\0751\46usg\75AFQjCNHU1HQ_4ckTILW739IXdfu2aft04g';return true;" onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2Fgrml%2Fgrml-debootstrap%2Fissues%2F62\46sa\75D\46sntz\0751\46usg\75AFQjCNHU1HQ_4ckTILW739IXdfu2aft04g';return true;">https://github.com/grml/grml-<wbr>debootstrap/issues/62</a><br>
-<br>
<a href="https://www.whonix.org/wiki/Dev/apt-get#apt-get_Install_Signed_vs_Unsigned_Packages" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Fwww.whonix.org%2Fwiki%2FDev%2Fapt-get%23apt-get_Install_Signed_vs_Unsigned_Packages\46sa\75D\46sntz\0751\46usg\75AFQjCNFilFFotipnSbQBrXFmI-HCveKfSw';return true;" onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Fwww.whonix.org%2Fwiki%2FDev%2Fapt-get%23apt-get_Install_Signed_vs_Unsigned_Packages\46sa\75D\46sntz\0751\46usg\75AFQjCNFilFFotipnSbQBrXFmI-HCveKfSw';return true;">https://www.whonix.org/wiki/<wbr>Dev/apt-get#apt-get_Install_<wbr>Signed_vs_Unsigned_Packages</a><br>
<br>
I didn't actually test here but I find this quite possible. Highly<br>
recommend to drop the --force-yes.<br></blockquote><div><br></div><div>Good catch. I will investigate it further. The purpose is the `--force-yes` is to all the over riding package configuration when initially building the template. Will see what happens without the force option.</div></div></div></div></blockquote><div><br>I removed the --force-yes option and everything seems to build fine still. I will submit a PR most likely tonight after some more testing has been completed. <br></div><div> </div></div>