Re: Using root privileges to build a package

To: debian-mentors@lists.debian.org
Subject: Re: Using root privileges to build a package
From: Andrey Rahmatullin <wrar@debian.org>
Date: Tue, 14 Jan 2020 16:53:17 +0500
Message-id: <[🔎] 20200114115317.GG3741@belkar.wrar.name>
In-reply-to: <[🔎] bb5c4b47-cd26-443d-ffb4-f57b843a48cb@alaxarxa.net>
References: <[🔎] c911e213-5672-dfec-2160-e9de6999f413@alaxarxa.net> <[🔎] 20200114085556.GE3741@belkar.wrar.name> <[🔎] a4c92860-8278-5b77-4e09-1748540c8487@alaxarxa.net> <[🔎] 20200114095459.GF3741@belkar.wrar.name> <[🔎] bb5c4b47-cd26-443d-ffb4-f57b843a48cb@alaxarxa.net>

On Tue, Jan 14, 2020 at 12:14:50PM +0100, Leopold Palomo-Avellaneda wrote:
> > Sorry, are you saying you think it's fine for a package build process to
> > modify the build host system?
> 
> just to install some files and yes, I understand that it shouldn't.
"just to install some files to /usr" is a serious modification.

> >> But, it's difficult to me understand why I should make a complicate process
> >> decoupling a package, patched and so on if just with one make install should be
> >> enough.
> > Because the package build process must not modify the build host system.
>
> yes, I agree.
Then I don't know why do you still insist on doing just that.

> but, in  rootless-builds.txt specify that:
> 
>  When "Rules-Requires-Root" is set to <implementations-keywords>, the
> builder (i.e. whatever is executing debian/rules) will expose an interface that
> is used to run a command under (fake)root via the "Gain Root API".
> 
> and in the section "Implementation provided keywords"
> 
> debhelper/upstream-make-install: The dh_auto_install command will run the
> "install" target from the upstream's Makefile under (fake)root (for the
> "makefile" build system or one derived from it).
This is correct.
This in no way implies installing to /usr though.

> that's what I want: run dh_auto_install target from the upstream's Makefile
> under root.
You can do this as long as you are still installing into debian/tmp and
not to /usr.

> and in "Common cases"
> 
> Upstream installation insists on "sudo make install"-like behaviour.    => Use
> dpkg/target-subcommand or debhelper/upstream-make-install.
This is about chmod, chown etc. It still implies installing into
debian/tmp.

> I'm working on a pbuilder, so I create it, build a package an destroy it, no
> problem if the env is modified. 
I assumed you are creating a package for Debian, not for local use.
Packages for Debian must follow the guidelines, whether they are built
inside a disposable chroot or not. If you are making a package for local
use please always mention that on deban-mentors resources.

-- 
WBR, wRAR

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Using root privileges to build a package
  - From: Leopold Palomo-Avellaneda <leo@alaxarxa.net>

References:
- Using root privileges to build a package
  - From: Leopold Palomo-Avellaneda <leo@alaxarxa.net>
- Re: Using root privileges to build a package
  - From: Andrey Rahmatullin <wrar@debian.org>
- Re: Using root privileges to build a package
  - From: Leopold Palomo-Avellaneda <leo@alaxarxa.net>
- Re: Using root privileges to build a package
  - From: Andrey Rahmatullin <wrar@debian.org>
- Re: Using root privileges to build a package
  - From: Leopold Palomo-Avellaneda <leo@alaxarxa.net>

Prev by Date: Re: Using root privileges to build a package
Next by Date: Re: Using root privileges to build a package
Previous by thread: Re: Using root privileges to build a package
Next by thread: Re: Using root privileges to build a package
Index(es):
- Date
- Thread