[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#837060: debootstrap: Do not install packages of Priority:required for buildd variant

On 2016-09-08 14:07 +0200, Johannes Schauer wrote:

> Package: debootstrap
> Version: 1.0.81
> Severity: normal
> Hi,
> in Debian, every binary package implicitly depends on all binary
> packages marked as Essential:yes and every source package implicitly
> build-depends on the binary package build-essential. Policy §4.2 says:
>  | it must be possible to build the package and produce working binaries
>  | on a system with only essential and build-essential packages installed
>  | and also those required to satisfy the build-time relationships
>  | (including any implied relationships).
> Currently, programs in Debian that facilitate building source packages
> in "clean" environments like sbuild and pbuilder use debootstrap to
> create this "minimal" environment. Specifically, they use the buildd
> variant provided by debootstrap.
> Unfortunately it seems that in addition to installing the minimum
> required packages (all Essential:yes, build-essential and (unfortunately
> necessarily) apt), debootstrap also installs all packages marked as
> Priority:required (and their transitive dependencies).

One could argue that the priority of those required packages which are
not Essential:yes or a (transitive) dependency of an Essential:yes
package should probably be demoted.

> Thus, it can easily happen that source packages in Debian do not
> correctly declare their build dependencies on packages that are
> Priority:required because they happen to always be installed in
> virtually any environment that the source package will probably ever be
> built in (because they were all created by debootstrap).
> I think this is a bug in the package list installed by the buildd
> variant. Since the buildd variant is meant to provide a clean and
> minimal environment to build source packages, it should try hard not to
> install any extra packages which would then make it impossible to test
> whether a source package is policy compliant in the build dependencies
> it declares.

I had a look and tried this naive patch:

--8<---------------cut here---------------start------------->8---
diff --git a/scripts/sid b/scripts/sid
index 7b32ac2..8294748 100644
--- a/scripts/sid
+++ b/scripts/sid
@@ -24,6 +24,7 @@ work_out_debs () {
 		base="$(get_debs Priority: important)"
 	elif doing_variant buildd || doing_variant scratchbox; then
 		base="apt build-essential"
+		required="$(get_debs Essential: yes)"
 	elif doing_variant minbase; then
--8<---------------cut here---------------end--------------->8---

This failed with the following cryptic error message:

| I: Installing core packages...
| W: Failure trying to run: chroot /usr/local/abfall/base-test3 dpkg --force-depends --install
| W: See /usr/local/abfall/base-test3/debootstrap/debootstrap.log for details

The debootstrap.log file contains these lines at the end:

| Unpacking perl-base (5.22.2-5) ...
| Setting up perl-base (5.22.2-5) ...
| dpkg: error: --install needs at least one package archive file argument

Looking at the code in scripts/sid, it is "x_core_install mawk" which
fails here.  The reason is that mawk has not been downloaded,
debootstrap's limited dependency resolver cannot resolve base-files'
pre-dependency on awk.

The good news is that with "--include=mawk" added to the commandline,
debootstrap succeeds and does not include tzdata or lsb-base in the
chroot. :-)

So changing base-files to Pre-depend on mawk | awk seems to be the only
blocker here.  Would you like to file a blocking bug on base-files?


Reply to: