Bug#837060: debootstrap: Do not install packages of Priority:required for buildd variant
On 2016-09-08 14:07 +0200, Johannes Schauer wrote:
> Package: debootstrap
> Version: 1.0.81
> Severity: normal
>
> Hi,
>
> in Debian, every binary package implicitly depends on all binary
> packages marked as Essential:yes and every source package implicitly
> build-depends on the binary package build-essential. Policy §4.2 says:
>
> | it must be possible to build the package and produce working binaries
> | on a system with only essential and build-essential packages installed
> | and also those required to satisfy the build-time relationships
> | (including any implied relationships).
>
> Currently, programs in Debian that facilitate building source packages
> in "clean" environments like sbuild and pbuilder use debootstrap to
> create this "minimal" environment. Specifically, they use the buildd
> variant provided by debootstrap.
>
> Unfortunately it seems that in addition to installing the minimum
> required packages (all Essential:yes, build-essential and (unfortunately
> necessarily) apt), debootstrap also installs all packages marked as
> Priority:required (and their transitive dependencies).
One could argue that the priority of those required packages which are
not Essential:yes or a (transitive) dependency of an Essential:yes
package should probably be demoted.
> Thus, it can easily happen that source packages in Debian do not
> correctly declare their build dependencies on packages that are
> Priority:required because they happen to always be installed in
> virtually any environment that the source package will probably ever be
> built in (because they were all created by debootstrap).
>
> I think this is a bug in the package list installed by the buildd
> variant. Since the buildd variant is meant to provide a clean and
> minimal environment to build source packages, it should try hard not to
> install any extra packages which would then make it impossible to test
> whether a source package is policy compliant in the build dependencies
> it declares.
I had a look and tried this naive patch:
--8<---------------cut here---------------start------------->8---
diff --git a/scripts/sid b/scripts/sid
index 7b32ac2..8294748 100644
--- a/scripts/sid
+++ b/scripts/sid
@@ -24,6 +24,7 @@ work_out_debs () {
base="$(get_debs Priority: important)"
elif doing_variant buildd || doing_variant scratchbox; then
base="apt build-essential"
+ required="$(get_debs Essential: yes)"
elif doing_variant minbase; then
base="apt"
fi
--8<---------------cut here---------------end--------------->8---
This failed with the following cryptic error message:
,----
| I: Installing core packages...
| W: Failure trying to run: chroot /usr/local/abfall/base-test3 dpkg --force-depends --install
| W: See /usr/local/abfall/base-test3/debootstrap/debootstrap.log for details
`----
The debootstrap.log file contains these lines at the end:
,----
| Unpacking perl-base (5.22.2-5) ...
| Setting up perl-base (5.22.2-5) ...
| dpkg: error: --install needs at least one package archive file argument
`----
Looking at the code in scripts/sid, it is "x_core_install mawk" which
fails here. The reason is that mawk has not been downloaded,
debootstrap's limited dependency resolver cannot resolve base-files'
pre-dependency on awk.
The good news is that with "--include=mawk" added to the commandline,
debootstrap succeeds and does not include tzdata or lsb-base in the
chroot. :-)
So changing base-files to Pre-depend on mawk | awk seems to be the only
blocker here. Would you like to file a blocking bug on base-files?
Cheers,
Sven
Reply to: