Bug#807168: debian-installer-netboot-images: required resources not declared as build-dependencies (fetches via network)

To: 807168@bugs.debian.org
Subject: Bug#807168: debian-installer-netboot-images: required resources not declared as build-dependencies (fetches via network)
From: Daniel Reurich <daniel@centurion.net.nz>
Date: Tue, 02 Feb 2016 22:25:07 +1300
Message-id: <[🔎] 56B075F3.1090908@centurion.net.nz>
Reply-to: Daniel Reurich <daniel@centurion.net.nz>, 807168@bugs.debian.org
In-reply-to: <144940516881.29234.11420930984740888064.reportbug@auryn.jones.dk>
References: <144940516881.29234.11420930984740888064.reportbug@auryn.jones.dk> <144940516881.29234.11420930984740888064.reportbug@auryn.jones.dk>

On Sun, 06 Dec 2015 18:02:48 +0530 Jonas Smedegaard <dr@jones.dk> wrote:
> Source: debian-installer-netboot-images
> Version: 20150422+deb8u2
> Severity: serious
> Justification: Policy 4.2
> 
> debian-installer-netboot-images source package is less than 6k in size.
> Clearly the main part of the resulting binary packages come from
> fetching resources over the network (apparently using wget).

Correct.  And there are good reason for this.  One should be able to
build the package for another release without using that release for the
build environment.  The build process requires downloading but not
installing udebs for use in the installer, as well as debs which are
used to provide parts like glibc, kernel etc and they are not installed
but the required components extracted and mostly having the symbols
stripped (to reduce the resulting binary size) and all these parts are
assembled into the installer image.
> 
> Debian Policy includes the following in Â§4.2:
> 
>> If build-time dependencies are specified, it must be possible to build
>> the package and produce working binaries on a system with only
>> essential and build-essential packages installed and also those
>> required to satisfy the build-time relationships (including any
>> implied relationships).

The binary package itself is build-able in this case, but not the
installer-images for obvious reasons.  That the source package builds
the installer images in this way is likely a convenience to allow taking
advantage of the automated build systems rather then having to build and
maintain a separate system for that purpose.
> 
> I can only interpret above as disallowing fetching resources over the
> network using wget.

Perhaps Debian Policy Â§4.2 should be amended to either carve out an
exception for debian installer and similar packages or a more generic
exception such that it only applies to the binary debs and not other
build artifacts.

Either that or Debian will have to implement a different solution for
building the installer images.  YMMV

Regards,
	Daniel

-- 
Daniel Reurich
Centurion Computer Technology (2005) Ltd.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#807168: debian-installer-netboot-images: required resources not declared as build-dependencies (fetches via network)
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Bug#807312: src:debian-installer: please provide binary package for use by debian-installer-netboot-images
Next by Date: Bug#813378: Debian 8.3 doesn't start after a "no pb" netinstall on a USB key.
Previous by thread: Bug#807312: src:debian-installer: please provide binary package for use by debian-installer-netboot-images
Next by thread: Bug#807168: debian-installer-netboot-images: required resources not declared as build-dependencies (fetches via network)
Index(es):
- Date
- Thread