kernel 2.5.73+, fakeroot, debuild - a small problem

To: debian-devel@lists.debian.org
Subject: kernel 2.5.73+, fakeroot, debuild - a small problem
From: Marek Habersack <grendel@debian.org>
Date: Wed, 25 Jun 2003 00:34:29 +0200
Message-id: <[🔎] 20030624223429.GE1771@thanes.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: grendel@debian.org

Hey list,

  Running debuild as normal user under the 2.5.73+ kernel results in fakeroot
actually setting the file ownership to root (or any other uid/gid for that
matter). The result is that the parts which don't run under fakeroot - 
e.g. debian/rules won't be able to write to the debian/packagename/ subdirs sometimes. 
It happens only when the filesystem on which the build is taking place is XFS. 
This is due to the restrict_chown sysctl which was present in XFS before but never 
actually implemented. Starting with 2.5.73 XFS does use the setting which works in
the way that allows the owner of the directory to give away its
subdirectories/files to other users. If restrict_chown is enabled then the
old behavior is back, however it defaults to disabled.
  The problem will affect any situation which involves using fakeroot or
other similar packages. I see several solutions to that problem, but none of
them seem perfect:

  1. Warn the users about the above issue and have them always use fakeroot
     explicitly in situations like building a deb. This is the worst
     solution, I think, as it would require all of the debian source
     packages to be modified.

  2. Modify fakeroot to check the kernel version, the type of fs on which it
     is currently working and have it issue a sysctl to enable
     restricted_chown. It looks better than #1 but it might incurr
     performance penalty. OTOH, this solution would be the most painless for
     the users and the most seamless.

  3. Modify debuild or even dpkg-buildpackage to do what fakeroot would do
     in #2. It would be a partial solution since it would affect only the
     deb build process.

  4. Add code to /etc/init.d/ (mountfs.sh or mountall.sh) to perform the
     checks from #2 and enable the restricted chown. This would be the most
     global solution effectively setting a policy for Debian systems. It
     would have the additional effect of maintaining consistency with the
     old behavior and other filesystems.

  5. Influence the XFS/kernel maintainers to change the default value of
     restrict_chown to enabled.

  Comments?

marek

Attachment: pgp9jlY8QF09A.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: kernel 2.5.73+, fakeroot, debuild - a small problem
  - From: Colin Walters <walters@verbum.org>
- Re: kernel 2.5.73+, fakeroot, debuild - a small problem
  - From: ucko@debian.org (Aaron M. Ucko)
- Re: kernel 2.5.73+, fakeroot, debuild - a small problem
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: kernel 2.5.73+, fakeroot, debuild - a small problem
  - From: Herbert Xu <herbert@gondor.apana.org.au>
- Re: kernel 2.5.73+, fakeroot, debuild - a small problem
  - From: Cédric Delfosse <cdelfosse@free.fr>

Prev by Date: Re: Packages: an average 66321 bytes per line of description
Next by Date: Re: Bug#198665: ITP: pmk -- The pmk project aims to be an alternative to GNU/autoconf (configure scripts).
Previous by thread: New list (was Re: Old bugs related to translated debconf templates)
Next by thread: Re: kernel 2.5.73+, fakeroot, debuild - a small problem
Index(es):
- Date
- Thread