Re: Verifying dep-5

To: debian-devel@lists.debian.org
Subject: Re: Verifying dep-5
From: Johannes Schauer <josch@debian.org>
Date: Mon, 30 May 2016 08:03:45 +0200
Message-id: <[🔎] 20160530060345.22012.8755@localhost>
Mail-followup-to: debian-devel@lists.debian.org,
In-reply-to: <[🔎] 87pos4r5dd.fsf@kosh.rath.org>
References: <[🔎] 20160527231900.2B0A015B2C@shark2.inbox.lv> <[🔎] CAKTje6GaZikhQ72Ty4i7PPW-2OhZvdHEjU=peCdE6dmPDudRZQ@mail.gmail.com> <[🔎] 20160528080431.22012.16346@localhost> <[🔎] 87pos4r5dd.fsf@kosh.rath.org>

Hi,

Quoting Nikolaus Rath (2016-05-29 22:11:58)
> Did you write down your findings in some more detail somewhere?

no, sorry.

> I'd be curious why e.g. a LD_PRELOAD based wrapper would not work for all
> important cases.

For me "all important cases" were "compilation of all debian source packages".
LD_PRELOAD based methods would not work for for source packages which make use
of this mechanism already (for example during their tests). A prominent example
would be src:fakechroot itself.

> Or are we assuming that the application is actively trying to prevent this
> (and e.g. does system calls directly on its own)?

We are assuming that applications do things that they normally do during
package builds. Unfortunately that includes test cases which sometimes do
really weird things.

Using fakechroot or proot it would definitely be possible to set up such a
package building tracer that would work for 99% of the archive.

By building first without tracer, then with proot (on Linux) and then with
fakechroot (should the build fail with proot) and by then using reproducible
builds we can even make sure that the tracer did not influence the build in any
way that produces different binary packages. If test suits cannot be executed
because of the tracer, they will probably fail.

I did not follow-up on this 99% solution because I'm usually much less
motivated if the solution is not 100% proper. And there were some tricky things
to solve like what file format to make up to be able to store build logs and
operation on files while at the same time maintaining the process tree that
lead to writing to the build log or general file descriptor operations. And
since this information becomes a lot really quickly (a yaml based
representation I tested with easily reached several hundred of megabytes) it
would be great if the information could be written to the output file directly
instead of being stored in memory, but this then has to work even with parallel
builds.  There is still a sticky note about all these things on my fridge but
oh if I just would have more time... XD

Thanks!

cheers, josch

Attachment: signature.asc
Description: signature

Reply to:

References:
- Verifying dep-5
  - From: Dmitry Bogatov <KAction@gnu.org>
- Re: Verifying dep-5
  - From: Paul Wise <pabs@debian.org>
- Re: Verifying dep-5
  - From: Johannes Schauer <josch@debian.org>
- Re: Verifying dep-5
  - From: Nikolaus Rath <Nikolaus@rath.org>

Prev by Date: Re: Re: Spice/QXL maintainer AWOL, can someone update?
Next by Date: Re: package versions with snapshots/branch updates (was: Re: Accepted gcc-5 5.3.1-21 (source) into unstable)
Previous by thread: Re: Verifying dep-5
Next by thread: Re: Verifying dep-5
Index(es):
- Date
- Thread