32bit arch packages are built with wrong ownership due to fakeroot bug
Hi,
I wanted to bring fakeroot bugs #1023286 and #1030638 to the attention of a
wider audience because even though I filed these bugs, I do not see myself
finding the time to track down and correct their consequence for all the source
package builds that happened since their introduction with the upload of glibc
2.34.
Essentially, fakeroot uses LD_PRELOAD to "fake" being able to change file
ownership as if the process were run as the root user. If a new version of
glibc gets uploaded that uses different functions to do the same thing, this
mechanism breaks down and fakeroot needs to be adjusted to support these new
functions as well. Most of the breakage (except for mipsel) was done as part of
#1023286 but I discovered another problem and reported as #1030638 and there is
no fix for it yet.
The problem affects 32 bit architectures as glibc chooses different functions
to perform stat() functionality on those architectures, so the problem effects
armel, armhf, i386 and mipsel. Those architectures also not among the most used
once which explains why not much fuzz was created about this yet (at least not
as far as I've heard).
By now the fakeroot package carries tests that check for these problems and you
can see how fakeroot FTBFS on the architectures affected by this problem:
https://buildd.debian.org/status/package.php?p=fakeroot
For the affected architectures, package builds that change ownership of the
files shipped in *.deb packages will remain at root:root instead of being set
to the user and group that should own them. I found two examples for this
problem: mutt and bsdutils
$ dpkg-deb --fsys-tarfile mutt_2.2.9-1_amd64.deb | tar --numeric-owner-tv | grep -v 0/0
-rwxr-sr-x 0/8 14584 2022-11-13 18:01 ./usr/bin/mutt_dotlock
$ dpkg-deb --fsys-tarfile mutt_2.2.9-1_i386.deb | tar --numeric-owner -tv | grep /usr/bin/mutt_dotlock
-rwxr-sr-x 0/0 13804 2022-11-13 18:01 ./usr/bin/mutt_dotlock
$ dpkg-deb --fsys-tarfile bsdutils_1%3a2.38.1-4_amd64.deb | tar --numeric-owner -tv | grep -v 0/0
-rwxr-sr-x 0/5 39224 2022-11-25 16:19 ./usr/bin/wall
$ dpkg-deb --fsys-tarfile bsdutils_1%3a2.38.1-4_i386.deb| tar --numeric-owner -tv | grep /usr/bin/wall
-rwxr-sr-x 0/0 38436 2022-11-25 16:19 ./usr/bin/wall
/usr/bin/mutt_dotlock should be owned by group "mail" and /usr/bin/wall by
group "tty" but this is only the case for the amd64 version of those two
packages. On i386, they are owned by the root group.
So fakeroot should get fixed and the affected source packages should be
rebuilt. I lack the time to organize either, so here I am writing you this
mail.
Maybe somebody else finds this interesting enough to invest their time into
this. :)
Thanks!
cheers, josch
Reply to: