[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-get source symlinks if repository is local ('file:/)?

Hi,

On Tue, Aug 11, 2015 at 06:14:03PM -0700, Thomas Nyberg wrote:
> So the two lines I need for what I want are actually the following:
> 
> 	deb copy:/repos/apt/ubuntu trusty main
> 	deb-src copy:/repos/apt/ubuntu trusty main

Indeed, copy:/ is the "solution" here – I wonder through if it isn't
a bug in dpkg(-source) to follow the symlink to the orig-tarball and
place the debian-tarball alongside it instead of placing the
debian-tarball alongside the symlink to the orig-tarball.
(Or did I misunderstand you?)

CC'ing dpkg maintainers to get their input on it.

Full-forward your first mail to debian-dpkg@ for context:

----- Forwarded message from Thomas Nyberg <tomnyberg@gmail.com> -----

Date: Tue, 11 Aug 2015 17:30:29 -0700
From: Thomas Nyberg <tomnyberg@gmail.com>
To: deity@lists.debian.org
Subject: apt-get source symlinks if repository is local ('file:/)?
Message-ID: <55CA93A5.3030001@gmail.com>

Hello,

I've been trying to set up a repository for some home-built packages and ran
into something a little odd. I used reprepro to set up the respository and I
added a single .deb and .dsc package. Next I noted something odd when I tried
to use apt-get source depending upon whether I expose the repo using http or
simply as a file. I.e. using either one of the following setups in my
sources.list:

	deb file:/repos/apt/ubuntu trusty main
	deb-src file:/repos/apt/ubuntu trusty main

	deb http://0.0.0.0:8000/repos/apt/ubuntu trusty main
	deb-src http://0.0.0.0:8000/repos/apt/ubuntu trusty main


(In the second case I'm exposing the repository using `python -m
SimpleHTTPServer` though I doubt that's important.)

Next is where it gets a bit weird...I run `apt-get --allow-unauthenticated
source package_name` I get a different result depending upon which of the
previous setups I use. In the first setup, I get the following 4 files (I run
ls -l):

-----------------------
drwxr-xr-x 5 xxx xxx 4096 Aug 11 17:16 package-0.1
lrwxrwxrwx 1 xxx xxx   81 Aug 11 17:16 package_0.1-1.debian.tar.gz ->
/repos/apt/ubuntu/pool/main/m/package/package_0.1-1.debian.tar.gz
lrwxrwxrwx 1 xxx xxx   71 Aug 11 17:16 package_0.1-1.dsc ->
/repos/apt/ubuntu/pool/main/p/package/package_0.1-1.dsc
lrwxrwxrwx 1 xxx xxx   77 Aug 11 17:16 package_0.1.orig.tar.gz ->
/repos/apt/ubuntu/pool/main/p/package/package_0.1.orig.tar.gz
-----------------------

In the second setup I get the following

-----------------------
drwxr-xr-x 5 xxx xxx 4096 Aug 11 17:21 package-0.1
-rw-r--r-- 1 xxx xxx  878 Aug 11 16:50 package_0.1-1.debian.tar.gz
-rw-r--r-- 1 xxx xxx  842 Aug 11 16:50 package_0.1-1.dsc
-rw-r--r-- 1 xxx xxx 3246 Aug 11 16:50 package_0.1.orig.tar.gz
-----------------------

I.e. in the case of using file:/, I get symlinks and in the case of using
http://, I get copies of the files. It's not suprising that I would copies in
the second case (what does an http-symlink mean?), but even in the first case
it's weird. The only reason I noticed, is that the repository itself (i.e. the
/repo fs hierarchy) is owned by another user and so when I tried to run
`debuild -uc -us` in the package-0.1/ it failed with this error:

-----------------------
 dpkg-buildpackage -rfakeroot -D -us -uc
dpkg-buildpackage: source package package
dpkg-buildpackage: source version 0.1-1
dpkg-buildpackage: source distribution unstable
dpkg-buildpackage: source changed by Thomas Nyberg <tomnyberg@gmail.com>
 dpkg-source --before-build package-0.1
dpkg-buildpackage: host architecture amd64
dpkg-source: info: using options from
package-0.1/debian/source/options: --extend-diff-ignore=\.egg-info$
 fakeroot debian/rules clean
dh clean --with python2 --buildsystem=python_distutils
   dh_testdir -O--buildsystem=python_distutils
   debian/rules override_dh_auto_clean
make[1]: Entering directory `/tmp/blah/package-0.1'
python setup.py clean -a
running clean
'build/lib.linux-x86_64-2.7' does not exist -- can't clean it
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-2.7' does not exist -- can't clean it
find . -name \*.pyc -exec rm {} \;
make[1]: Leaving directory `/tmp/blah/package-0.1'
   dh_clean -O--buildsystem=python_distutils
 dpkg-source -b package-0.1
dpkg-source: info: using options from
package-0.1/debian/source/options: --extend-diff-ignore=\.egg-info$
dpkg-source: info: using source format `3.0 (quilt)'
dpkg-source: info: building package using existing
./package_0.1.orig.tar.gz
dpkg-source: info: building package in
package_0.1-1.debian.tar.gz
dpkg-source: error: cannot write package_0.1-1.debian.tar.gz:
Permission denied
dpkg-source: error: gzip --no-name --rsyncable -9 gave error exit status 13
dpkg-buildpackage: error: dpkg-source -b package-0.1 gave error exit
status 29
debuild: fatal error at line 1364:
dpkg-buildpackage -rfakeroot -D -us -uc failed
-----------------------

I.e. it's erroring out because it's trying to modify the file which is
symlinked to a file that my user doesn't own. Of course the solution is to
just copy the files over by hand an run again, but had I not had the repo
owned by anothe user, I could have accidentally modified it myself.

Is there a hidden option I'm missing that's turned this on? Can I turn it off?
It seems like very odd functionality and seems a bit unsafe.

Thank you very much for any help.

Cheers,
Thomas


-- 
To UNSUBSCRIBE, email to deity-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/55CA93A5.3030001@gmail.com


----- End forwarded message -----


Best regards

David Kalnischkies

Attachment: signature.asc
Description: Digital signature

Reply to: