Re: Using root privileges to build a package
On 14.01.20 12:14, Leopold Palomo-Avellaneda wrote:
> El 14/1/20 a les 10:54, Andrey Rahmatullin ha escrit:
>> Sorry, are you saying you think it's fine for a package build process to
>> modify the build host system?
>
> just to install some files and yes, I understand that it shouldn't.
It's not that it shouldn't, it's that it *can't*. Otherwise any upload
could be used to compromise the buildd host.
> debhelper/upstream-make-install: The dh_auto_install command will run the
> "install" target from the upstream's Makefile under (fake)root (for the
> "makefile" build system or one derived from it).
>
>
> that's what I want: run dh_auto_install target from the upstream's Makefile
> under root.
It doesn't, though. The point of fakeroot is (surprise) to fake actual
root operations. It doesn't really do anything.
The installation you are alluding to is not an installation on the
buildd, but part of the package being created.
Most packages don't need this faking, hence they set
Rules-Requires-Root: no. But when, for example, your build depends on
the installation chown'ing some files, then you'd probably need
Rules-Requires-Root: yes so that fakeroot can fake the chown operation
succeeding when creating the package.
If this library that the two libraries depend on is a public one, then
it should probably be packaged separately. Dependency management is a
key point of our archive.
If this library is private, and you just need it for building or for
tests, then use LD_LIBRARY_PATH (or PYTHONPATH, or whatever suits your
library) to point the build process to the currently created one.
Reply to: