Bug#845715: Required targets must not write outside of the source package tree

[Niels Thykier <niels@thykier.net>]

On Sat, 03 Nov 2018 12:38:55 -0700 Sean Whitton
<spwhitton@spwhitton.name> wrote:
> control: tag -1 +patch
> 
> Hello,
> 
> I reformatted and wordsmithed josch's patch, second it myself, and am
> seeking further seconds.
> 
> Given that whole archive rebuilds with use sbuild and already catch
> packages that violate this requirement, making this change would not
> declare any packages buggy that would not already be considered buggy,
> so we can make it right away.
> 
> [...]
> index dc80243..c486e7c 100644
> --- a/policy/ch-source.rst
> +++ b/policy/ch-source.rst
> @@ -291,6 +291,16 @@ For packages in the main archive, no required targets may attempt
>  network access, except, via the loopback interface, to services on the
>  build host that have been started by the build.
> 
> +Required targets must not attempt to write outside of the unpacked
> +source package tree. An exception to this rule is the use of
> +``TMPDIR`` (or ``/tmp`` if that is not set) which is permitted as long
> +as temporary files are deleted by the end of the target, and not
> +reused by subsequent execution of the target.  This restriction is
> +intended to prevent source package builds creating and depending on
> +state outside of themselves, thus affecting multiple independent
> +rebuilds.  In particular, the required targets must not attempt to
> +write into ``HOME``.
> +
> [...]

I suspect we are missing an exception allowing the binary targets to
write the produced binaries in the parent directory of the unpacked
source tree.
  Otherwise pretty much all packages violate the policy when they
generate the actual .debs/.udebs. :)

Thanks,
~Niels