[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#845715: marked as done (debian-policy: Please document that packages are not allowed to write outside their source directories)

Your message dated Sun, 23 Dec 2018 10:49:07 +0000
with message-id <E1gb1Jj-000BR8-Fg@fasolo.debian.org>
and subject line Bug#845715: fixed in debian-policy
has caused the Debian Bug report #845715,
regarding debian-policy: Please document that packages are not allowed to write outside their source directories
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

845715: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845715
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: debian-policy
Severity: wishlist
Tags: patch


source packages are forced to not write into $HOME by sbuild and
pbuilder, so any package attempting to do so currently FTBFS. It would
be nice to have this requirement be documented in policy. I propose the
following patch:

diff --git a/policy.sgml b/policy.sgml
index 9cd182b..42efd18 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -1944,6 +1944,16 @@ zope.
           For packages in the main archive, no required targets
           may attempt network access.
+       <p>
+         None of the required targets must attempt to write outside of the
+         source package package directory tree. An exception to this rule is
+         the use of <file>/tmp</file> which is permitted as long as temporary
+         files are deleted and not re-used by subsequent execution of the
+         target. This is to prevent that source package builds create and
+         depend on state from the outside and thus affect multiple independent
+         rebuilds. Most notably, none of the required targets must attempt to
+         write into <file>$HOME</file>.
+       </p>
          The targets are as follows:



cheers, josch

--- End Message ---
--- Begin Message ---
Source: debian-policy

We believe that the bug you reported is fixed in the latest version of
debian-policy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 845715@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Sean Whitton <spwhitton@spwhitton.name> (supplier of updated debian-policy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA512

Format: 1.8
Date: Sun, 23 Dec 2018 10:17:55 +0000
Source: debian-policy
Binary: debian-policy debian-policy-ja
Architecture: source
Distribution: unstable
Urgency: medium
Maintainer: Debian Policy Editors <debian-policy@lists.debian.org>
Changed-By: Sean Whitton <spwhitton@spwhitton.name>
 debian-policy - Debian Policy Manual and related documents
 debian-policy-ja - Debian Policy Manual and related documents (Japanese)
Closes: 188731 833401 845715 850156 912581 914383
 debian-policy ( unstable; urgency=medium
   * Policy: Update recommendations for stripping binaries and shlibs
     Wording: Sean Whitton <spwhitton@spwhitton.name>
     Seconded: Russ Allbery <rra@debian.org>
     Seconded: Niels Thykier <niels@thykier.net>
     Closes: #188731
   * Policy: Slightly relax when copyright information need be included verbatim
     Wording: Sean Whitton <spwhitton@spwhitton.name>
     Seconded: Holger Levsen <holger@layer-acht.org>
     Seconded: Russ Allbery <rra@debian.org>
     Closes: #912581
   * Policy: Required targets must not write outside of the source package tree
     Wording: Johannes Schauer <josch@debian.org>
     Wording: Bill Allombert <ballombe@debian.org>
     Seconded: Niels Thykier <niels@thykier.net>
     Seconded: Holger Levsen <holger@layer-acht.org>
     Closes: #845715
   * Policy: Packages should not contain a non-default series file
     Wording: Sean Whitton <spwhitton@spwhitton.name>
     Seconded: Russ Allbery <rra@debian.org>
     Seconded: gregor herrmann <gregoa@debian.org>
     Closes: #850156
   * virtual-package-names-list: Add dbus-session-bus, default-dbus-session-bus
     Wording: Sean Whitton <spwhitton@spwhitton.name>
     Seconded: Simon McVittie <smcv@debian.org>
     Seconded: gregor herrmann <gregoa@debian.org>
     Closes: #833401
   * In a preexisting footnote, recommend passing -D to strip(1) when
     stripping static libraries.
     Thanks to Niels Thykier for the suggestion.
   * Add references to 'next' branch in README.md.
   * Convert virtual-package-names-list to YAML (Closes: #914383).
     Thanks to Jonathan Dowland for the patch.
   * Append missing '.git' to Vcs-Git.
 32d96d73dca550d5cf0babc5b77308764de35d9a 2023 debian-policy_4.3.0.0.dsc
 836885a7a30c7e61859bb4aae6aaca1fa7572ddc 531404 debian-policy_4.3.0.0.tar.xz
 eb8b979248d8d29e4aec266e3e7abd0241c4a952126b1ea8a8cfb33f60435523 2023 debian-policy_4.3.0.0.dsc
 48d9001a15656fa5a16489c3103e24f77e7a57af7aa4cfdd0f413ee3a16597c7 531404 debian-policy_4.3.0.0.tar.xz
 97e6a98aa4092a1c1550ef0bf6bcc0ca 2023 doc optional debian-policy_4.3.0.0.dsc
 f78e87cf7eb7b1def1f42004a8279030 531404 doc optional debian-policy_4.3.0.0.tar.xz



--- End Message ---

Reply to: