[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1002626: debian-policy: building packages should not require to be root

On Sat, 2021-12-25 at 18:45:08 -0800, Russ Allbery wrote:
> Vincent Lefevre <vincent@vinc17.net> writes:
> > On 2021-12-25 14:48:33 -0800, Russ Allbery wrote:
> >> Vincent Lefevre <vincent@vinc17.net> writes:
> >>> Here, the build via "debuild" is failing even when fakeroot is
> >>> available (installed on the machine). Note that Rules-Requires-Root
> >>> has been set to "no". IMHO, the policy should say that when
> >>> Rules-Requires-Root is set to "no", being root or using fakeroot
> >>> should not be required.
> 
> >> It does already.
> 
> >>     no: Declares that neither root nor fakeroot is required. Package
> >>     builders (e.g. dpkg-buildpackage) may choose to invoke any target in
> >>     debian/rules with an unprivileged user.
> 
> >> Am I missing something?
> 
> > According to Sean, this is just advisory (and Scott Kitterman seemed
> > to assume that a build failure as non-root[*] was not a RC bug).
> 
> I don't understand what "advisory" means here.  This field controls the
> behavior of the package building software.  If the package says that root
> isn't required, the package will be built without root.  If root turns out
> to be required, the package will FTBFS.  There's nothing "advisory" about
> having inaccurate package metadata that causes FTBFS, surely?

I did not understand Sean reply either TBH. Also rereading the policy
description of this, seems to me has somewhat lost some of the nuance
from the spec in dpkg (/usr/share/doc/dpkg/rootless-builds.txt.gz).

Neither I understood the comment about that being related to the field
being new.

> Presumably the question is about the severity of the bug, but I don't
> think the severity question has anything to do with the Policy wording or
> would change if we worded Policy differently.  The package says that you
> don't have to run it as root, so an autobuilder that knows about
> Rules-Requires-Root won't run the build as root, the build will fail, and
> that's a FTBFS bug, regardless of what Policy says.  Presumably Lucas
> would report it as such if his builder supports Rules-Requires-Root.

But, the builder in this context is the program driving debian/rules
and not any external wrappers, in this case dpkg-buildpackage, which
has honored the field since it got implemented in 1.19.0. We drafted
it as "the builder" to allow for other potential drivers, because we
are still considering debian/rules the canonical entry point (even
though I still think we should ideally stop supporting calling it
directly, and instead should make dpkg-buildpackage the only supported
interface).

> […] It looks like that's not the case, so I think this was
> just a bog-standard FTBFS, only a bit surprising because it was triggered
> by honoring Rules-Requires-Root, which I'm not sure the buildds do (yet).

The buildds have "honored" R³ since dpkg-buildpackage does.

Thanks,
Guillem
Reply to: