* Ansgar <ansgar@43-1.org> [2023-01-29 14:01]:
The set of preinstalled packages in build environments is decided by the debootstrap implementation, so yes, the debootstrap behavior is current practice.
Note that debootstrap changed and now only installs essential, build-essential and apt in the buildd variant for trixyie and later (see #837060). Note that the Debian buildds additionally have openssl and ca-certificates installed by default. On the other side dpkg-genbuildinfo does not add apt, openssl and ca-certificates to the buildinfo file if they are not a Build-Dependency. This means that packages that rely on them being present by default fail to build reproducible with debrebuild. The reproducible builds people have filled bugs in those cases and the sbuild team has sketches how to drop those three packages from the build environment.
In essence I think we should not extend the build-essential set by policy but rather try to reduce it more.
Cheers Jochen
Attachment:
signature.asc
Description: PGP signature