On Sat, Jan 04, 2020 at 12:06:41PM -0800, tony mancill wrote: > On Sat, Jan 04, 2020 at 09:35:27AM +0100, Giovanni Mascellani wrote: > > I suspect the problem might be related to the fact that /usr/bin/schroot > > is not set-uid anymore, while it was before. Executing > > ... > I ran into this as well and verified on another system running sid that > the binary update to 1.6.10-7 is when the setuid bit is removed - it's > simply not set in the binary package, while it is in . > I'm curious as to how this happened. I not seeing anything obvious in > the source package changes [1], and when I rebuild 1.6.10-6 or 1.6.10-7 > from source locally in a sid chroot, neither one of them results in a > setuid binary. In the build logs for those builds, the install-arch > target is no longer being called. > However, building 1.6.10-7 in a buster chroot does result in a setuid > binary, so it seems that a recent change in the packaging toolchain > could be the root cause (although I haven't found anything definitive > yet). It is a latent bug in debian/rules, which failed to run the install-arch: target when run under dpkg-buildpackage -b (instead of -B), which is how I did my test build for upload to the archive. I was surprised to find that the archive did not discard my binaries and rebuild them, which I understood was now the standard upload workflow in Debian, but instead published them as-is, which is how this bug made it out to the world. I have pushed a fix for this bug to the git repository; however, the other thing that was failing to happen due to this bug, aside from not setting the binary setuid root, was that the testsuite was not being run. So I'm in the process now of fixing various testsuite regressions. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org
Attachment:
signature.asc
Description: PGP signature