[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#769709: pre-approval: perl/5.20.1-3

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: perl@packages.debian.org

Hi,

as announced in https://lists.debian.org/debian-devel/2014/11/msg00216.html
I'd like to move File::Temp and its dependencies into perl-base.

The init-system-helpers package currently depends on perl, see #757891.
This is not desirable: an increasing number of daemon packages including
some in the base system (like rsyslog) depend on init-system-helpers,
so the base system now pulls in perl and perl-modules. This grows the
size of the base system in jessie by ~30MB, which can be considered a
regression from wheezy.

Even worse, since util-linux recently gained a dependency on
init-system-helpers, the Essential:yes packages now pull in perl,
increasing the size of even minimal chroots. IMO at least this should
be a release critical bug somewhere but it's not quite clear to me where.

I see the util-linux change may still get reverted (#768315), but even
if that happens, I think fixing the base system growth too would be good
for jessie.

While I wasn't initially keen on growing perl-base, I've since been
convinced otherwise in the case of File::Temp: secure creation of
temporary files is a non-trivial commonly occurring task that deserves
to be in the Essential set, and using /usr/bin/mktemp from perl programs
is quite unwieldy.

As it happens, File::Temp pulls in the other modules needed by
init-system-helpers too, so any controversy around #757891 is hopefully
solved with this.

I'm sorry that this comes so late, but I think it is the right way
forward and enables fixing a regression from wheezy. I hope you agree.

Proposed debdiff attached (modulo UNRELEASED). I'm also attaching
the corresponding git patch for your convenience as that's a bit more
readable. It's pushed at
 http://anonscm.debian.org/cgit/perl/perl.git/commit/?h=ntyni/moving-file-temp

The changes are quite straightforward (but eyeballs are certainly
welcome), except perhaps the added dependency from perl-modules to
perl-base. This is required to make sure partial upgrades can't result
in a system missing File::Temp et al.

Please let me know if you'd be OK with this, and many thanks for your work,
-- 
Niko Tyni   ntyni@debian.org

diff -Nru perl-5.20.1/debian/changelog perl-5.20.1/debian/changelog
--- perl-5.20.1/debian/changelog	2014-10-20 00:03:01.000000000 +0300
+++ perl-5.20.1/debian/changelog	2014-11-15 18:27:05.000000000 +0200
@@ -1,3 +1,11 @@
+perl (5.20.1-3) UNRELEASED; urgency=medium
+
+  * Move File::Temp and its dependencies (File::Path, File::Basename,
+    and parent) to perl-base.
+    See https://lists.debian.org/debian-devel/2014/11/msg00216.html
+
+ -- Niko Tyni <ntyni@debian.org>  Sun, 09 Nov 2014 22:18:48 +0200
+
 perl (5.20.1-2) unstable; urgency=medium
 
   * Fix IO::Uncompress::Gunzip gunzip to in-memory file handle
diff -Nru perl-5.20.1/debian/control perl-5.20.1/debian/control
--- perl-5.20.1/debian/control	2014-10-04 00:23:43.000000000 +0300
+++ perl-5.20.1/debian/control	2014-11-15 16:37:22.000000000 +0200
@@ -32,16 +32,22 @@
  libanyevent-perl (<< 7.070-2),
  libjcode-perl (<< 2.13-3),
  libgtk2-perl-doc (<< 2:1.2491-4),
+ libfile-temp-perl (<< 0.2304),
+ libfile-path-perl (<< 2.09),
  libscalar-list-utils-perl (<< 1:1.38)
-Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.10.1-1), libperl5.8 (<< 5.8.0-20),
+Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.20.1-3), libperl5.8 (<< 5.8.0-20),
  libscalar-list-utils-perl,
  libxsloader-perl,
  libsocket-perl,
+ libfile-temp-perl,
+ libfile-path-perl,
  libio-socket-ip-perl,
 Provides: perl5-base, ${perlapi:Provides},
  libscalar-list-utils-perl,
  libxsloader-perl,
  libsocket-perl,
+ libfile-temp-perl,
+ libfile-path-perl,
  libio-socket-ip-perl,
 Suggests: perl
 Description: minimal Perl system
@@ -102,7 +108,7 @@
 Priority: standard
 Architecture: all
 Multi-Arch: foreign
-Depends: perl (>= ${Upstream-Version}-1)
+Depends: perl (>= ${Upstream-Version}-1), perl-base (>= 5.20.1-3)
 Recommends: libarchive-extract-perl,
  libmodule-pluggable-perl,
  libpod-latex-perl,
@@ -122,7 +128,6 @@
  mono-gac (<< 2.10.8.1-3)
 Breaks: libpod-parser-perl (<< 1.62),
  libansicolor-perl (<< 4.02),
- libfile-temp-perl (<< 0.2304),
  libnet-perl (<= 1:1.22),
  libattribute-handlers-perl (<< 0.96),
  libcgi-pm-perl (<< 3.65),
@@ -165,13 +170,11 @@
  libdigest-perl (<< 1.17),
  libextutils-install-perl (<< 1.67),
  libhttp-tiny-perl (<< 0.043),
- libfile-path-perl (<< 2.09),
  libcpan-meta-requirements-perl (<< 2.125),
  libexperimental-perl (<< 0.007),
  libpackage-constants-perl (<< 0.04),
 Replaces: libpod-parser-perl,
  libansicolor-perl,
- libfile-temp-perl,
  libnet-perl,
  libattribute-handlers-perl,
  libcgi-pm-perl,
@@ -214,13 +217,11 @@
  libdigest-perl,
  libextutils-install-perl,
  libhttp-tiny-perl,
- libfile-path-perl,
  libcpan-meta-requirements-perl,
  libexperimental-perl,
  libpackage-constants-perl,
 Provides: libpod-parser-perl,
  libansicolor-perl,
- libfile-temp-perl,
  libnet-perl,
  libattribute-handlers-perl,
  libi18n-langtags-perl,
@@ -261,7 +262,6 @@
  libdigest-perl,
  libextutils-install-perl,
  libhttp-tiny-perl,
- libfile-path-perl,
  libcpan-meta-requirements-perl,
  libexperimental-perl,
 Description: Core Perl modules
diff -Nru perl-5.20.1/debian/perl-base.files perl-5.20.1/debian/perl-base.files
--- perl-5.20.1/debian/perl-base.files	2014-10-04 00:23:43.000000000 +0300
+++ perl-5.20.1/debian/perl-base.files	2014-11-15 15:38:36.000000000 +0200
@@ -72,3 +72,7 @@
 usr/**/perl/*/warnings.pm
 usr/**/perl/*/warnings/register.pm
 usr/**/perl/*/feature.pm
+usr/**/perl/*/File/Temp.pm
+usr/**/perl/*/File/Path.pm
+usr/**/perl/*/File/Basename.pm
+usr/**/perl/*/parent.pm

>From e32cfcbcd5d12f4cf1cab351ebaf81b5e657d82d Mon Sep 17 00:00:00 2001
From: Niko Tyni <ntyni@debian.org>
Date: Sun, 9 Nov 2014 22:15:03 +0200
Subject: [PATCH] Move File::Temp, File::Path and File::Basename to perl-base

The module primarily being moved into the Essential set is File::Temp,
the others are pulled in as dependencies.

Securely creating a temporary file is both difficult and a reasonable
action for maintainer scripts to want to take, so it makes sense to have
that in the essential set. Using /usr/bin/mktemp from Perl programs is
unnecessarily hard and error-prone.

See https://lists.debian.org/debian-devel/2014/11/msg00216.html
---
 debian/changelog       |  4 +++-
 debian/control         | 16 ++++++++--------
 debian/perl-base.files |  4 ++++
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 7326626..ac11e57 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 perl (5.20.1-3) UNRELEASED; urgency=medium
 
-  * 
+  * Move File::Temp and its dependencies (File::Path, File::Basename,
+    and parent) to perl-base.
+    See https://lists.debian.org/debian-devel/2014/11/msg00216.html
 
  -- Niko Tyni <ntyni@debian.org>  Sun, 09 Nov 2014 22:18:48 +0200
 
diff --git a/debian/control b/debian/control
index 7260f0b..6e8afc3 100644
--- a/debian/control
+++ b/debian/control
@@ -32,16 +32,22 @@ Breaks: autoconf2.13 (<< 2.13-45),
  libanyevent-perl (<< 7.070-2),
  libjcode-perl (<< 2.13-3),
  libgtk2-perl-doc (<< 2:1.2491-4),
+ libfile-temp-perl (<< 0.2304),
+ libfile-path-perl (<< 2.09),
  libscalar-list-utils-perl (<< 1:1.38)
-Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.10.1-1), libperl5.8 (<< 5.8.0-20),
+Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.20.1-3), libperl5.8 (<< 5.8.0-20),
  libscalar-list-utils-perl,
  libxsloader-perl,
  libsocket-perl,
+ libfile-temp-perl,
+ libfile-path-perl,
  libio-socket-ip-perl,
 Provides: perl5-base, ${perlapi:Provides},
  libscalar-list-utils-perl,
  libxsloader-perl,
  libsocket-perl,
+ libfile-temp-perl,
+ libfile-path-perl,
  libio-socket-ip-perl,
 Suggests: perl
 Description: minimal Perl system
@@ -102,7 +108,7 @@ Package: perl-modules
 Priority: standard
 Architecture: all
 Multi-Arch: foreign
-Depends: perl (>= ${Upstream-Version}-1)
+Depends: perl (>= ${Upstream-Version}-1), perl-base (>= 5.20.1-3)
 Recommends: libarchive-extract-perl,
  libmodule-pluggable-perl,
  libpod-latex-perl,
@@ -122,7 +128,6 @@ Conflicts: defoma (<< 0.11.12),
  mono-gac (<< 2.10.8.1-3)
 Breaks: libpod-parser-perl (<< 1.62),
  libansicolor-perl (<< 4.02),
- libfile-temp-perl (<< 0.2304),
  libnet-perl (<= 1:1.22),
  libattribute-handlers-perl (<< 0.96),
  libcgi-pm-perl (<< 3.65),
@@ -165,13 +170,11 @@ Breaks: libpod-parser-perl (<< 1.62),
  libdigest-perl (<< 1.17),
  libextutils-install-perl (<< 1.67),
  libhttp-tiny-perl (<< 0.043),
- libfile-path-perl (<< 2.09),
  libcpan-meta-requirements-perl (<< 2.125),
  libexperimental-perl (<< 0.007),
  libpackage-constants-perl (<< 0.04),
 Replaces: libpod-parser-perl,
  libansicolor-perl,
- libfile-temp-perl,
  libnet-perl,
  libattribute-handlers-perl,
  libcgi-pm-perl,
@@ -214,13 +217,11 @@ Replaces: libpod-parser-perl,
  libdigest-perl,
  libextutils-install-perl,
  libhttp-tiny-perl,
- libfile-path-perl,
  libcpan-meta-requirements-perl,
  libexperimental-perl,
  libpackage-constants-perl,
 Provides: libpod-parser-perl,
  libansicolor-perl,
- libfile-temp-perl,
  libnet-perl,
  libattribute-handlers-perl,
  libi18n-langtags-perl,
@@ -261,7 +262,6 @@ Provides: libpod-parser-perl,
  libdigest-perl,
  libextutils-install-perl,
  libhttp-tiny-perl,
- libfile-path-perl,
  libcpan-meta-requirements-perl,
  libexperimental-perl,
 Description: Core Perl modules
diff --git a/debian/perl-base.files b/debian/perl-base.files
index 6aef2d5..2c6f57a 100644
--- a/debian/perl-base.files
+++ b/debian/perl-base.files
@@ -72,3 +72,7 @@ usr/**/perl/*/vars.pm
 usr/**/perl/*/warnings.pm
 usr/**/perl/*/warnings/register.pm
 usr/**/perl/*/feature.pm
+usr/**/perl/*/File/Temp.pm
+usr/**/perl/*/File/Path.pm
+usr/**/perl/*/File/Basename.pm
+usr/**/perl/*/parent.pm
-- 
2.1.3
Reply to: