apt-get source symlinks if repository is local ('file:/)?
Hello,
I've been trying to set up a repository for some home-built packages and
ran into something a little odd. I used reprepro to set up the
respository and I added a single .deb and .dsc package. Next I noted
something odd when I tried to use apt-get source depending upon whether
I expose the repo using http or simply as a file. I.e. using either one
of the following setups in my sources.list:
deb file:/repos/apt/ubuntu trusty main
deb-src file:/repos/apt/ubuntu trusty main
deb http://0.0.0.0:8000/repos/apt/ubuntu trusty main
deb-src http://0.0.0.0:8000/repos/apt/ubuntu trusty main
(In the second case I'm exposing the repository using `python -m
SimpleHTTPServer` though I doubt that's important.)
Next is where it gets a bit weird...I run `apt-get
--allow-unauthenticated source package_name` I get a different result
depending upon which of the previous setups I use. In the first setup, I
get the following 4 files (I run ls -l):
-----------------------
drwxr-xr-x 5 xxx xxx 4096 Aug 11 17:16 package-0.1
lrwxrwxrwx 1 xxx xxx 81 Aug 11 17:16 package_0.1-1.debian.tar.gz ->
/repos/apt/ubuntu/pool/main/m/package/package_0.1-1.debian.tar.gz
lrwxrwxrwx 1 xxx xxx 71 Aug 11 17:16 package_0.1-1.dsc ->
/repos/apt/ubuntu/pool/main/p/package/package_0.1-1.dsc
lrwxrwxrwx 1 xxx xxx 77 Aug 11 17:16 package_0.1.orig.tar.gz ->
/repos/apt/ubuntu/pool/main/p/package/package_0.1.orig.tar.gz
-----------------------
In the second setup I get the following
-----------------------
drwxr-xr-x 5 xxx xxx 4096 Aug 11 17:21 package-0.1
-rw-r--r-- 1 xxx xxx 878 Aug 11 16:50 package_0.1-1.debian.tar.gz
-rw-r--r-- 1 xxx xxx 842 Aug 11 16:50 package_0.1-1.dsc
-rw-r--r-- 1 xxx xxx 3246 Aug 11 16:50 package_0.1.orig.tar.gz
-----------------------
I.e. in the case of using file:/, I get symlinks and in the case of
using http://, I get copies of the files. It's not suprising that I
would copies in the second case (what does an http-symlink mean?), but
even in the first case it's weird. The only reason I noticed, is that
the repository itself (i.e. the /repo fs hierarchy) is owned by another
user and so when I tried to run `debuild -uc -us` in the package-0.1/ it
failed with this error:
-----------------------
dpkg-buildpackage -rfakeroot -D -us -uc
dpkg-buildpackage: source package package
dpkg-buildpackage: source version 0.1-1
dpkg-buildpackage: source distribution unstable
dpkg-buildpackage: source changed by Thomas Nyberg <tomnyberg@gmail.com>
dpkg-source --before-build package-0.1
dpkg-buildpackage: host architecture amd64
dpkg-source: info: using options from
package-0.1/debian/source/options: --extend-diff-ignore=\.egg-info$
fakeroot debian/rules clean
dh clean --with python2 --buildsystem=python_distutils
dh_testdir -O--buildsystem=python_distutils
debian/rules override_dh_auto_clean
make[1]: Entering directory `/tmp/blah/package-0.1'
python setup.py clean -a
running clean
'build/lib.linux-x86_64-2.7' does not exist -- can't clean it
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-2.7' does not exist -- can't clean it
find . -name \*.pyc -exec rm {} \;
make[1]: Leaving directory `/tmp/blah/package-0.1'
dh_clean -O--buildsystem=python_distutils
dpkg-source -b package-0.1
dpkg-source: info: using options from
package-0.1/debian/source/options: --extend-diff-ignore=\.egg-info$
dpkg-source: info: using source format `3.0 (quilt)'
dpkg-source: info: building package using existing
./package_0.1.orig.tar.gz
dpkg-source: info: building package in
package_0.1-1.debian.tar.gz
dpkg-source: error: cannot write package_0.1-1.debian.tar.gz:
Permission denied
dpkg-source: error: gzip --no-name --rsyncable -9 gave error exit status 13
dpkg-buildpackage: error: dpkg-source -b package-0.1 gave error exit
status 29
debuild: fatal error at line 1364:
dpkg-buildpackage -rfakeroot -D -us -uc failed
-----------------------
I.e. it's erroring out because it's trying to modify the file which is
symlinked to a file that my user doesn't own. Of course the solution is
to just copy the files over by hand an run again, but had I not had the
repo owned by anothe user, I could have accidentally modified it myself.
Is there a hidden option I'm missing that's turned this on? Can I turn
it off? It seems like very odd functionality and seems a bit unsafe.
Thank you very much for any help.
Cheers,
Thomas
Reply to: