lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 29 Nov 2023 03:56:01 +0900
From:   Masahiro Yamada <masahiroy@...nel.org>
To:     Ben Hutchings <ben@...adent.org.uk>
Cc:     linux-kbuild@...r.kernel.org, Guillem Jover <guillem@...ian.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nicolas Schier <nicolas@...sle.eu>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kbuild: deb-pkg: remove the fakeroot builds support

On Wed, Nov 29, 2023 at 1:31 AM Ben Hutchings <ben@...adent.org.uk> wrote:
>
> On Wed, 2023-11-29 at 00:38 +0900, Masahiro Yamada wrote:
> > In 2017, the dpkg suite introduced the rootless builds support with the
> > following commits:
> >
> >   - 2436807c87b0 ("dpkg-deb: Add support for rootless builds")
> >   - fca1bfe84068 ("dpkg-buildpackage: Add support for rootless builds")
> >
> > This feature is available in the default dpkg on Debian 10 and Ubuntu
> > 20.04.
> >
> > Remove the old method.
>
> This seems reasonable.
>
>
> > Additionally, export DEB_RULES_REQUIRES_ROOT=no in case debian/rules is
> > invoked without dpkg-buildpackage. This change aligns with the Debian
> > kernel commit 65206e29f378 ("Allow to run d/rules.real without root").
>
> The Debian linux package has multiple makefiles used recursively
> (rather than included).  The referenced commit is kind of a hack to
> make rootless builds of a subset of binary packages work when invoking
> one of the lower-level makefiles directly.


The upstream kernel does not support individual package build
since it is implemented in scripts/package/builddeb shell script.


Is the direct execution of debian/rules still worth supporting
in the upstream kernel?


If the answer is no, "export DEB_RULES_REQUIRES_ROOT=no"
is meaningless.


> It works because the package runs dh_builddeb, which checks
> DEB_RULES_REQUIRES_ROOT.  But setting DEB_RULES_REQUIRES_ROOT has
> absolutely zero effect on dpkg-deb or other low-level tools.

Please let me clarify your statement.

Do you mean this?  ("is needed" ?)

"It is needed because the package runs dh_builddeb, which checks
 DEB_RULES_REQUIRES_ROOT."





> > While the upstream kernel currently does not run dh_testroot, it may
> > be useful in the future.
>
> We can do one of:
>
> 1. Ignore DEB_RULES_REQUIRES_ROOT, assume that dpkg-deb supports
>    --root-owner-group and use it unconditionally (your v1).
> 2. Check DEB_RULES_REQUIRES_ROOT, do either fakeroot and chown or
>    dpkg-deb --root-owner-group (current behaviour), and maybe also do
>    the equivalent of dh_testroot.
> 3. Delegate this to dh_builddeb.  Since we use dh_listpackages now,
>    debhelper is already required and this would make things a lot
>    simpler.
>
> But the combination of changes in v2 does not make sense to me.



I like 1 or 3.



If I go with 3.,
does splitting it into two patches make sense?


1/2:  remove fakeroot  (just like v1)
2/2:  dh_* conversion + "export DEB_RULES_REQUIRES_ROOT=no"


--
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ