| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <573e05d347a46febbb0f512b6128a4d683551679.camel@decadent.org.uk>
Date: Thu, 30 Nov 2023 19:25:42 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: linux-kbuild@...r.kernel.org, Guillem Jover <guillem@...ian.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nicolas Schier <nicolas@...sle.eu>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] kbuild: deb-pkg: remove the fakeroot builds support
On Wed, 2023-11-29 at 03:56 +0900, Masahiro Yamada wrote:
> On Wed, Nov 29, 2023 at 1:31 AM Ben Hutchings <ben@...adent.org.uk> wrote:
> >
> > On Wed, 2023-11-29 at 00:38 +0900, Masahiro Yamada wrote:
> > > In 2017, the dpkg suite introduced the rootless builds support with the
> > > following commits:
> > >
> > > - 2436807c87b0 ("dpkg-deb: Add support for rootless builds")
> > > - fca1bfe84068 ("dpkg-buildpackage: Add support for rootless builds")
> > >
> > > This feature is available in the default dpkg on Debian 10 and Ubuntu
> > > 20.04.
> > >
> > > Remove the old method.
> >
> > This seems reasonable.
> >
> >
> > > Additionally, export DEB_RULES_REQUIRES_ROOT=no in case debian/rules is
> > > invoked without dpkg-buildpackage. This change aligns with the Debian
> > > kernel commit 65206e29f378 ("Allow to run d/rules.real without root").
> >
> > The Debian linux package has multiple makefiles used recursively
> > (rather than included). The referenced commit is kind of a hack to
> > make rootless builds of a subset of binary packages work when invoking
> > one of the lower-level makefiles directly.
>
>
> The upstream kernel does not support individual package build
> since it is implemented in scripts/package/builddeb shell script.
>
>
> Is the direct execution of debian/rules still worth supporting
> in the upstream kernel?
I don't have an opinion on that.
> If the answer is no, "export DEB_RULES_REQUIRES_ROOT=no"
> is meaningless.
>
>
> > It works because the package runs dh_builddeb, which checks
> > DEB_RULES_REQUIRES_ROOT. But setting DEB_RULES_REQUIRES_ROOT has
> > absolutely zero effect on dpkg-deb or other low-level tools.
>
> Please let me clarify your statement.
>
> Do you mean this? ("is needed" ?)
>
> "It is needed because the package runs dh_builddeb, which checks
> DEB_RULES_REQUIRES_ROOT."
Yes.
> > > While the upstream kernel currently does not run dh_testroot, it may
> > > be useful in the future.
> >
> > We can do one of:
> >
> > 1. Ignore DEB_RULES_REQUIRES_ROOT, assume that dpkg-deb supports
> > --root-owner-group and use it unconditionally (your v1).
> > 2. Check DEB_RULES_REQUIRES_ROOT, do either fakeroot and chown or
> > dpkg-deb --root-owner-group (current behaviour), and maybe also do
> > the equivalent of dh_testroot.
> > 3. Delegate this to dh_builddeb. Since we use dh_listpackages now,
> > debhelper is already required and this would make things a lot
> > simpler.
> >
> > But the combination of changes in v2 does not make sense to me.
>
>
>
> I like 1 or 3.
>
>
>
> If I go with 3.,
> does splitting it into two patches make sense?
>
>
> 1/2: remove fakeroot (just like v1)
> 2/2: dh_* conversion + "export DEB_RULES_REQUIRES_ROOT=no"
Yes, that makes sense to me.
Ben.
--
Ben Hutchings
It is easier to write an incorrect program
than to understand a correct one.
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists