[Buildd-tools-devel] Bug#482491: Bug#482491: Bug#482491: Bug#482491: sbuild: extracts the source while installing b-deps

Roger Leigh rleigh at whinlatter.ukfsn.org
Mon May 26 11:33:27 UTC 2008 

clone 482491 -1
reassign -1 crip
retitle -1 crip: path in dpatch patch walks outside build directory
thanks

Lucas Nussbaum <lucas at lucas-nussbaum.net> writes:

> On 25/05/08 at 23:20 +0100, Roger Leigh wrote:
>> Lucas Nussbaum <lucas at lucas-nussbaum.net> writes:
>> 
>> > On 23/05/08 at 12:08 +0100, Roger Leigh wrote:
>> >> On Fri, May 23, 2008 at 09:25:01AM +0200, Lucas Nussbaum wrote:
>> >> > It seems that sbuild now extracts the source while installing
>> >> > build-deps. See:
>> >> > 
>> >> > Selecting previously deselected package gettext.
>> >> > Unpacking gettext (from .../gettext_0.17-2_i386.deb) ...
>> >> > Selecting previously deselected package intltool-debian.
>> >> > Unpacking intltool-debian (from .../intltool-debian_0.35.0+20060710gpg:
>> >> > Signature made Wed Apr 19 12:53:15 2006 CEST using DSA key ID 8E635A5E
>> >> > gpg: Can't check signature: public key not found
>> >> > dpkg-source: extracting crip in crip_3.7-3
>> >> > dpkg-source: info: unpacking crip_3.7.orig.tar.gz
>> >> > dpkg-source: info: applying crip_3.7-3.diff.gz
>> >> > .1_all.deb) ...
>> >> > Selecting previously deselected package po-debconf.
>> >> > Unpacking po-debconf (from .../po-debconf_1.0.13_all.deb) ...
>> >> > Selecting previously deselected package debhelper.
>> >> > Unpacking debhelper (from .../debhelper_7.0.9_all.deb) ...
>> >> > 
>> >> > This produces confusing build log. If this change was made on purpose,
>> >> > please provide an option to serialize those steps, so I can get "clean"
>> >> > build logs when reporting bugs.
>> >> 
>> >> There have not been any changes made on purpose.  install_deps() is
>> >> called before build().  One possiblity is that the logging stream PLOG
>> >> is doing some odd buffering in subprocesses, and flushing the stream at
>> >> certain points would help (the logging is done in a separate process).
>> >> 
>> >> It would be interesting to know the the git master head 
>> >>   git://git.debian.org/git/buildd-tools/sbuild
>> >> also suffers from this problem, and if the log is identical between
>> >> sbuild runs.
>> >> 
>> >> sbuild has had quite a lot of refactoring done over the last two weeks
>> >> or so, and it's possible that something broke as a result, but none of
>> >> this work should have changed the program logic.
>> >
>> > git bisect shows that the first bad commit is
>> > c1e3cbc8699da54f9f540bdabc6436a128eaa668 .
>> >
>> > A test case is to build crip_3.7-3 : it builds fine before the commit,
>> > and fails to build with the commit.
>> 
>> Is this for #482456 rather than this bug?
>
> No, that's for #482491.
>
>> For me, crip fails to apply a dpatch patch (log attached) using the
>> current git (master).
>
> Same here. But this doesn't happen without
> c1e3cbc8699da54f9f540bdabc6436a128eaa668, but does happen with it.
>
> Also, it still fails with the current master.

This is a bug in crip:

[debian/patches/30dont_overwrite_files.dpatch]
--- crip        2005-12-18 00:45:48.000000000 +0100
+++ ../../crip-3.7/crip 2006-04-05 22:37:45.000000000 +0200

The patch has a relative path in it which is assuming it knows that
the build directory name will always be "crip-3.7".  There's no reason
for that to be hardcoded in the patch.  In fact, I'm surprised that
this is allowed--it's a potential security issue if patches are
applied outside the package source tree, no?  (I'm CCing the dpatch
maintainers to check this.)

Now, sbuild is still naming the directory incorrectly (the current
master head still doesn't strip the Debian revision, just epochs), but
this is exposing a bug in crip, IMO, not the other way around.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20080526/e877d32e/attachment.pgp

More information about the Buildd-tools-devel mailing list