[buildd-tools-devel] Bug#810248: Bug#810248: sbuild: experimental sbuild breaks building in squeeze chroot due to build directory having setgid bit

[Raphael Hertzog]

Hi,

On Fri, 08 Jan 2016, Johannes Schauer wrote:
> > Newer dpkg cope better with that apparently... but I don't think that the
> > "setgid" bit is necessary here.
> 
> I'm not sure unfortunately...

Well if the bit had been always there, sbuild would never have worked for
me for a long time... it's a regression so that setgid bit is something
introduced recently or that only started working recently.

> So when creating the chroot sbuild will execute the following inside the
> chroot:
> 
>     $ mkdir -m 0775 /build
>     $ chown sbuild:sbuild /build
>     $ chmod 02770 /build
> 
> This will result in build directory having permissions rwxrws---. I do not know
> why the suid bit is necessary here and funnily doing the following:
> 
>     $ chmod 00770 /build
> 
> Will not remove the suid bit.

Well, you don't need to remove it if you never add it in the first place.
That said the purpose of that setgid bit is clear, it's a way to ensure
the "sbuild" group is preserved on files extracted in that directory.

I'm not sure there's anything of critical importance here though.

Either you drop that bit from the start or you drop it on the extracted
source package ("chmod -R g-s /build/source-package").

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/