[debhelper-devel] Bug#836110: Remove export of PERL_USE_UNSAFE_INC in the future

Dominic Hargreaves dom at earth.li
Mon Aug 7 03:39:23 UTC 2017


On Fri, Jul 07, 2017 at 12:00:36AM +0100, Dominic Hargreaves wrote:
> On Thu, Jun 29, 2017 at 12:06:21PM +0100, Dominic Hargreaves wrote:

> > Sorry about this. At this stage I think it might be better to wait
> > until perl 5.26 has transitioned, so we can reassess all the various
> > breakages without the local modifications that we introduced for 5.24.
> > 
> > I think a transition bug will be opened soon, so this shouldn't delay
> > by more than another couple of months, which should be acceptable for 
> > the buster release?
> 
> (For the bug record).
> 
> Niels removed this from debhelper compat 11:
> 
> https://anonscm.debian.org/git/debhelper/debhelper.git/tree/debhelper.pod#n683
> 
> but I don't this changes my plan above to push on this after the
> perl 5.26 transition is underway. It means that module maintainers
> can move to debhelper 11 as a way to verify whether their packages
> need properly fixing.

Hi,

I've now started this rebuild, and the results are appearing on gobby:

<infinote://gobby.debian.org/Teams/Perl/Perl-debhelper-unsafe-inc-QA>
<https://gobby.debian.org/export/Teams/Perl/Perl-debhelper-unsafe-inc-QA>

I propose to file bugs on affected packages: do you think that the
wording below is okay? I'm guessing severity: normal is appropriate
for now, since there is no great hurry to remove the export?

"This package FTBFS when built with a locally-patched version of
debhelper without USE_UNSAFE_INC exported to the build environment.
This export was added in 2016 in order to accommodate the perl security
release to remove '.' in @INC by default.

As well as allowing us to (eventually) remove this temporary
fix from debhelper, fixing this bug will also help upstreams, since
their users using perl 5.26 will also experience this breakage.
Additionally, it's possible that the problem may also exist at runtime
for your package (though from experience this is less likely).

Note that the testing was against a locally-modified version
of debhelper, but you can get the same effect by setting debhelper
compat level 11 in your package, which also removes the same
export.

The relevant build failure logs are below."

Cheers,
Dominic.




More information about the debhelper-devel mailing list