[debhelper-devel] [debhelper] 01/03: Add a sequence to enable R³ with "ownership-nulling"
Niels Thykier
nthykier at moszumanska.debian.org
Sun Oct 15 19:12:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
nthykier pushed a commit to branch support-rrr
in repository debhelper.
commit 21f91892ddc992424c63aa75182d69d7c61f02d0
Author: Niels Thykier <niels at thykier.net>
Date: Sun Oct 15 14:12:10 2017 +0000
Add a sequence to enable R³ with "ownership-nulling"
The core requirement of R³ is that output is bit-for-bit identical
even when the field is ignored. This implies that we know for certain
when it is safe change ownership of files. But fact of the matter is:
We do not.
Consider e.g. dh_usrlocal, which has a special case for directories
owned by "root:root" which is remapped to "root:staff". In a "R³: no"
build, we can be almost certain that no directories will be owned by
"root:root". Whereas in a legacy build under (fake)root, likely all
of them will be.
Therefore, to ensure that we can guarantee bit-for-bit identical
output, we will ask packages to opt-in for now. This will also make
it easier to ensure that dh_builddeb only passes --root-owner-group to
dpkg-deb --build in a R³ supported build.
Signed-off-by: Niels Thykier <niels at thykier.net>
---
debian/changelog | 5 +++++
dh | 2 ++
lib/Debian/Debhelper/Dh_Lib.pm | 23 ++++++++++++++++++++++
.../Sequence/rootless-build-nulling-ownership.pm | 9 +++++++++
4 files changed, 39 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index dc1510d..b760df0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,11 @@ debhelper (10.9.3) UNRELEASED; urgency=medium
* dh_testroot: Update check for root to support R³.
* makefile.pm: Call "make install" with DPKG_GAIN_ROOT_CMD when
R³ contains the "debhelper/upstream-make-install" keyword.
+ * rootless-build-nulling-ownership.pm: New dh sequence to enable
+ R³ support. This level of R³ support is only suitable when the
+ package do not need any non-standard static ownership in the
+ binary packages as all ownership values will be reset to
+ "root:root".
-- Niels Thykier <niels at thykier.net> Sat, 14 Oct 2017 11:18:19 +0000
diff --git a/dh b/dh
index 721b842..9d38324 100755
--- a/dh
+++ b/dh
@@ -301,6 +301,7 @@ if (not compat(9, 1)) {
unshift(@ARGV, "--with=build-stamp");
}
+$ENV{'DH_INTERNAL_RRR_STATE'} = 'legacy';
inhibit_log();
@@ -736,6 +737,7 @@ foreach my $i (0..$stoppoint) {
# a fresh invocation of debian/rules and any sub-dh commands.
delete $ENV{DH_INTERNAL_OPTIONS};
delete $ENV{DH_INTERNAL_OVERRIDE};
+ delete $ENV{DH_INTERNAL_RRR_STATE};
run("debian/rules", $rules_target);
next;
}
diff --git a/lib/Debian/Debhelper/Dh_Lib.pm b/lib/Debian/Debhelper/Dh_Lib.pm
index 42a2545..8b54b90 100644
--- a/lib/Debian/Debhelper/Dh_Lib.pm
+++ b/lib/Debian/Debhelper/Dh_Lib.pm
@@ -66,6 +66,7 @@ our (@EXPORT, %dh);
&print_and_complex_doit &default_sourcedir &qx_cmd
&compute_doc_main_package &is_so_or_exec_elf_file
&assert_opt_is_known_package &should_use_root &gain_root_cmd
+ &in_rrr_legacy_mode
);
# The Makefile changes this if debhelper is installed in a PREFIX.
@@ -1427,6 +1428,7 @@ sub getpackages {
# - Returns true otherwise (i.e. keyword is in R^3 or R^3 is 'binary-targets')
sub should_use_root {
my ($keyword) = @_;
+ return 1 if in_rrr_legacy_mode();
getpackages() if not %rrr;
return 0 if exists($rrr{'no'});
@@ -1436,6 +1438,26 @@ sub should_use_root {
return 0;
}
+# Returns the level of R^3 support requested by the packager.
+# - "legacy" => in which case R^3 is effectively neutered (as we still have to use root every where
+# to ensure bit-for-bit identical results)
+# - "null-owner" => basic R^3 support; all ownership information is ignored and dpkg-deb --build is
+# passed --root-owner-group to ensure all files/dirs have "root:root" as owner.
+# As R^3 support improves and we can declarative choose the owner of any file without actually
+# needing root, this may return additional values.
+sub _requested_rrr_state {
+ return $ENV{'DH_INTERNAL_RRR_STATE'} // 'legacy';
+}
+
+# Returns true if R^3 is disabled and legacy semantics must be assumed.
+# Some commands have legacy detection/work flows that cannot be safely assumed to hold under R^3
+# (e.g. dh_usrlocal and directories being owned by root:root being remapped to root:staff). This
+# sub can be used to determine whether the legacy work flow must be used or not.
+sub in_rrr_legacy_mode {
+ return 1 if _requested_rrr_state() eq 'legacy';
+ return 0;
+}
+
# Returns the "gain root command" as a list suitable for passing as a part of the command to "doit()"
sub gain_root_cmd {
my $raw_cmd = $ENV{DPKG_GAIN_ROOT_CMD};
@@ -1444,6 +1466,7 @@ sub gain_root_cmd {
}
sub root_requirements {
+ return 'legacy-root' if in_rrr_legacy_mode;
getpackages() if not %rrr;
return 'none' if exists($rrr{'no'});
diff --git a/lib/Debian/Debhelper/Sequence/rootless-build-nulling-ownership.pm b/lib/Debian/Debhelper/Sequence/rootless-build-nulling-ownership.pm
new file mode 100644
index 0000000..c46a1f3
--- /dev/null
+++ b/lib/Debian/Debhelper/Sequence/rootless-build-nulling-ownership.pm
@@ -0,0 +1,9 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+# Implementation-detail; subject to change whenever we feel like it.
+$ENV{'DH_INTERNAL_RRR_STATE'} = 'null-owner';
+
+1
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debhelper/debhelper.git
More information about the debhelper-devel
mailing list