[debhelper-devel] [debhelper] 01/03: Add a sequence to enable R³ with "ownership-nulling"

Niels Thykier nthykier at moszumanska.debian.org
Sun Oct 15 19:12:31 UTC 2017 

This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch support-rrr
in repository debhelper.

commit 21f91892ddc992424c63aa75182d69d7c61f02d0
Author: Niels Thykier <niels at thykier.net>
Date:   Sun Oct 15 14:12:10 2017 +0000

    Add a sequence to enable R³ with "ownership-nulling"
    
    The core requirement of R³ is that output is bit-for-bit identical
    even when the field is ignored.  This implies that we know for certain
    when it is safe change ownership of files.  But fact of the matter is:
    We do not.
    
    Consider e.g. dh_usrlocal, which has a special case for directories
    owned by "root:root" which is remapped to "root:staff".  In a "R³: no"
    build, we can be almost certain that no directories will be owned by
    "root:root".  Whereas in a legacy build under (fake)root, likely all
    of them will be.
    
    Therefore, to ensure that we can guarantee bit-for-bit identical
    output, we will ask packages to opt-in for now.  This will also make
    it easier to ensure that dh_builddeb only passes --root-owner-group to
    dpkg-deb --build in a R³ supported build.
    
    Signed-off-by: Niels Thykier <niels at thykier.net>
---
 debian/changelog                                   |  5 +++++
 dh                                                 |  2 ++
 lib/Debian/Debhelper/Dh_Lib.pm                     | 23 ++++++++++++++++++++++
 .../Sequence/rootless-build-nulling-ownership.pm   |  9 +++++++++
 4 files changed, 39 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index dc1510d..b760df0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,11 @@ debhelper (10.9.3) UNRELEASED; urgency=medium
   * dh_testroot: Update check for root to support R³.
   * makefile.pm: Call "make install" with DPKG_GAIN_ROOT_CMD when
     R³ contains the "debhelper/upstream-make-install" keyword.
+  * rootless-build-nulling-ownership.pm: New dh sequence to enable
+    R³ support.  This level of R³ support is only suitable when the
+    package do not need any non-standard static ownership in the
+    binary packages as all ownership values will be reset to
+    "root:root".
 
  -- Niels Thykier <niels at thykier.net>  Sat, 14 Oct 2017 11:18:19 +0000
 
diff --git a/dh b/dh
index 721b842..9d38324 100755
--- a/dh
+++ b/dh
@@ -301,6 +301,7 @@ if (not compat(9, 1)) {
 	unshift(@ARGV, "--with=build-stamp");
 }
 
+$ENV{'DH_INTERNAL_RRR_STATE'} = 'legacy';
 
 inhibit_log();
 		
@@ -736,6 +737,7 @@ foreach my $i (0..$stoppoint) {
 		# a fresh invocation of debian/rules and any sub-dh commands.
 		delete $ENV{DH_INTERNAL_OPTIONS};
 		delete $ENV{DH_INTERNAL_OVERRIDE};
+		delete $ENV{DH_INTERNAL_RRR_STATE};
 		run("debian/rules", $rules_target);
 		next;
 	}
diff --git a/lib/Debian/Debhelper/Dh_Lib.pm b/lib/Debian/Debhelper/Dh_Lib.pm
index 42a2545..8b54b90 100644
--- a/lib/Debian/Debhelper/Dh_Lib.pm
+++ b/lib/Debian/Debhelper/Dh_Lib.pm
@@ -66,6 +66,7 @@ our (@EXPORT, %dh);
 	    &print_and_complex_doit &default_sourcedir &qx_cmd
 	    &compute_doc_main_package &is_so_or_exec_elf_file
 	    &assert_opt_is_known_package &should_use_root &gain_root_cmd
+	    &in_rrr_legacy_mode
 );
 
 # The Makefile changes this if debhelper is installed in a PREFIX.
@@ -1427,6 +1428,7 @@ sub getpackages {
 # - Returns true otherwise (i.e. keyword is in R^3 or R^3 is 'binary-targets')
 sub should_use_root {
 	my ($keyword) = @_;
+	return 1 if in_rrr_legacy_mode();
 	getpackages() if not %rrr;
 
 	return 0 if exists($rrr{'no'});
@@ -1436,6 +1438,26 @@ sub should_use_root {
 	return 0;
 }
 
+# Returns the level of R^3 support requested by the packager.
+# - "legacy" => in which case R^3 is effectively neutered (as we still have to use root every where
+#               to ensure bit-for-bit identical results)
+# - "null-owner" => basic R^3 support; all ownership information is ignored and dpkg-deb --build is
+#                   passed --root-owner-group to ensure all files/dirs have "root:root" as owner.
+# As R^3 support improves and we can declarative choose the owner of any file without actually
+# needing root, this may return additional values.
+sub _requested_rrr_state {
+	return $ENV{'DH_INTERNAL_RRR_STATE'} // 'legacy';
+}
+
+# Returns true if R^3 is disabled and legacy semantics must be assumed.
+# Some commands have legacy detection/work flows that cannot be safely assumed to hold under R^3
+# (e.g. dh_usrlocal and directories being owned by root:root being remapped to root:staff).  This
+# sub can be used to determine whether the legacy work flow must be used or not.
+sub in_rrr_legacy_mode {
+	return 1 if _requested_rrr_state() eq 'legacy';
+	return 0;
+}
+
 # Returns the "gain root command" as a list suitable for passing as a part of the command to "doit()"
 sub gain_root_cmd {
 	my $raw_cmd = $ENV{DPKG_GAIN_ROOT_CMD};
@@ -1444,6 +1466,7 @@ sub gain_root_cmd {
 }
 
 sub root_requirements {
+	return 'legacy-root' if in_rrr_legacy_mode;
 	getpackages() if not %rrr;
 
 	return 'none' if exists($rrr{'no'});
diff --git a/lib/Debian/Debhelper/Sequence/rootless-build-nulling-ownership.pm b/lib/Debian/Debhelper/Sequence/rootless-build-nulling-ownership.pm
new file mode 100644
index 0000000..c46a1f3
--- /dev/null
+++ b/lib/Debian/Debhelper/Sequence/rootless-build-nulling-ownership.pm
@@ -0,0 +1,9 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+# Implementation-detail; subject to change whenever we feel like it.
+$ENV{'DH_INTERNAL_RRR_STATE'} = 'null-owner';
+
+1

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debhelper/debhelper.git

More information about the debhelper-devel mailing list