Bug#797858: devscripts: build-rdeps does not work for any but the most trivial dependency situatinos
Johannes Schauer
josch at debian.org
Thu Sep 3 05:08:21 UTC 2015
Package: devscripts
Version: 2.15.8
Severity: important
Tags: patch
Hi,
the only situation in which build-rdeps works reliably is if
- the source package specifies "Build-Depends: foo"
- foo is a real package
- all source packages using foo directly depend on it
- foo is Multi-Arch:no
the reality though is more complicated:
- the source package might have version restrictions in its
Build-Depends
- the source package might have architecture restrictions in its
Build-Depends
- the source package might have build profile restrictions in its
Build-Depends
- the source package might not directly but only indirectly
(transitively) depend on foo (in which case all complications of
binary package relationships are added to the mix)
- foo might be a virtual package
- foo might be part of a dependency alternative "A|foo"
- foo is not Multi-Arch:no and a crossbuild is required
To do a quantitative check of how often the simple "grep-like" mode of
operation that build-rdeps currently uses generates wrong results, lets
compare the capability of build-rdeps to find reverse dependencies with
the one of dose-ceve. Since dose3 is used by wanna-build we expect that
it correctly implements all dependency relationships used in Debian and
can thus serve as a ground truth.
For this endeavour we first generate the list of all binary packages
that are transitively build-depend upon by any source package in Debian:
grep-dctrl '' Sources -n -s Package | sort -u | sed 's/^/src:/' \
| xargs --max-chars=10000 echo | tr ' ' ',' \
| xargs --max-args=1 -I{} dose-ceve -T deb -G pkg \
--deb-native-arch=amd64 -c {} \
debsrc://Sources deb://Packages \
| grep-dctrl -n -s Package '' | sort -u
According to the above, there are 17107 binary packages that are part of
a source package dependency closure.
Then, for each of these binary packages, we calculate the source
packages in its reverse dependencies in two ways. First, with a nearly
unmodified (only sorting was added to allow easy comparison) build-rdeps
script and then secondly with the build-rdeps script with dose-ceve
support (patch attached).
The result is that:
- 6390 (37%) binary packages have the same reverse build dependencies
- 10717 (63%) binary packages have differing reverse build dependencies
If we indeed assume that dose3 can serve as a ground truth, then we can
conclude that build-rdeps calculates wrong reverse build dependencies
for 63% of all binary packages that it makes sense to ask this question.
This is my justification for making this patch of important severity.
To fix this problem I propose the attached patch.
If dose-ceve is installed (and new enough) then build-rdeps will use it
to calculate the reverse build dependencies of a binary packages. If
dose-ceve is not installed (or too old) then it will warn that it will
use the old unreliable behavior instead.
If dose-ceve is installed (and new enough) then the old behaviour can be
forced with the --without-ceve command line argument.
Additionally, the command line options --host-arch and --build-arch can
be used to set host and build architecture for resolving cross build
reverse build dependencies. This is possible because dose-ceve
understands multiarch.
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-scripts-build-rdeps.pl-add-dose-ceve-support.patch
Type: text/x-diff
Size: 11483 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20150903/84f80a08/attachment.patch>
More information about the devscripts-devel
mailing list