On Wed, 2023-11-29 at 00:38 +0900, Masahiro Yamada wrote: > In 2017, the dpkg suite introduced the rootless builds support with the > following commits: > > - 2436807c87b0 ("dpkg-deb: Add support for rootless builds") > - fca1bfe84068 ("dpkg-buildpackage: Add support for rootless builds") > > This feature is available in the default dpkg on Debian 10 and Ubuntu > 20.04. > > Remove the old method. This seems reasonable. > Additionally, export DEB_RULES_REQUIRES_ROOT=no in case debian/rules is > invoked without dpkg-buildpackage. This change aligns with the Debian > kernel commit 65206e29f378 ("Allow to run d/rules.real without root"). The Debian linux package has multiple makefiles used recursively (rather than included). The referenced commit is kind of a hack to make rootless builds of a subset of binary packages work when invoking one of the lower-level makefiles directly. It works because the package runs dh_builddeb, which checks DEB_RULES_REQUIRES_ROOT. But setting DEB_RULES_REQUIRES_ROOT has absolutely zero effect on dpkg-deb or other low-level tools. > While the upstream kernel currently does not run dh_testroot, it may > be useful in the future. We can do one of: 1. Ignore DEB_RULES_REQUIRES_ROOT, assume that dpkg-deb supports --root-owner-group and use it unconditionally (your v1). 2. Check DEB_RULES_REQUIRES_ROOT, do either fakeroot and chown or dpkg-deb --root-owner-group (current behaviour), and maybe also do the equivalent of dh_testroot. 3. Delegate this to dh_builddeb. Since we use dh_listpackages now, debhelper is already required and this would make things a lot simpler. But the combination of changes in v2 does not make sense to me. Ben. > Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx> > --- > > Changes in v2: > - add DEB_RULES_REQUIRES_ROOT=no to debian/rules > > scripts/Makefile.package | 4 +--- > scripts/package/builddeb | 8 +------- > scripts/package/debian/rules | 2 ++ > 3 files changed, 4 insertions(+), 10 deletions(-) > > diff --git a/scripts/Makefile.package b/scripts/Makefile.package > index 0c3adc48dfe8..a81dfb1f5181 100644 > --- a/scripts/Makefile.package > +++ b/scripts/Makefile.package > @@ -109,8 +109,6 @@ debian-orig: linux.tar$(debian-orig-suffix) debian > cp $< ../$(orig-name); \ > fi > > -KBUILD_PKG_ROOTCMD ?= 'fakeroot -u' > - > PHONY += deb-pkg srcdeb-pkg bindeb-pkg > > deb-pkg: private build-type := source,binary > @@ -125,7 +123,7 @@ deb-pkg srcdeb-pkg bindeb-pkg: > $(if $(findstring source, $(build-type)), \ > --unsigned-source --compression=$(KDEB_SOURCE_COMPRESS)) \ > $(if $(findstring binary, $(build-type)), \ > - -R'$(MAKE) -f debian/rules' -j1 -r$(KBUILD_PKG_ROOTCMD) -a$$(cat debian/arch), \ > + -R'$(MAKE) -f debian/rules' -j1 -a$$(cat debian/arch), \ > --no-check-builddeps) \ > $(DPKG_FLAGS)) > > diff --git a/scripts/package/builddeb b/scripts/package/builddeb > index d7dd0d04c70c..2fe51e6919da 100755 > --- a/scripts/package/builddeb > +++ b/scripts/package/builddeb > @@ -36,19 +36,13 @@ create_package() { > sh -c "cd '$pdir'; find . -type f ! -path './DEBIAN/*' -printf '%P\0' \ > | xargs -r0 md5sum > DEBIAN/md5sums" > > - # Fix ownership and permissions > - if [ "$DEB_RULES_REQUIRES_ROOT" = "no" ]; then > - dpkg_deb_opts="--root-owner-group" > - else > - chown -R root:root "$pdir" > - fi > # a+rX in case we are in a restrictive umask environment like 0077 > # ug-s in case we build in a setuid/setgid directory > chmod -R go-w,a+rX,ug-s "$pdir" > > # Create the package > dpkg-gencontrol -p$pname -P"$pdir" > - dpkg-deb $dpkg_deb_opts ${KDEB_COMPRESS:+-Z$KDEB_COMPRESS} --build "$pdir" .. > + dpkg-deb --root-owner-group ${KDEB_COMPRESS:+-Z$KDEB_COMPRESS} --build "$pdir" .. > } > > install_linux_image () { > diff --git a/scripts/package/debian/rules b/scripts/package/debian/rules > index 3dafa9496c63..f23d97087948 100755 > --- a/scripts/package/debian/rules > +++ b/scripts/package/debian/rules > @@ -5,6 +5,8 @@ include debian/rules.vars > > srctree ?= . > > +export DEB_RULES_REQUIRES_ROOT := no > + > ifneq (,$(filter-out parallel=1,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))) > NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) > MAKEFLAGS += -j$(NUMJOBS) -- Ben Hutchings For every complex problem there is a solution that is simple, neat, and wrong.
Attachment:
signature.asc
Description: This is a digitally signed message part