Hello, On Fri 09 Nov 2018 at 09:46PM GMT, Niels Thykier wrote:
> I suspect we are missing an exception allowing the binary targets to > write the produced binaries in the parent directory of the unpacked > source tree. > Otherwise pretty much all packages violate the policy when they > generate the actual .debs/.udebs. :) Heh. You're right. Here is a new version of the patch, fixing this problem. I am not sure that it is meaningful to require that this change be seconded, but out of (possibly too much) respect for process, seeking seconds (and CCing those who have already seconded in the hope they'll renew their seconds): diff --git a/policy/ch-source.rst b/policy/ch-source.rst index dc80243..3c6c9d5 100644 --- a/policy/ch-source.rst +++ b/policy/ch-source.rst @@ -291,6 +291,20 @@ For packages in the main archive, no required targets may attempt network access, except, via the loopback interface, to services on the build host that have been started by the build. +Required targets must not attempt to write outside of the unpacked +source package tree. There are two exceptions. Firstly, the binary +targets may write the binary packages to the parent directory of the +unpacked source package tree. Secondly, required targets may write to +the directory specified by the ``TMPDIR`` environment variable (or +``/tmp`` if that is not set), provided that files created in that +directory are deleted before the target completes and are not reused +by subsequent executions of the target. + +This restriction is intended to prevent source package builds creating +and depending on state outside of themselves, thus affecting multiple +independent rebuilds. In particular, the required targets must not +attempt to write into ``HOME``. + The targets are as follows: ``build`` (required) -- Sean Whitton
signature.asc
Description: PGP signature
