Bug#914425: pbuilder create should pass --no-merged-usr (and/or --variant=buildd) to debootstrap

Fri, 23 Nov 2018 02:57:54 -0800 

On Fri, Nov 23, 2018 at 10:15:57AM +0000, Simon McVittie wrote:
> pbuilder currently creates a merged- or non-merged-/usr chroot according
> to debootstrap's defaults. This can result in packages being built in a
> way that means they will only work on merged-/usr systems (for example
> hard-coding paths like /usr/bin/sh or /bin/apt). I think that's a bug
> in those packages, but as a pragmatic mitigation for that class of bug,
> I think build tools like pbuilder should use an unmerged-/usr chroot for
> the build. I've already had patches accepted into sbuild-createchroot[1]
> (#913228) and the Debian sysadmin team's setup-dchroot script[2] (#913229)
> to make them use debootstrap --no-merged-usr; please do something similar
> in pbuilder.

I dislike such pragmatic solution btw.  So I'm way more reluctanct to
apply such change than the sbuild's maintainer is.

> pbuilder currently creates a default debootstrap and then installs
> build-essential into it afterwards. Given its purpose, it might be better
> to use debootstrap --variant=buildd, which is what sbuild-createchroot
> and the official buildds use? The difference is that --variant=buildd
> includes apt and build-essential, but does not include Priority: important
> packages like adduser, iptables, kmod and logrotate (which I don't think
> a minimal pbuilder root should really have anyway).

--variant=buildd is used, it's the default set of options passed to
debootstrap, see the default pbuilderrc.
dpkg-dev and build-essential are installed later, because when that code
was written the --variant option of debootstrap didn't exist yet.  And
nowadays I'm keeping it because since DEBBOTSTRAPOPTS is totally
overridable by the user I wouldn't want them to accidentally create a
chroot without those base tools…

> The reason I mention --variant=buildd on this bug report is that I've
> also had a patch[3] accepted for the next debootstrap release that changes
> the defaults so that --variant=buildd defaults to unmerged /usr, even in
> suites like stretch that would normally default to merged /usr. However,
> pbuilder won't benefit from this if it doesn't use --variant=buildd.

It does.  I still don't find such pragmatic solutions that great, but
I'll rather consider that debootstrap change enough for pbuilder as
well, without any further change here.

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

Attachment: signature.asc
Description: PGP signature

Reply via email to