Christoph Biedl: > Package: debhelper > Version: 12.1.1 > Severity: normal > > Hello Niels (and whoever else is in the party), > > [...]> > A feasible solution was if debhelper would call file with an additional > --no-sandbox option to disable seccomp support - but this would break > debhelper on all archs where that support is not available or if the > version of file is too old. For the first problem however there is a > change coming: file upstream accepted my patch to make file's > --no-sandbox option a no-op if there's no seccomp support. > > > [...] > > * If insted a new debhelper version takes precedence, *many* builds > using debhelper will break as well - either from seccomp in file, or > from an unsatisfyable versioned debhelper dependency on like > "file (>= 1:5.37-2)" which of course you should declare. > > So options: > > * Take the risk: We coordinate the uploads so they will land - fingers > crossed - unstable in the same dak run. > > * Two-step approach: First, I'd upload a transitional version of file > *without* seccomp support. It will understands --no-sandbox though so > you can upload a new debhelper version afterwards. Eventually I'll > upload another version file with seccomp *en*abled. > > While the second option is more complex, I admit it's the saner way and > we should do that - unless you provide better ideas. > > Opinions? Do you plan uploading a new debhelper in the next days? > > Kind regards, > Christoph >
Hi, I am going with a third option, which is to have debhelper check for "--no-sandbox" in the --help output of file(1). It has the distinct advance of being easier to backport to buster-backports. Obviously, being able to always pass --no-sandbox is greatly appreciated, as it will simplify some code for me later (when I no longer need to support buster/buster-backports). Back to the matter of the upload order: * debhelper/12.2 goes before file with seccomp enabled. * The first version of file with seccomp enabled ideally breaks "debhelper (<< 12.2~)" to ensure upgrade order. As for when it will be in unstable: Not sure, I am still reviewing the bug list and how many spoons I have available for working with debhelper. Thanks, ~Niels
