Source: nbdkit Version: 1.26.5-1 Severity: important Tags: patch bookworm sid User: [email protected] Usertags: usrmerge X-Debbugs-Cc: [email protected]
If nbdkit is built on a merged-/usr system (as created by new installations of Debian >= 10, debootstrap --merged-usr, or installing the usrmerge package into an existing installation), the path to bash is recorded in the binary as /usr/bin/bash. This can be seen on the reproducible-builds.org infra: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/nbdkit.html (search for "/sbin/mke2fs" to see the difference I'm concerned about). If you have sbuild available, an easy way to reproduce this is to build twice, once with --add-depends-arch=usrmerge and once without. The problematic situation is if the package is *built* on a merged-/usr system, but *used* on a non-merged-/usr system. In this situation, /usr/sbin/mke2fs exists on the build system but not on the system where sharutils will be used, resulting in the feature that uses mke2fs not being available. Technical Committee resolution #978636 mandates heading towards a transition to merged-/usr, and this will become a non-issue at the end of that transition; but variation between merged-/usr and non-merged-/usr builds is a problem while that transition is taking place, because it can lead to partial upgrades behaving incorrectly. It is likely that this class of bugs will become release-critical later in the bookworm development cycle. Some Debian developers advocate that instead of merged-/usr, we should use a different strategy where /sbin becomes a "symlink farm" with individual symlinks such as /sbin/mke2fs-> /usr/sbin/mke2fs. If that route is taken instead of merged-/usr, then resolving bugs like this one will be equally important as part of that transition, because it shares the property that both /sbin/mke2fs and /usr/bin/mke2fs exist after the transition, but only /sbin/mke2fs exists on untransitioned systems. The attached patch resolves this: with it applied, the package builds identically with and without --add-depends-arch=usrmerge, other than an unrelated unreproducibility where CFLAGS that include the build path are compiled into another part of the package. A side benefit of fixing this is that this change is a step towards making the package reproducible (as recommended by Policy §4.15). smcv
>From 9a8a96ec7531b72f5efb644dc2290909e5621857 Mon Sep 17 00:00:00 2001 From: Simon McVittie <[email protected]> Date: Sun, 22 Aug 2021 13:56:21 +0100 Subject: [PATCH] d/rules: Specify canonical path to mke2fs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If nbdkit is built on a merged-/usr system where both /usr/sbin/mke2fs and /sbin/mke2fs exist, it will hard-code the former into its executable, resulting in an binary package that will not work correctly when used on non-merged-/usr systems. Forcing the canonical path will make it work on any combination of merged-/usr and non-merged-/usr build and runtime systems. Alternatively, if mke2fs is moved to /usr/sbin with a compatibility symlink /sbin/mke2fs -> /usr/sbin/mke2fs as part of a "symlink farm" strategy, nbdkit would record the /usr/sbin/mke2fs path, resulting in binaries that would not interoperate with a version of mke2fs that has not undergone that transition. This also brings nbdkit closer to a reproducible build (Policy §4.15). Signed-off-by: Simon McVittie <[email protected]> --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 46cac2e..cc4497e 100755 --- a/debian/rules +++ b/debian/rules @@ -9,7 +9,7 @@ include /usr/share/dpkg/architecture.mk dh $@ --with autoreconf override_dh_auto_configure: - dh_auto_configure -- --disable-vddk --sbindir=/usr/bin + dh_auto_configure -- --disable-vddk --sbindir=/usr/bin MKE2FS=/sbin/mke2fs # Workaround for unreliable changes in qemu behavior on the # autobuilders, e.g.: -- 2.33.0
