Source: virt-p2v Version: 1.42.0-2 Severity: important Tags: patch bookworm sid User: [email protected] Usertags: usrmerge X-Debbugs-Cc: [email protected]
If virt-p2v is built on a merged-/usr system (as created by new installations of Debian >= 10, debootstrap --merged-usr, or installing the usrmerge package into an existing installation), the path to sed is recorded in the binary package as /usr/bin/sed, rather than the canonical /bin/sed. This can be seen on the reproducible-builds.org infra: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/virt-p2v.html If you have sbuild available, an easy way to reproduce this is to build twice, once with --add-depends=usrmerge and once without. I suspect the same thing would happen if virt-p2v was built on a system where /bin and /usr/bin had instead been unified via a symlink farm. The problematic situation is if the package is *built* on a unified-/usr system, but *used* on a non-unified-/usr system. In this situation, /usr/bin/sed exists on the build system but not on the system where virt-p2v will be used, resulting in the features that use this executable not working correctly. Technical Committee resolution #978636 mandates heading towards a transition to merged-/usr, and this will become a non-issue at the end of that transition; but variation between merged-/usr and non-merged-/usr builds is a problem while that transition is taking place, because it can lead to partial upgrades behaving incorrectly. It is likely that this class of bugs will become release-critical later in the bookworm development cycle. The attached patch resolves this: with it applied, the package builds identically with and without --add-depends=usrmerge. Some developers advocate unifying /bin with /usr/bin via a symlink farm in /bin instead of merged-/usr, but that strategy would have a similar practical effect on this particular package, and the same solution would be required. A side benefit of fixing this is that this change seems likely to be sufficient to make the package reproducible (as recommended by Policy ยง4.15). smcv
>From 9684a143bf4b2e06356d545addca14db8314cbaf Mon Sep 17 00:00:00 2001 From: Simon McVittie <[email protected]> Date: Mon, 23 Aug 2021 11:27:03 +0100 Subject: [PATCH] d/rules: Specify canonical path to sed When virt-p2v is built on a system where both /usr/bin/sed and /bin/sed exist (either merged-/usr or via a symlink farm), this results in storing /usr/bin/sed in the installed scripts, which will not work as intended on systems where only the traditional path /bin/sed exists. Signed-off-by: Simon McVittie <[email protected]> --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 374f55f..45af429 100755 --- a/debian/rules +++ b/debian/rules @@ -4,7 +4,7 @@ dh $@ override_dh_auto_configure: - dh_auto_configure -- --disable-gnulib-tests + dh_auto_configure -- --disable-gnulib-tests SED=/bin/sed # Tests involve downloading a compressed Fedora image, so skip them. override_dh_auto_test: -- 2.33.0
