Package: pbuilder
Version: 0.231.1
Severity: wishlist
Tags: patch
Dear Maintainer,
A long-standing limitation of pbuilder has been an inability to build on
configurations where BUILDPLACE resides on a volume mounted with the
nodev option. This is a common hardening feature added to /var (among
others), and is a bit of a hindrance when using pbuilder.
Previously, this was blocked by debootstrap also not supporting nodev
volumes, but debootstrap has recently (2023) added support for
bindmounting if direct device creation is not possible. See
https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/109
for more details.
I have experimented a little and it appears that nodev can now be
supported with a fairly minimal set of changes to pbuilder. It does
require the use of USEDEVFS=yes, but that should be a simple ask for
people with nodev-mounted volumes.
I'm attaching a patch with my experimental changes that can serve as a
basis for inclusion into pbuilder if desired. I haven't fully tested it
in all configurations, but it does work without any trouble on my Debian
13 installation.
-- System Information:
Debian Release: 13.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.90+deb13.1-amd64 (SMP w/6 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pbuilder depends on:
ii debconf [debconf-2.0] 1.5.91
ii debootstrap 1.0.141
ii dpkg-dev 1.22.22
ii mount 2.41-5
Versions of packages pbuilder recommends:
ii devscripts 2.25.15+deb13u1
pn eatmydata <none>
ii fakeroot 1.37.1.1-1
ii iproute2 6.15.0-1
ii sudo 1.9.16p2-3+deb13u2
Versions of packages pbuilder suggests:
ii cowdancer 0.90
pn gdebi-core <none>
-- debconf-show failed
--- pbuilder-modules.bak 2026-06-24 13:14:08.183994332 +0000
+++ pbuilder-modules 2026-06-24 14:15:01.595940111 +0000
@@ -305,7 +305,7 @@
if [ "$USESHM" = "yes" ]; then
if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ]; then
umount_one "run/shm"
- elif [ "$DEB_BUILD_ARCH_OS" != "hurd" ]; then
+ elif [ "$DEB_BUILD_ARCH_OS" != "hurd" ] && [ "$USEDEVFS" != "yes" ];
then
umount_one "dev/shm"
fi
fi
@@ -366,7 +366,11 @@
if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ] || [ "$USEDEVFS" = "yes" ]; then
log.i "mounting /dev filesystem"
mkdir -p "$BUILDPLACE/dev" || true
- mount -t devfs /dev "$BUILDPLACE/dev"
+ if [ "$DEB_BUILD_ARCH_OS" = "linux" ]; then
+ mount -t devtmpfs devtmpfs "$BUILDPLACE/dev"
+ else
+ mount -t devfs /dev "$BUILDPLACE/dev"
+ fi
mounted[${#mounted[@]}]="$BUILDPLACE/dev"
if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ]; then
log.i "applying devfs rules"
@@ -395,27 +399,33 @@
mounted[${#mounted[@]}]="$BUILDPLACE/sys"
fi
if [ "$USESHM" = "yes" ]; then
- log.i "creating /{dev,run}/shm"
- if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ]; then
- primary_shm="run/shm"
- secondary_shm="dev/shm"
+ if [ "$DEB_BUILD_ARCH_OS" = "linux" ] && [ "$USEDEVFS" = "yes" ]; then
+ log.i "linking /run/shm"
+ ln -sf "/dev/shm" "$BUILDPLACE/run/shm"
else
- primary_shm="dev/shm"
- secondary_shm="run/shm"
- # old releases might not have /run. We create it nonetheless,
can't harm
- mkdir -p "$BUILDPLACE/run"
- fi
- rm -df "$BUILDPLACE/$primary_shm" "$BUILDPLACE/$secondary_shm"
- mkdir -p "$BUILDPLACE/$primary_shm"
- chmod 1777 "$BUILDPLACE/$primary_shm"
- ln -s "/$primary_shm" "$BUILDPLACE/$secondary_shm"
- # /dev gets bind-mounted on hurd. In theory this is before that, but
- # debootstrap will already have mounted it during chroot creation.
- # This seems to cause /hurd/tmpfs to crash, but we can just use the
- # host's /dev/shm.
- if [ "$DEB_BUILD_ARCH_OS" != "hurd" ]; then
- mount -t tmpfs tmpfs "$BUILDPLACE/$primary_shm"
- mounted[${#mounted[@]}]="$BUILDPLACE/$primary_shm"
+ log.i "creating /{dev,run}/shm"
+ if [ "$DEB_BUILD_ARCH_OS" = "kfreebsd" ]; then
+ primary_shm="run/shm"
+ secondary_shm="dev/shm"
+ else
+ primary_shm="dev/shm"
+ secondary_shm="run/shm"
+ # old releases might not have /run. We create it nonetheless,
can't harm
+ mkdir -p "$BUILDPLACE/run"
+ fi
+
+ rm -df "$BUILDPLACE/$primary_shm" "$BUILDPLACE/$secondary_shm"
+ mkdir -p "$BUILDPLACE/$primary_shm"
+ chmod 1777 "$BUILDPLACE/$primary_shm"
+ ln -s "/$primary_shm" "$BUILDPLACE/$secondary_shm"
+ # /dev gets bind-mounted on hurd. In theory this is before that,
but
+ # debootstrap will already have mounted it during chroot creation.
+ # This seems to cause /hurd/tmpfs to crash, but we can just use the
+ # host's /dev/shm.
+ if [ "$DEB_BUILD_ARCH_OS" != "hurd" ]; then
+ mount -t tmpfs tmpfs "$BUILDPLACE/$primary_shm"
+ mounted[${#mounted[@]}]="$BUILDPLACE/$primary_shm"
+ fi
fi
fi
if [ "$DEB_BUILD_ARCH_OS" = "linux" ] && [ "$USEDEVPTS" = "yes" ]; then
@@ -448,10 +458,10 @@
# bind-mount it onto /dev/console.
if CURRENT_TTY="$(tty)"; then
# We need /dev/console to exist to be able to bind-mount onto it.
- # Might as well make the proper device node rather than a file.
if [ ! -e "$BUILDPLACE/dev/console" ]; then
log.i "creating /dev/console"
- mknod -m 600 "$BUILDPLACE/dev/console" c 5 1
+ touch "$BUILDPLACE/dev/console"
+ chmod 600 "$BUILDPLACE/dev/console"
fi
log.i "mounting $CURRENT_TTY over /dev/console"
mount --bind "$CURRENT_TTY" "$BUILDPLACE/dev/console"