This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=dd406dc36649bacf646c51735214b9b21a82b5ae commit dd406dc36649bacf646c51735214b9b21a82b5ae Author: Guillem Jover <[email protected]> AuthorDate: Sun Dec 2 03:35:49 2018 +0100 Dpkg::Vendor::Debian: Add support for merged-usr-via-symlinks tainted tag This will detect whether the system we are building on contains the problematic /usr merged via symlinks deployment method. Suggested-by: Alexander E. Patrakov <[email protected]> --- debian/changelog | 3 +++ man/deb-buildinfo.man | 11 +++++++++++ scripts/Dpkg/Vendor/Debian.pm | 10 ++++++++++ 3 files changed, 24 insertions(+) diff --git a/debian/changelog b/debian/changelog index 58a306652..a57bd3438 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,6 +25,9 @@ dpkg (1.19.5) UNRELEASED; urgency=medium -maxdepth 1. Thanks to Ralf Treinen <[email protected]>. Closes: #922799 * dpkg-genbuildinfo: Add support for a new Build-Tainted-By field in .buildinfo files. Suggested by Alexander E. Patrakov <[email protected]>. + * Perl modules: + - Dpkg::Vendor::Debian: Add support for merged-usr-via-symlinks tainted + tag. Suggested by Alexander E. Patrakov <[email protected]>. * Documentation: - start-stop-daemon(1): Document behavior of --pidfile security checks. Closes: #921557 diff --git a/man/deb-buildinfo.man b/man/deb-buildinfo.man index 1a1ddc7d1..fe276bef2 100644 --- a/man/deb-buildinfo.man +++ b/man/deb-buildinfo.man @@ -158,6 +158,17 @@ current build has been tainted (since dpkg 1.19.5). .IP On Debian and derivatives the following reason tags can be emitted: .RS +.TP +.B merged\-usr\-via\-symlinks +The system has a merged \fI/usr\fP via symlinks. +This will confuse \fBdpkg\-query\fP, \fBdpkg\-statoverride\fP, +\fBdpkg\-trigger\fP, \fBupdate\-alternatives\fP and any other tool using +pathnames as keys into their databases, as it creates filesystem aliasing +problems, and messes with the understanding of the filesystem that +\fBdpkg\fP has recorded in its database. +For build systems that hardcode pathnames to specific binaries or libraries +on the resulting artifacts, it can also produce packages that will be +incompatible with non-/usr-merged filesystems. .RE .TP .BR Installed\-Build\-Depends: " (required)" diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm index 7b5244042..6948bdc16 100644 --- a/scripts/Dpkg/Vendor/Debian.pm +++ b/scripts/Dpkg/Vendor/Debian.pm @@ -445,6 +445,16 @@ sub _build_tainted_by { my $self = shift; my %tainted; + foreach my $pathname (qw(/bin /sbin /lib /lib32 /libo32 /libx32 /lib64)) { + next unless -l $pathname; + + my $linkname = readlink $pathname; + if ($linkname eq "usr$pathname") { + $tainted{'merged-usr-via-symlinks'} = 1; + last; + } + } + my @tainted = sort keys %tainted; return @tainted; } -- Dpkg.Org's dpkg
