Your message dated Sun, 23 Dec 2018 10:49:07 +0000 with message-id <[email protected]> and subject line Bug#845715: fixed in debian-policy 4.3.0.0 has caused the Debian Bug report #845715, regarding debian-policy: Please document that packages are not allowed to write outside their source directories to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 845715: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845715 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: debian-policy Severity: wishlist Tags: patch Hi, source packages are forced to not write into $HOME by sbuild and pbuilder, so any package attempting to do so currently FTBFS. It would be nice to have this requirement be documented in policy. I propose the following patch: diff --git a/policy.sgml b/policy.sgml index 9cd182b..42efd18 100644 --- a/policy.sgml +++ b/policy.sgml @@ -1944,6 +1944,16 @@ zope. For packages in the main archive, no required targets may attempt network access. </p> + <p> + None of the required targets must attempt to write outside of the + source package package directory tree. An exception to this rule is + the use of <file>/tmp</file> which is permitted as long as temporary + files are deleted and not re-used by subsequent execution of the + target. This is to prevent that source package builds create and + depend on state from the outside and thus affect multiple independent + rebuilds. Most notably, none of the required targets must attempt to + write into <file>$HOME</file>. + </p> <p> The targets are as follows: Thoughts? Thanks! cheers, josch
--- End Message ---
--- Begin Message ---Source: debian-policy Source-Version: 4.3.0.0 We believe that the bug you reported is fixed in the latest version of debian-policy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sean Whitton <[email protected]> (supplier of updated debian-policy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Dec 2018 10:17:55 +0000 Source: debian-policy Binary: debian-policy debian-policy-ja Architecture: source Version: 4.3.0.0 Distribution: unstable Urgency: medium Maintainer: Debian Policy Editors <[email protected]> Changed-By: Sean Whitton <[email protected]> Description: debian-policy - Debian Policy Manual and related documents debian-policy-ja - Debian Policy Manual and related documents (Japanese) Closes: 188731 833401 845715 850156 912581 914383 Changes: debian-policy (4.3.0.0) unstable; urgency=medium . * Policy: Update recommendations for stripping binaries and shlibs Wording: Sean Whitton <[email protected]> Seconded: Russ Allbery <[email protected]> Seconded: Niels Thykier <[email protected]> Closes: #188731 * Policy: Slightly relax when copyright information need be included verbatim Wording: Sean Whitton <[email protected]> Seconded: Holger Levsen <[email protected]> Seconded: Russ Allbery <[email protected]> Closes: #912581 * Policy: Required targets must not write outside of the source package tree Wording: Johannes Schauer <[email protected]> Wording: Bill Allombert <[email protected]> Seconded: Niels Thykier <[email protected]> Seconded: Holger Levsen <[email protected]> Closes: #845715 * Policy: Packages should not contain a non-default series file Wording: Sean Whitton <[email protected]> Seconded: Russ Allbery <[email protected]> Seconded: gregor herrmann <[email protected]> Closes: #850156 * virtual-package-names-list: Add dbus-session-bus, default-dbus-session-bus Wording: Sean Whitton <[email protected]> Seconded: Simon McVittie <[email protected]> Seconded: gregor herrmann <[email protected]> Closes: #833401 * In a preexisting footnote, recommend passing -D to strip(1) when stripping static libraries. Thanks to Niels Thykier for the suggestion. * Add references to 'next' branch in README.md. * Convert virtual-package-names-list to YAML (Closes: #914383). Thanks to Jonathan Dowland for the patch. * Append missing '.git' to Vcs-Git. Checksums-Sha1: 32d96d73dca550d5cf0babc5b77308764de35d9a 2023 debian-policy_4.3.0.0.dsc 836885a7a30c7e61859bb4aae6aaca1fa7572ddc 531404 debian-policy_4.3.0.0.tar.xz Checksums-Sha256: eb8b979248d8d29e4aec266e3e7abd0241c4a952126b1ea8a8cfb33f60435523 2023 debian-policy_4.3.0.0.dsc 48d9001a15656fa5a16489c3103e24f77e7a57af7aa4cfdd0f413ee3a16597c7 531404 debian-policy_4.3.0.0.tar.xz Files: 97e6a98aa4092a1c1550ef0bf6bcc0ca 2023 doc optional debian-policy_4.3.0.0.dsc f78e87cf7eb7b1def1f42004a8279030 531404 doc optional debian-policy_4.3.0.0.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAlwfYU0ACgkQaVt65L8G YkD/qhAAtgMj7BOZOSB+jYjTcNgssuk4w3LH+8L2ATAPNlY/y6BH/YPIqIcio8MV IXSn7ldU4rs7Ltz/g16aRCK7zBfA9fBDr/H/OsIaDmTNMtXKlJM0N9uczHVH4atk bt88IcG/p6mGrf02IY4VRxgFMhRZtT5MlBY29rTit1e9vJizZCsd5bwyxZVKfnrb BPuNuRkfzBR2PYQBrOf1R+9XvatqfZg1BveiRf1vaDpXxCpTOKWntKoxtwvhoN7N OoNySzwTDeqvLJfO6CpkoNXqt0sFGjVs3DZxko0s206OqdV2szUXJXZxrEzYFQUO yLzQ4jocG1qsGZHnkfLwOTQEPlXS0dVyGPZDX2FOYojpkwytsaVOyY5CduWBUyu2 yLUAxx1+Fkz4PHwtPzUfG+7/32Jq7ufJzgTmCdEmAkfYpN4sEhKMk9xrYfBfgkVS YXDbCDDH4ENOZSgRG5RaHngxZ0/fM9yzPX+EZRsoWVGrlzeBck9EXzi2ERO1ncsx MmIN5QUplsk5QXM7KkHj58v0BkrFSExsmJ7D9XMeqGDUOomiyBmGohwtahBjKtcq QLOHlaccT/2n9KtwdUvqMTza/AKUszx9c6rFXMztffvnHfsLMgKWfU8RmpkwdvEv I5PkxQzttUBCE0Xbvso4h4CXP+IdajASb+k+igMgqoO0Y/a90rI= =fZNl -----END PGP SIGNATURE-----
--- End Message ---
