Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock X-Debbugs-Cc: [email protected]
Hi, as announced in https://lists.debian.org/debian-devel/2014/11/msg00216.html I'd like to move File::Temp and its dependencies into perl-base. The init-system-helpers package currently depends on perl, see #757891. This is not desirable: an increasing number of daemon packages including some in the base system (like rsyslog) depend on init-system-helpers, so the base system now pulls in perl and perl-modules. This grows the size of the base system in jessie by ~30MB, which can be considered a regression from wheezy. Even worse, since util-linux recently gained a dependency on init-system-helpers, the Essential:yes packages now pull in perl, increasing the size of even minimal chroots. IMO at least this should be a release critical bug somewhere but it's not quite clear to me where. I see the util-linux change may still get reverted (#768315), but even if that happens, I think fixing the base system growth too would be good for jessie. While I wasn't initially keen on growing perl-base, I've since been convinced otherwise in the case of File::Temp: secure creation of temporary files is a non-trivial commonly occurring task that deserves to be in the Essential set, and using /usr/bin/mktemp from perl programs is quite unwieldy. As it happens, File::Temp pulls in the other modules needed by init-system-helpers too, so any controversy around #757891 is hopefully solved with this. I'm sorry that this comes so late, but I think it is the right way forward and enables fixing a regression from wheezy. I hope you agree. Proposed debdiff attached (modulo UNRELEASED). I'm also attaching the corresponding git patch for your convenience as that's a bit more readable. It's pushed at http://anonscm.debian.org/cgit/perl/perl.git/commit/?h=ntyni/moving-file-temp The changes are quite straightforward (but eyeballs are certainly welcome), except perhaps the added dependency from perl-modules to perl-base. This is required to make sure partial upgrades can't result in a system missing File::Temp et al. Please let me know if you'd be OK with this, and many thanks for your work, -- Niko Tyni [email protected]
diff -Nru perl-5.20.1/debian/changelog perl-5.20.1/debian/changelog --- perl-5.20.1/debian/changelog 2014-10-20 00:03:01.000000000 +0300 +++ perl-5.20.1/debian/changelog 2014-11-15 18:27:05.000000000 +0200 @@ -1,3 +1,11 @@ +perl (5.20.1-3) UNRELEASED; urgency=medium + + * Move File::Temp and its dependencies (File::Path, File::Basename, + and parent) to perl-base. + See https://lists.debian.org/debian-devel/2014/11/msg00216.html + + -- Niko Tyni <[email protected]> Sun, 09 Nov 2014 22:18:48 +0200 + perl (5.20.1-2) unstable; urgency=medium * Fix IO::Uncompress::Gunzip gunzip to in-memory file handle diff -Nru perl-5.20.1/debian/control perl-5.20.1/debian/control --- perl-5.20.1/debian/control 2014-10-04 00:23:43.000000000 +0300 +++ perl-5.20.1/debian/control 2014-11-15 16:37:22.000000000 +0200 @@ -32,16 +32,22 @@ libanyevent-perl (<< 7.070-2), libjcode-perl (<< 2.13-3), libgtk2-perl-doc (<< 2:1.2491-4), + libfile-temp-perl (<< 0.2304), + libfile-path-perl (<< 2.09), libscalar-list-utils-perl (<< 1:1.38) -Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.10.1-1), libperl5.8 (<< 5.8.0-20), +Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.20.1-3), libperl5.8 (<< 5.8.0-20), libscalar-list-utils-perl, libxsloader-perl, libsocket-perl, + libfile-temp-perl, + libfile-path-perl, libio-socket-ip-perl, Provides: perl5-base, ${perlapi:Provides}, libscalar-list-utils-perl, libxsloader-perl, libsocket-perl, + libfile-temp-perl, + libfile-path-perl, libio-socket-ip-perl, Suggests: perl Description: minimal Perl system @@ -102,7 +108,7 @@ Priority: standard Architecture: all Multi-Arch: foreign -Depends: perl (>= ${Upstream-Version}-1) +Depends: perl (>= ${Upstream-Version}-1), perl-base (>= 5.20.1-3) Recommends: libarchive-extract-perl, libmodule-pluggable-perl, libpod-latex-perl, @@ -122,7 +128,6 @@ mono-gac (<< 2.10.8.1-3) Breaks: libpod-parser-perl (<< 1.62), libansicolor-perl (<< 4.02), - libfile-temp-perl (<< 0.2304), libnet-perl (<= 1:1.22), libattribute-handlers-perl (<< 0.96), libcgi-pm-perl (<< 3.65), @@ -165,13 +170,11 @@ libdigest-perl (<< 1.17), libextutils-install-perl (<< 1.67), libhttp-tiny-perl (<< 0.043), - libfile-path-perl (<< 2.09), libcpan-meta-requirements-perl (<< 2.125), libexperimental-perl (<< 0.007), libpackage-constants-perl (<< 0.04), Replaces: libpod-parser-perl, libansicolor-perl, - libfile-temp-perl, libnet-perl, libattribute-handlers-perl, libcgi-pm-perl, @@ -214,13 +217,11 @@ libdigest-perl, libextutils-install-perl, libhttp-tiny-perl, - libfile-path-perl, libcpan-meta-requirements-perl, libexperimental-perl, libpackage-constants-perl, Provides: libpod-parser-perl, libansicolor-perl, - libfile-temp-perl, libnet-perl, libattribute-handlers-perl, libi18n-langtags-perl, @@ -261,7 +262,6 @@ libdigest-perl, libextutils-install-perl, libhttp-tiny-perl, - libfile-path-perl, libcpan-meta-requirements-perl, libexperimental-perl, Description: Core Perl modules diff -Nru perl-5.20.1/debian/perl-base.files perl-5.20.1/debian/perl-base.files --- perl-5.20.1/debian/perl-base.files 2014-10-04 00:23:43.000000000 +0300 +++ perl-5.20.1/debian/perl-base.files 2014-11-15 15:38:36.000000000 +0200 @@ -72,3 +72,7 @@ usr/**/perl/*/warnings.pm usr/**/perl/*/warnings/register.pm usr/**/perl/*/feature.pm +usr/**/perl/*/File/Temp.pm +usr/**/perl/*/File/Path.pm +usr/**/perl/*/File/Basename.pm +usr/**/perl/*/parent.pm
>From e32cfcbcd5d12f4cf1cab351ebaf81b5e657d82d Mon Sep 17 00:00:00 2001 From: Niko Tyni <[email protected]> Date: Sun, 9 Nov 2014 22:15:03 +0200 Subject: [PATCH] Move File::Temp, File::Path and File::Basename to perl-base The module primarily being moved into the Essential set is File::Temp, the others are pulled in as dependencies. Securely creating a temporary file is both difficult and a reasonable action for maintainer scripts to want to take, so it makes sense to have that in the essential set. Using /usr/bin/mktemp from Perl programs is unnecessarily hard and error-prone. See https://lists.debian.org/debian-devel/2014/11/msg00216.html --- debian/changelog | 4 +++- debian/control | 16 ++++++++-------- debian/perl-base.files | 4 ++++ 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/debian/changelog b/debian/changelog index 7326626..ac11e57 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ perl (5.20.1-3) UNRELEASED; urgency=medium - * + * Move File::Temp and its dependencies (File::Path, File::Basename, + and parent) to perl-base. + See https://lists.debian.org/debian-devel/2014/11/msg00216.html -- Niko Tyni <[email protected]> Sun, 09 Nov 2014 22:18:48 +0200 diff --git a/debian/control b/debian/control index 7260f0b..6e8afc3 100644 --- a/debian/control +++ b/debian/control @@ -32,16 +32,22 @@ Breaks: autoconf2.13 (<< 2.13-45), libanyevent-perl (<< 7.070-2), libjcode-perl (<< 2.13-3), libgtk2-perl-doc (<< 2:1.2491-4), + libfile-temp-perl (<< 0.2304), + libfile-path-perl (<< 2.09), libscalar-list-utils-perl (<< 1:1.38) -Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.10.1-1), libperl5.8 (<< 5.8.0-20), +Replaces: perl (<< 5.10.1-12), perl-modules (<< 5.20.1-3), libperl5.8 (<< 5.8.0-20), libscalar-list-utils-perl, libxsloader-perl, libsocket-perl, + libfile-temp-perl, + libfile-path-perl, libio-socket-ip-perl, Provides: perl5-base, ${perlapi:Provides}, libscalar-list-utils-perl, libxsloader-perl, libsocket-perl, + libfile-temp-perl, + libfile-path-perl, libio-socket-ip-perl, Suggests: perl Description: minimal Perl system @@ -102,7 +108,7 @@ Package: perl-modules Priority: standard Architecture: all Multi-Arch: foreign -Depends: perl (>= ${Upstream-Version}-1) +Depends: perl (>= ${Upstream-Version}-1), perl-base (>= 5.20.1-3) Recommends: libarchive-extract-perl, libmodule-pluggable-perl, libpod-latex-perl, @@ -122,7 +128,6 @@ Conflicts: defoma (<< 0.11.12), mono-gac (<< 2.10.8.1-3) Breaks: libpod-parser-perl (<< 1.62), libansicolor-perl (<< 4.02), - libfile-temp-perl (<< 0.2304), libnet-perl (<= 1:1.22), libattribute-handlers-perl (<< 0.96), libcgi-pm-perl (<< 3.65), @@ -165,13 +170,11 @@ Breaks: libpod-parser-perl (<< 1.62), libdigest-perl (<< 1.17), libextutils-install-perl (<< 1.67), libhttp-tiny-perl (<< 0.043), - libfile-path-perl (<< 2.09), libcpan-meta-requirements-perl (<< 2.125), libexperimental-perl (<< 0.007), libpackage-constants-perl (<< 0.04), Replaces: libpod-parser-perl, libansicolor-perl, - libfile-temp-perl, libnet-perl, libattribute-handlers-perl, libcgi-pm-perl, @@ -214,13 +217,11 @@ Replaces: libpod-parser-perl, libdigest-perl, libextutils-install-perl, libhttp-tiny-perl, - libfile-path-perl, libcpan-meta-requirements-perl, libexperimental-perl, libpackage-constants-perl, Provides: libpod-parser-perl, libansicolor-perl, - libfile-temp-perl, libnet-perl, libattribute-handlers-perl, libi18n-langtags-perl, @@ -261,7 +262,6 @@ Provides: libpod-parser-perl, libdigest-perl, libextutils-install-perl, libhttp-tiny-perl, - libfile-path-perl, libcpan-meta-requirements-perl, libexperimental-perl, Description: Core Perl modules diff --git a/debian/perl-base.files b/debian/perl-base.files index 6aef2d5..2c6f57a 100644 --- a/debian/perl-base.files +++ b/debian/perl-base.files @@ -72,3 +72,7 @@ usr/**/perl/*/vars.pm usr/**/perl/*/warnings.pm usr/**/perl/*/warnings/register.pm usr/**/perl/*/feature.pm +usr/**/perl/*/File/Temp.pm +usr/**/perl/*/File/Path.pm +usr/**/perl/*/File/Basename.pm +usr/**/perl/*/parent.pm -- 2.1.3
