Bug#1002626: debian-policy: building packages should not require to be root

2021-12-27 Thread Vincent Lefevre 
On 2021-12-27 17:54:24 -0700, Sean Whitton wrote:
> The sort of case I have in mind is an 'RRR: no'%e package that does not
> FTBFS when built as root, but does do so as non-root.  I agree that
> that's an FTBFS bug, but is it release-critical?  For a relatively new
> feature like RRR, I'm not sure it is, unless Policy says it is.  But I
> could be convinced, and I agree with you that the sort of reasoning
> you're giving is a good way to think about this sort of thing.

I think that it should be release-critical: RRR may be new,
but removing the "RRR: no" would normally solve the problem
(this might not be the best solution, but it is at least
better than a FTBFS as non-root).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-27 Thread Russ Allbery 
Sean Whitton  writes:

> I said that the requirement is only advisory based on how there is no
> requirement on packages expressed must/should/etc. in the description of
> Rules-Requires-Root: no in Policy.  The target of the advice would be
> authors and maintainers of package builders.

> However, I missed the use of "required" in the text, which means there
> is in fact a Policy requirement not to fail to build as non-root when
> this field value is declared, I think?

> Sorry for causing some confusion here.

Oh, no problem at all, and that makes sense.

FWIW, I think Policy requirements may be the wrong way of thinking about
this problem.  If I try to compile a Perl module with GCC in debian/rules,
I would be hard-pressed to name a specific Policy requirement that
violates, but the package wouldn't build and that's a FTBFS bug.  This
feels more like that: the package metadata says to build it as non-root,
which means that if it doesn't build as non-root, that's a FTBFS bug.

Anyway, it all seems to be sorted out now, and I suspect the root problem
was some benign misunderstanding of the root cause Vincent's bug report.

-- 
Russ Allbery (r...@debian.org)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-27 Thread Sean Whitton 
Hello Russ,

On Sat 25 Dec 2021 at 06:45PM -08, Russ Allbery wrote:

> Vincent Lefevre  writes:
>> On 2021-12-25 14:48:33 -0800, Russ Allbery wrote:
>>> Vincent Lefevre  writes:
>
 Here, the build via "debuild" is failing even when fakeroot is
 available (installed on the machine). Note that Rules-Requires-Root
 has been set to "no". IMHO, the policy should say that when
 Rules-Requires-Root is set to "no", being root or using fakeroot
 should not be required.
>
>>> It does already.
>
>>> no: Declares that neither root nor fakeroot is required. Package
>>> builders (e.g. dpkg-buildpackage) may choose to invoke any target in
>>> debian/rules with an unprivileged user.
>
>>> Am I missing something?
>
>> According to Sean, this is just advisory (and Scott Kitterman seemed
>> to assume that a build failure as non-root[*] was not a RC bug).
>
> I don't understand what "advisory" means here.  This field controls the
> behavior of the package building software.  If the package says that root
> isn't required, the package will be built without root.  If root turns out
> to be required, the package will FTBFS.  There's nothing "advisory" about
> having inaccurate package metadata that causes FTBFS, surely?

I said that the requirement is only advisory based on how there is no
requirement on packages expressed must/should/etc. in the description of
Rules-Requires-Root: no in Policy.  The target of the advice would be
authors and maintainers of package builders.

However, I missed the use of "required" in the text, which means there
is in fact a Policy requirement not to fail to build as non-root when
this field value is declared, I think?

Sorry for causing some confusion here.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Russ Allbery 
Guillem Jover  writes:

> But, the builder in this context is the program driving debian/rules and
> not any external wrappers, in this case dpkg-buildpackage, which has
> honored the field since it got implemented in 1.19.0. We drafted it as
> "the builder" to allow for other potential drivers, because we are still
> considering debian/rules the canonical entry point (even though I still
> think we should ideally stop supporting calling it directly, and instead
> should make dpkg-buildpackage the only supported interface).

Oh, my apologies, I missed that detail.

>> […] It looks like that's not the case, so I think this was just a
>> bog-standard FTBFS, only a bit surprising because it was triggered by
>> honoring Rules-Requires-Root, which I'm not sure the buildds do (yet).

> The buildds have "honored" R³ since dpkg-buildpackage does.

I had remembered (probably from some distant past) buildds always running
builds as root, and just confused myself and probably other people.  Sorry
about that!

I'm therefore confused why postfix didn't FTBFS on the buildds by failing
to remove that read-only file.  Clearly there must be some difference in
the build environment for Daniel and Vincent or postfix would have always
refused to build, but I'm not sure what that is.

(In any case, I'm fairly convinced this isn't a Policy bug, although it
sounds like the wording for R³ in Policy could be improved somewhat.)

-- 
Russ Allbery (r...@debian.org)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Guillem Jover 
On Sat, 2021-12-25 at 18:45:08 -0800, Russ Allbery wrote:
> Vincent Lefevre  writes:
> > On 2021-12-25 14:48:33 -0800, Russ Allbery wrote:
> >> Vincent Lefevre  writes:
> >>> Here, the build via "debuild" is failing even when fakeroot is
> >>> available (installed on the machine). Note that Rules-Requires-Root
> >>> has been set to "no". IMHO, the policy should say that when
> >>> Rules-Requires-Root is set to "no", being root or using fakeroot
> >>> should not be required.
> 
> >> It does already.
> 
> >> no: Declares that neither root nor fakeroot is required. Package
> >> builders (e.g. dpkg-buildpackage) may choose to invoke any target in
> >> debian/rules with an unprivileged user.
> 
> >> Am I missing something?
> 
> > According to Sean, this is just advisory (and Scott Kitterman seemed
> > to assume that a build failure as non-root[*] was not a RC bug).
> 
> I don't understand what "advisory" means here.  This field controls the
> behavior of the package building software.  If the package says that root
> isn't required, the package will be built without root.  If root turns out
> to be required, the package will FTBFS.  There's nothing "advisory" about
> having inaccurate package metadata that causes FTBFS, surely?

I did not understand Sean reply either TBH. Also rereading the policy
description of this, seems to me has somewhat lost some of the nuance
from the spec in dpkg (/usr/share/doc/dpkg/rootless-builds.txt.gz).

Neither I understood the comment about that being related to the field
being new.

> Presumably the question is about the severity of the bug, but I don't
> think the severity question has anything to do with the Policy wording or
> would change if we worded Policy differently.  The package says that you
> don't have to run it as root, so an autobuilder that knows about
> Rules-Requires-Root won't run the build as root, the build will fail, and
> that's a FTBFS bug, regardless of what Policy says.  Presumably Lucas
> would report it as such if his builder supports Rules-Requires-Root.

But, the builder in this context is the program driving debian/rules
and not any external wrappers, in this case dpkg-buildpackage, which
has honored the field since it got implemented in 1.19.0. We drafted
it as "the builder" to allow for other potential drivers, because we
are still considering debian/rules the canonical entry point (even
though I still think we should ideally stop supporting calling it
directly, and instead should make dpkg-buildpackage the only supported
interface).

> […] It looks like that's not the case, so I think this was
> just a bog-standard FTBFS, only a bit surprising because it was triggered
> by honoring Rules-Requires-Root, which I'm not sure the buildds do (yet).

The buildds have "honored" R³ since dpkg-buildpackage does.

Thanks,
Guillem

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Russ Allbery 
Vincent Lefevre  writes:
> On 2021-12-25 14:48:33 -0800, Russ Allbery wrote:
>> Vincent Lefevre  writes:

>>> Here, the build via "debuild" is failing even when fakeroot is
>>> available (installed on the machine). Note that Rules-Requires-Root
>>> has been set to "no". IMHO, the policy should say that when
>>> Rules-Requires-Root is set to "no", being root or using fakeroot
>>> should not be required.

>> It does already.

>> no: Declares that neither root nor fakeroot is required. Package
>> builders (e.g. dpkg-buildpackage) may choose to invoke any target in
>> debian/rules with an unprivileged user.

>> Am I missing something?

> According to Sean, this is just advisory (and Scott Kitterman seemed
> to assume that a build failure as non-root[*] was not a RC bug).

I don't understand what "advisory" means here.  This field controls the
behavior of the package building software.  If the package says that root
isn't required, the package will be built without root.  If root turns out
to be required, the package will FTBFS.  There's nothing "advisory" about
having inaccurate package metadata that causes FTBFS, surely?

Presumably the question is about the severity of the bug, but I don't
think the severity question has anything to do with the Policy wording or
would change if we worded Policy differently.  The package says that you
don't have to run it as root, so an autobuilder that knows about
Rules-Requires-Root won't run the build as root, the build will fail, and
that's a FTBFS bug, regardless of what Policy says.  Presumably Lucas
would report it as such if his builder supports Rules-Requires-Root.

Reading the bug log, I'm not sure there's even any disagreement about
that.  What I see instead is that Scott was surprised that the file being
removed was not writable and thought that was something that you had done
in the local build system and that therefore wouldn't happen with other
rebuild efforts.  It looks like that's not the case, so I think this was
just a bog-standard FTBFS, only a bit surprising because it was triggered
by honoring Rules-Requires-Root, which I'm not sure the buildds do (yet).

-- 
Russ Allbery (r...@debian.org)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Vincent Lefevre 
On 2021-12-25 14:48:33 -0800, Russ Allbery wrote:
> Vincent Lefevre  writes:
> 
> > Here, the build via "debuild" is failing even when fakeroot is available
> > (installed on the machine). Note that Rules-Requires-Root has been set
> > to "no". IMHO, the policy should say that when Rules-Requires-Root is
> > set to "no", being root or using fakeroot should not be required.
> 
> It does already.
> 
> no: Declares that neither root nor fakeroot is required. Package
> builders (e.g. dpkg-buildpackage) may choose to invoke any target in
> debian/rules with an unprivileged user.
> 
> Am I missing something?

According to Sean, this is just advisory (and Scott Kitterman seemed
to assume that a build failure as non-root[*] was not a RC bug).

[*] here, just because of "Rules-Requires-Root: no".

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Vincent Lefevre 
Hi Sean,

On 2021-12-25 15:55:32 -0700, Sean Whitton wrote:
> Okay, I've attempted to retitle this bug in accordance with your
> suggestion.  The relevant change would not be in ch. 4, but under ch. 5.
> What you suggest is to add to the meaning of "Rules-Requires-Root: no"
> that packages which declare this must not fail to build as non-root.
> 
> This would be quite a significant change, as currently
> Rules-Requires-Root is pretty much just advisory to dpkg-buildpackage.

I'm wondering what is the point to set "Rules-Requires-Root: no" if
the consequence is that this makes the build fail as a non-root user.

> Do we have a project consensus that it ought to be more than advisory?
> I'm not sure -- the field is fairly new.

If this is new, I would have assumed that when a maintainer adds this
field, he should check that the build really succeeds as non-root.

> In addition to that, we would also need to be confident that making this
> change in Policy would not render more than a few packages buggy.

Couldn't there be a build bot to check that?

FYI, over the past few years, I've built dozens of packages as a
non-root user (I never build packages as root), and with the new
postfix bug (now closed as fixed), this was the first time I saw
a failure for this reason.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Sean Whitton 
control: retitle -1 When Rules-Require-Root: no, packages should not fail to 
build as non-root

Hello Vincent,

On Sat 25 Dec 2021 at 11:37PM +01, Vincent Lefevre wrote:

> When a package is built as a normal user, Rules-Requires-Root assumes
> that using fakeroot would be fine.
>
> Here, the build via "debuild" is failing even when fakeroot is
> available (installed on the machine). Note that Rules-Requires-Root
> has been set to "no". IMHO, the policy should say that when
> Rules-Requires-Root is set to "no", being root or using fakeroot
> should not be required.

Okay, I've attempted to retitle this bug in accordance with your
suggestion.  The relevant change would not be in ch. 4, but under ch. 5.
What you suggest is to add to the meaning of "Rules-Requires-Root: no"
that packages which declare this must not fail to build as non-root.

This would be quite a significant change, as currently
Rules-Requires-Root is pretty much just advisory to dpkg-buildpackage.
Do we have a project consensus that it ought to be more than advisory?
I'm not sure -- the field is fairly new.

In addition to that, we would also need to be confident that making this
change in Policy would not render more than a few packages buggy.

-- 
Sean Whitton


signature.asc
Description: PGP signature

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Russ Allbery 
Vincent Lefevre  writes:

> Here, the build via "debuild" is failing even when fakeroot is available
> (installed on the machine). Note that Rules-Requires-Root has been set
> to "no". IMHO, the policy should say that when Rules-Requires-Root is
> set to "no", being root or using fakeroot should not be required.

It does already.

no: Declares that neither root nor fakeroot is required. Package
builders (e.g. dpkg-buildpackage) may choose to invoke any target in
debian/rules with an unprivileged user.

Am I missing something?

-- 
Russ Allbery (r...@debian.org)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Vincent Lefevre 
Hello Bill,

On 2021-12-25 22:58:25 +0100, Bill Allombert wrote:
> On Sat, Dec 25, 2021 at 10:38:47PM +0100, Vincent Lefevre wrote:
> > Building packages should not require to be root.
> 
> Hello Vincent!
> 
> Currently, packages are allowed to require root to build.
> See Rules-Requires-Root for more detail.

No, this is not what the Rules-Requires-Root documentation says.

https://www.debian.org/doc/debian-policy/ch-source.html#debian-rules-and-rules-requires-root
says:

  Depending on the value of the Rules-Requires-Root field, the package
  builder (e.g. dpkg-buildpackage) may run the debian/rules target as
  an unprivileged user and provide a gain root command. This command
  allows the debian/rules target to run particular subcommands under
  (fake)root.

When a package is built as a normal user, Rules-Requires-Root assumes
that using fakeroot would be fine.

Here, the build via "debuild" is failing even when fakeroot is
available (installed on the machine). Note that Rules-Requires-Root
has been set to "no". IMHO, the policy should say that when
Rules-Requires-Root is set to "no", being root or using fakeroot
should not be required.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Vincent Lefevre 
Control: reopen -1

On 2021-12-25 14:55:37 -0700, Sean Whitton wrote:
> Hello,
> 
> On Sat 25 Dec 2021 at 10:38PM +01, Vincent Lefevre wrote:
> 
> > Package: debian-policy
> > Version: 4.6.0.1
> > Severity: important
> >
> > Building packages should not require to be root.
> >
> > I don't know what's going on, but see
> >
> >   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002497#31
> 
> It looks like the issue has been fixed over there.

Not currently available, but anyway this doesn't answer the issue with
other possible packages where this would not be fixed. This was mainly
about the bug severity.

IMHO, a failure to build a package as a normal user should be regarded
as a RC bug (Scott Kitterman said "Certainly not a serious bug. [...]
Don't upgrade the severity again. If you think this is such a big
deal, go get something in Debian policy.").

In particular, all packages in stable should be buildable as a normal
user (in particular to lower the risk of breaking the system in case
of a bug somewhere in the build system).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Bill Allombert 
On Sat, Dec 25, 2021 at 10:38:47PM +0100, Vincent Lefevre wrote:
> Package: debian-policy
> Version: 4.6.0.1
> Severity: important
> 
> Building packages should not require to be root.

Hello Vincent!

Currently, packages are allowed to require root to build.
See Rules-Requires-Root for more detail.

Cheers,
-- 
Bill. 

Imagine a large red swirl here.

Bug#1002626: debian-policy: building packages should not require to be root

2021-12-25 Thread Vincent Lefevre 
Package: debian-policy
Version: 4.6.0.1
Severity: important

Building packages should not require to be root.

I don't know what's going on, but see

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002497#31

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

debian-policy depends on no packages.

Versions of packages debian-policy recommends:
ii  libjs-sphinxdoc  4.3.2-1

Versions of packages debian-policy suggests:
ii  doc-base  0.11.1

-- no debconf information

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)