Bug#931985: file: Experimental file breaks package creation at dh_shlibdeps stage due to file command
On Sat, 13 Jul 2019 14:33:00 +0200 Christoph Biedl wrote: > Control: tags 931985 pending > > So here's the story: The dh_shlibdepends program runs under fakeroot, > and libfakeroot will be loaded be the file binary as well. Nothing new. > > Enter seccomp: The version of file in experimental is the first one to > have seccomp support enabled. The syscalls used by libffakeroot are not > whitelisted, so msgsend or getpid case program abort. You should have > seen according messages in the kernel log as well. > > A sane solution will take time. For the moment the only sane choice will > do to re-disable seccomp support. > > Christoph Is it possible to patch the code to skip the seccomp support only under fakeroot? While we are slowly reducing the number of packages relying on fakeroot, it will probably take a decade or more to be completely free from it. But I think it would be unfortunate not to have the seccomp filtering until then. Thanks, ~Niels
Bug#931985: file: Experimental file breaks package creation at dh_shlibdeps stage due to file command
Niels Thykier wrote... > Is it possible to patch the code to skip the seccomp support only under > fakeroot? While we are slowly reducing the number of packages relying > on fakeroot, it will probably take a decade or more to be completely > free from it. But I think it would be unfortunate not to have the > seccomp filtering until then. A quicker solution was to add the --no-sandbox option to any file invocation. But right now that option triggers an error if file was built without seccomp support - but seccomp is not available on all architectures. The right place to deal with this is improving file's tunables wrt seccomp support, working on that. I'll get back to you when there are results. Christoph signature.asc Description: PGP signature
Processed: Re: Bug#931985: file: Experimental file breaks package creation at dh_shlibdeps stage due to file command
Processing control commands: > tags 931985 pending Bug #931985 [file] file: Experimental file breaks package creation at dh_shlibdeps stage due to file command Added tag(s) pending. -- 931985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931985 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931985: file: Experimental file breaks package creation at dh_shlibdeps stage due to file command
Control: tags 931985 pending So here's the story: The dh_shlibdepends program runs under fakeroot, and libfakeroot will be loaded be the file binary as well. Nothing new. Enter seccomp: The version of file in experimental is the first one to have seccomp support enabled. The syscalls used by libffakeroot are not whitelisted, so msgsend or getpid case program abort. You should have seen according messages in the kernel log as well. A sane solution will take time. For the moment the only sane choice will do to re-disable seccomp support. Christoph signature.asc Description: PGP signature
Processed: Re: Bug#931985: file: Experimental file breaks package creation at dh_shlibdeps stage due to file command
Processing control commands: > tags 931985 confirmed Bug #931985 [file] file: Experimental file breaks package creation at dh_shlibdeps stage due to file command Added tag(s) confirmed. -- 931985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931985 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#931985: file: Experimental file breaks package creation at dh_shlibdeps stage due to file command
Control: tags 931985 confirmed At first, thanks for reporting, thus avoiding a lot of noise. Eric Valette wrote... > I know it is experimental but anyway That's what experimental is for :) Did you just stumble over it or do you do build checks incluing experimental on a regular base? In the latter case, I am happy to add you to my list¹ of recipicients I notify when uploading a new upstream version of file. These uploads always go to experimental first - experience taught new upstream versions break things. Christoph, now exploring the cause of the breakage ¹ https://sources.debian.org/src/file/1:5.37-1/debian/README.Maintainer/ signature.asc Description: PGP signature
Bug#931985: file: Experimental file breaks package creation at dh_shlibdeps stage due to file command
Package: file Version: 1:5.37-1 Severity: critical Justification: breaks unrelated software I know it is experimental but anyway it should be fixed and if you build pacakges, you cannot anymore. Tried on two pacakges, same error. dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info dh_shlibdeps: Compatibility levels before 9 are deprecated (level 5 in use) dh_shlibdeps: Compatibility levels before 9 are deprecated (level 5 in use) dh_shlibdeps: file -e apptype -e ascii -e encoding -e cdf -e compress -e tar debian/tvheadend/usr/bin/tv_meta_tmdb.py died with signal 31 dh_shlibdeps: Aborting due to earlier error -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.58 (SMP w/8 CPU cores; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages file depends on: ii libc62.28-10 ii libmagic11:5.37-1 ii libseccomp2 2.3.3-4 ii zlib1g 1:1.2.11.dfsg-1 file recommends no packages. file suggests no packages. -- no debconf information