Package: fakeroot Version: 1.21-3.1 Severity: important Tags: upstream fakeroot and fakechroot are very unreliable. Just look at other bug reports.
Even simple "env -i" (such commands are likely in building utils) unexpectedly turn off fakeroot. Other thing incompatible with fakeroot is static linking. Calls to "ldconfig" are usual in building tools. Other utils have to introduce kludges to deal with fakeroot unreliability. For example, debootstrap includes its own ldconfig replacement for fakeroot mode. Okey, what to do? I propose to replace fakeroot with fakeroot-ng or user namespaces (CLONE_NEWUSER). fakeroot-ng is based on ptrace, as opposed to fakeroot. So, it is more reliable. But I'm not sure whether its perfect. For example, I don't know whether fakeroot-ng is compatible with SETUID binaries. CLONE_NEWUSER (user namespaces) and tools based on it (recent systemd-nspawn, lxc, etc) are better. I think user namespaces are more reliable and faster than fakeroot-ng. But user namespaces seem to be less secure. So, please remove fakeroot and fakechroot. Remove package "pseudo", too, because it uses LD_PRELOAD (like fakeroot), and thus it shares same problems. If you decide user namespaces are better than fakeroot-ng, then remove fakeroot-ng, too. Okey, so, please remove fakeroot, fakechroot, pseudo (and possibly fakeroot-ng) from Debian archive. Change all packages which use them to use fakeroot-ng or user namespaces. Stop using this obsolete packages in your infrastructure, i. e. don't build packages using fakeroot. Remove all kludges you introduced to work with fakeroot, such as special debootstrap variant. What about non-Linux kernels supported by Debian, i. e. Hurd and kFreeBSD? I think Hurd has some feature similar to user namespaces (subhurd or something like that). Moreover, they are theoretically more secure than Linux user namespaces due to microkernel architecture. And moreover, ability to simulate root without such hacky tools always was selling point of Hurd. kFreeBSD? Well, nobody wants it anyway. :) User namespaces are supported by default in Stretch's Linux kernel. -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-0.bpo.2-amd64 (SMP w/8 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages fakeroot depends on: ii libc6 2.24-11+deb9u3 ii libfakeroot 1.21-3.1 fakeroot recommends no packages. fakeroot suggests no packages. -- no debconf information