From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6616615978640867328 X-Received: by 2002:a1c:3a84:: with SMTP id h126-v6mr2143514wma.14.1540810446105; Mon, 29 Oct 2018 03:54:06 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:1415:: with SMTP id 21-v6ls1334412wmu.13.gmail; Mon, 29 Oct 2018 03:54:05 -0700 (PDT) X-Google-Smtp-Source: AJdET5ekfucxxTAYg0AzgPUZ8L9hi4WAvsWUhElJiQ225UcI5yoKh4Mg8CUyqGdCO/koG9fFvvTx X-Received: by 2002:a1c:84cd:: with SMTP id g196-v6mr2144639wmd.3.1540810445707; Mon, 29 Oct 2018 03:54:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540810445; cv=none; d=google.com; s=arc-20160816; b=bH+WePxZqgDGCEbfBo657ohR0H1QOsUmAL2eeDA9ksFVRpIMQvJhRXCOTutFS/cCBc KzE6gwlPbwXv8oy/4bgk89kxq64211+SFvrM7RcQfOBXDCoimupHnonqRqaZmeIPbOtw OgfEusRA5tVKIptoFD3Ylt0nVZf5+Q+tfHvWsbhHrrOlhFUo0gqUZ/eq+KIuPQMbUBEc 03B2/c8qe/X0XMQSjHEI8DD9cWvaGNprYKnUMdHdvLFhesodWirqFh8Qu1OU6siAAiFL Y+H9jzgZE7X7Mmr7dH1JbJHfEgAYmbNUCCRLH6Xvn+QXv4sbUvB2jaeq895lKtRojUNE nBAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:to:from:date; bh=hsK7AZV6YSlGR+6BjknvWWnw7c4IKnd035Eb8gF8hHU=; b=u+oeO+rU81FWib6Z0EPc+B9gE65k2ikz/Q6SQMB4xt1KFR2MFFMBsD/A4xzB1UNJ/w MF/+7ySkrTti1OTc6D0f4Gz38VLi3v50sl4jAmTZB6ruR9NMmU3qzQUZT5GuDsl5Agcz JkP3lcBGKAI5kLb1A03Ll+6JJZu7KJpST+RPfksGogymYa2KU+TrOIUOhEfTn6Q3F/2b 19Ni5no77W9rpYHqJJSp7dzQWmYo/f9f1yiAvkWXjn1TCoGDRkPepBNbq0GrzXCeJwIw wYHUY6bWfeLxBFovc6EM1fYNI1zcUiFZca/xZixQmDvmSfY/EbQby+geJJ1nHwq8Gb0j YpFw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 85.214.62.211 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) smtp.mailfrom=ibr@radix50.net Return-Path: Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211]) by gmr-mx.google.com with ESMTPS id s5-v6si93994wri.4.2018.10.29.03.54.05 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 03:54:05 -0700 (PDT) Received-SPF: neutral (google.com: 85.214.62.211 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) client-ip=85.214.62.211; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 85.214.62.211 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) smtp.mailfrom=ibr@radix50.net Received: from yssyq.m.ilbers.de (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id w9TAs3rU010279 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 29 Oct 2018 11:54:04 +0100 Received: from yssyq.m.ilbers.de (localhost [127.0.0.1]) by yssyq.m.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id w9TAs2GM007952 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 29 Oct 2018 11:54:02 +0100 Received: (from ibr@localhost) by yssyq.m.ilbers.de (8.15.2/8.15.2/Submit) id w9TAs2I9007951 for isar-users@googlegroups.com; Mon, 29 Oct 2018 11:54:02 +0100 Date: Mon, 29 Oct 2018 11:54:02 +0100 From: Baurzhan Ismagulov To: isar-users@googlegroups.com Subject: Re: [PATCH] buildchroot: build debian packages as "builder" not "root" Message-ID: <20181029105402.GB6306@yssyq.m.ilbers.de> Mail-Followup-To: isar-users@googlegroups.com References: <20181026104914.25581-1-henning.schild@siemens.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181026104914.25581-1-henning.schild@siemens.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-TUID: 23OoUyoXAxp5 On Fri, Oct 26, 2018 at 12:49:14PM +0200, Henning Schild wrote: > We used to build packages as "root" and now do that as a regular user. > Not building as "root" allows us to find mistakes in debian/rules where > privileged operations are used while they should not (a sudo was > found in a rules-file). Further some build steps might actually expect > to not run as root (seen in openssl test suite). > > Not building as root should increase overall quality and brings us > closer to how debian packages are build by others. Thanks, a good step. > +su - builder -c "cd $1; dpkg-buildpackage -a$target_arch -d --source-option=-I" I suggest adding -rfakeroot to satisfy the cases below. https://www.debian.org/doc/debian-policy/ch-files.html#permissions-and-owners https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-rules-requires-root With kind regards, Baurzhan.