Re: [PATCH] buildchroot: build debian packages as "builder" not "root"

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

From: Henning Schild <henning.schild@siemens.com>
To: Baurzhan Ismagulov <ibr@radix50.net>
Cc: <isar-users@googlegroups.com>
Subject: Re: [PATCH] buildchroot: build debian packages as "builder" not "root"
Date: Mon, 29 Oct 2018 12:27:39 +0100	[thread overview]
Message-ID: <20181029122739.441d0531@md1pvb1c.ad001.siemens.net> (raw)
In-Reply-To: <20181029105402.GB6306@yssyq.m.ilbers.de>

Am Mon, 29 Oct 2018 11:54:02 +0100
schrieb Baurzhan Ismagulov <ibr@radix50.net>:

> On Fri, Oct 26, 2018 at 12:49:14PM +0200, Henning Schild wrote:
> > We used to build packages as "root" and now do that as a regular
> > user. Not building as "root" allows us to find mistakes in
> > debian/rules where privileged operations are used while they should
> > not (a sudo was found in a rules-file). Further some build steps
> > might actually expect to not run as root (seen in openssl test
> > suite).
> > 
> > Not building as root should increase overall quality and brings us
> > closer to how debian packages are build by others.  
> 
> Thanks, a good step.
> 
> 
> > +su - builder -c "cd $1; dpkg-buildpackage -a$target_arch -d
> > --source-option=-I"  
> 
> I suggest adding -rfakeroot to satisfy the cases below.

"-rfakeroot" is the default and can be omitted ... it is already in
there. Unless the defaults are different in the various versions we
support.

Henning

> https://www.debian.org/doc/debian-policy/ch-files.html#permissions-and-owners
> https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-rules-requires-root
> 
> 
> With kind regards,
> Baurzhan.
>

next prev parent reply	other threads:[~2018-10-29 11:27 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-26 10:49 Henning Schild
2018-10-29 10:54 ` Baurzhan Ismagulov
2018-10-29 11:27   ` Henning Schild [this message]
2018-10-29 11:44     ` Baurzhan Ismagulov
2018-11-01 13:27 ` Maxim Yu. Osipov
2018-11-08 13:32 ` Jan Kiszka
2018-11-08 14:54   ` Henning Schild
2018-11-09  9:14     ` Jan Kiszka
2018-11-09  9:34       ` Henning Schild
2018-11-09  9:37         ` Jan Kiszka
2018-11-09 11:16           ` Jan Kiszka
2018-11-09 15:49             ` Baurzhan Ismagulov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181029122739.441d0531@md1pvb1c.ad001.siemens.net \
    --to=henning.schild@siemens.com \
    --cc=ibr@radix50.net \
    --cc=isar-users@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox