From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6616615978640867328 X-Received: by 2002:a2e:9006:: with SMTP id h6-v6mr1241089ljg.22.1540812443751; Mon, 29 Oct 2018 04:27:23 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:3e03:: with SMTP id l3-v6ls885736lja.5.gmail; Mon, 29 Oct 2018 04:27:23 -0700 (PDT) X-Google-Smtp-Source: AJdET5cAVrdWUls4iBhx2NivpXcCSeVSbbrGOpplytqYaglWIVis0eAKlttVgoABapGxdwBAYq/l X-Received: by 2002:a2e:988f:: with SMTP id b15-v6mr1245496ljj.14.1540812443303; Mon, 29 Oct 2018 04:27:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1540812443; cv=none; d=google.com; s=arc-20160816; b=hrPYc5LN90EaH+NGyrI6eZ1KRCXceC7iYv0GiJpJfXa+9MlP54k3vPH/L8Yh61QMdP YKF+YXEbxpsv2APLKWQgPpB6Df5u4i4q9CdhLajOgVD16TzdL/UR+Lp9UWfMBzIM32vG wgY11dNjPoMBXFocMQz6cwHNR3utLQUbzE+cwQ+AkMwVtm2VZizzyQOQcRPmFT6GqUVk u/05u15uhPSZWNxePpVDZlTssM/dNTBF+3lqLcyUE7R5P/oLbspBoi70xdJT8VpUNhcQ XBZBpptBXkl27nxdKvK0eHuQP/jvZSIWQSy98RsPekiqb7LnjJbpgpdvarG2yVCHZQrt nT7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=7/PbM4rkSkqJVqJtz7/A872pEfkUBsU/kDtYAKgaZq8=; b=mR/lCnXKT3zsbod3DjNkdD7HaJdTBZlBjZbH2R21J2rwiFGd8nkmfTiWkQ2Ei2sLL8 HSbPMFseOplqjZcjQLuC/DTxQ2ex2Enwcu/KzH1XdcIKosPRCYwXheTAsmeEFLMN9eDd 9D10qcS5BLkP7HzVVsKcxpSkhwV2+X0HZrDX3VSd16pq+gJQCk8dhwnTKnep4E+Xd0Ye 5+0T2/+8JIrvIry436OQ7EYnj1GKaG90vVvzVGyznYhBB9n2XYNNebfeVGfihtJm698c SeVnO3ycL44tdyE5asALFdZDOfTnAOAJLnEm3oBAm3qhURvpr+59jOQB3U1gs6OVsaKK 0cpQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id 73-v6si476997ljc.5.2018.10.29.04.27.23 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Oct 2018 04:27:23 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id w9TBRMRb005283 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 29 Oct 2018 12:27:22 +0100 Received: from md1pvb1c.ad001.siemens.net (md1pvb1c.ad001.siemens.net [139.25.68.40]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTPS id w9TBRK8k002034 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 29 Oct 2018 12:27:22 +0100 Date: Mon, 29 Oct 2018 12:27:39 +0100 From: Henning Schild To: Baurzhan Ismagulov Cc: Subject: Re: [PATCH] buildchroot: build debian packages as "builder" not "root" Message-ID: <20181029122739.441d0531@md1pvb1c.ad001.siemens.net> In-Reply-To: <20181029105402.GB6306@yssyq.m.ilbers.de> References: <20181026104914.25581-1-henning.schild@siemens.com> <20181029105402.GB6306@yssyq.m.ilbers.de> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: SFFMw6+gdWo1 Am Mon, 29 Oct 2018 11:54:02 +0100 schrieb Baurzhan Ismagulov : > On Fri, Oct 26, 2018 at 12:49:14PM +0200, Henning Schild wrote: > > We used to build packages as "root" and now do that as a regular > > user. Not building as "root" allows us to find mistakes in > > debian/rules where privileged operations are used while they should > > not (a sudo was found in a rules-file). Further some build steps > > might actually expect to not run as root (seen in openssl test > > suite). > > > > Not building as root should increase overall quality and brings us > > closer to how debian packages are build by others. > > Thanks, a good step. > > > > +su - builder -c "cd $1; dpkg-buildpackage -a$target_arch -d > > --source-option=-I" > > I suggest adding -rfakeroot to satisfy the cases below. "-rfakeroot" is the default and can be omitted ... it is already in there. Unless the defaults are different in the various versions we support. Henning > https://www.debian.org/doc/debian-policy/ch-files.html#permissions-and-owners > https://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-rules-requires-root > > > With kind regards, > Baurzhan. >