From: "'Felix Moessbauer' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Subject: Re: [PATCH] meta: default "Rules-Requires-Root: no", make it configurable
Date: Mon, 8 Sep 2025 10:02:07 +0200 [thread overview]
Message-ID: <e7a914ea-82f2-4423-a898-821c3d5fdd5c@siemens.com> (raw)
In-Reply-To: <20250907204258.201718-1-badrikesh.prusty@siemens.com>
On 9/7/25 22:42, 'Badrikesh Prusty' via isar-users wrote:
> From: badrikesh prusty <badrikesh.prusty@siemens.com>
>
> Setting "Rules-Requires-Root: no" in the debian/control file avoids
> unnecessarily calling fakeroot in the build environment. Packages which
> require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable
> with the desired value.
>
> Debian recommends not using fakeroot to build a package if it is not
> required i.e., if a package's build doesn't require any privileged
> operations such as changing ownership to root, installing/modifying
> files as root.
>
> This also fixes hangs observed during fakeroot calls in
> dpkg-buildpackage. References:
> https://github.com/ilbers/isar/issues/113
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521
Thanks for bringing this upstream as well. I hope they will backport the
fakeroot fix, as indicated in 1114644. Once we have that, we can / have
to also update the kas container.
Anyways, your patch does not fix the hang, it just makes it less likely
as now more packages are build without fakeroot. It merely is an
optimization.
While debian does not recommend to set this to yes, I'm wondering if the
default is still yes (or if that changed in trixie).
Felix
>
> Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com>
> ---
> meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++
> meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-os/optee-os.inc | 4 +++-
> meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 +
> .../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++-
> meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++-
> meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux-module/module.inc | 2 ++
> meta/recipes-kernel/linux/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux/linux-custom.inc | 2 ++
> 12 files changed, 22 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> index e6af7554..d4374909 100644
> --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Maintainer: Unknown maintainer <unknown@example.com>
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> index 738b694a..257c5c4c 100644
> --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \
> optee-os-tadevkit-${OPTEE_NAME} \
> "
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TA_CPU ?= "unknown"
> TA_DEV_KIT_DIR ?= "unknown"
> OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
> TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \
> DEBIAN_COMPAT \
> + DEBIAN_RULES_REQUIRES_ROOT \
> OPTEE_FTPM_BUILD_ARGS_EXTRA \
> TA_CPU \
> TA_DEV_KIT_DIR"
> diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> index 7bcd6edb..443578bd 100644
> --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${DEBIAN_PACKAGE_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/optee-os/optee-os.inc b/meta/recipes-bsp/optee-os/optee-os.inc
> index eac75ae8..edd21f58 100644
> --- a/meta/recipes-bsp/optee-os/optee-os.inc
> +++ b/meta/recipes-bsp/optee-os/optee-os.inc
> @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
>
> DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
>
> # split strip platform flavor, if any, from the specified platform string
> OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> index cf4607e3..311b44c0 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: trusted-firmware-a-${TF_A_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> index 9f143b13..4ea7cc6c 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin"
>
> DEBIAN_BUILD_DEPENDS ?= ""
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> PROVIDES += "trusted-firmware-a-${TF_A_NAME}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT \
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \
> TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS"
>
> do_prepare_build() {
> diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> index 006982c2..6cbdf02c 100644
> --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: u-boot-${MACHINE}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> index 2d6dd8e0..e3081ce9 100644
> --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc
> +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> @@ -20,12 +20,14 @@ SRC_URI += "file://debian/"
>
> DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}"
>
> U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \
> +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT U_BOOT_CONFIG U_BOOT_BIN \
> U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT"
>
> U_BOOT_TOOLS_PACKAGE ?= "0"
> diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> index 45fcbc0e..914733d8 100644
> --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ${MAINTAINER}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc
> index d2a41766..b51e8965 100644
> --- a/meta/recipes-kernel/linux-module/module.inc
> +++ b/meta/recipes-kernel/linux-module/module.inc
> @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= ""
> DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
>
> SRC_URI += "file://debian/"
>
> @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \
> KAFLAGS \
> MODULE_DIR \
> DEBIAN_BUILD_DEPENDS \
> + DEBIAN_RULES_REQUIRES_ROOT \
> SIGNATURE_KEYFILE \
> SIGNATURE_CERTFILE \
> SIGNATURE_HASHFN \
> diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl b/meta/recipes-kernel/linux/files/debian/control.tmpl
> index a79b86c4..479f8ff0 100644
> --- a/meta/recipes-kernel/linux/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Maintainer: ${MAINTAINER}
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, ${KBUILD_DEPENDS}
> Homepage: http://www.kernel.org/
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: linux-image-${KERNEL_NAME_PROVIDED}
> Build-Profiles: <kernel>
> diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc
> index 01e9bff7..e073206f 100644
> --- a/meta/recipes-kernel/linux/linux-custom.inc
> +++ b/meta/recipes-kernel/linux/linux-custom.inc
> @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR"
> # pinned due to known or possible issues with compat 12
> DEBIAN_COMPAT:buster = "10"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> KBUILD_DEPENDS ?= "build-essential:native, \
> libelf-dev:native, \
> libncurses-dev:native, \
--
Siemens AG
Linux Expert Center
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/e7a914ea-82f2-4423-a898-821c3d5fdd5c%40siemens.com.
next prev parent reply other threads:[~2025-09-08 8:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-07 20:42 'Badrikesh Prusty' via isar-users
2025-09-07 20:54 ` 'Badrikesh Prusty' via isar-users
2025-09-08 5:28 ` 'Jan Kiszka' via isar-users
2025-09-08 8:02 ` 'Felix Moessbauer' via isar-users [this message]
2025-09-11 9:43 ` 'Prusty, Badrikesh' via isar-users
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7a914ea-82f2-4423-a898-821c3d5fdd5c@siemens.com \
--to=isar-users@googlegroups.com \
--cc=felix.moessbauer@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox