* [PATCH] meta: default "Rules-Requires-Root: no", make it configurable
@ 2025-09-07 20:42 'Badrikesh Prusty' via isar-users
2025-09-07 20:54 ` 'Badrikesh Prusty' via isar-users
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: 'Badrikesh Prusty' via isar-users @ 2025-09-07 20:42 UTC (permalink / raw)
To: isar-users; +Cc: badrikesh prusty
From: badrikesh prusty <badrikesh.prusty@siemens.com>
Setting "Rules-Requires-Root: no" in the debian/control file avoids
unnecessarily calling fakeroot in the build environment. Packages which
require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable
with the desired value.
Debian recommends not using fakeroot to build a package if it is not
required i.e., if a package's build doesn't require any privileged
operations such as changing ownership to root, installing/modifying
files as root.
This also fixes hangs observed during fakeroot calls in
dpkg-buildpackage. References:
https://github.com/ilbers/isar/issues/113
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521
Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com>
---
meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 +
meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++
meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 +
meta/recipes-bsp/optee-os/optee-os.inc | 4 +++-
meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 +
.../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++-
meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 +
meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++-
meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 +
meta/recipes-kernel/linux-module/module.inc | 2 ++
meta/recipes-kernel/linux/files/debian/control.tmpl | 1 +
meta/recipes-kernel/linux/linux-custom.inc | 2 ++
12 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
index e6af7554..d4374909 100644
--- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
+++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
@@ -4,6 +4,7 @@ Priority: optional
Standards-Version: 3.9.6
Maintainer: Unknown maintainer <unknown@example.com>
Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
+Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
Package: ${PN}
Architecture: any
diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
index 738b694a..257c5c4c 100644
--- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
+++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
@@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \
optee-os-tadevkit-${OPTEE_NAME} \
"
+DEBIAN_RULES_REQUIRES_ROOT ?= "no"
+
TA_CPU ?= "unknown"
TA_DEV_KIT_DIR ?= "unknown"
OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
@@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \
DEBIAN_COMPAT \
+ DEBIAN_RULES_REQUIRES_ROOT \
OPTEE_FTPM_BUILD_ARGS_EXTRA \
TA_CPU \
TA_DEV_KIT_DIR"
diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
index 7bcd6edb..443578bd 100644
--- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
+++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
@@ -4,6 +4,7 @@ Priority: optional
Standards-Version: 3.9.6
Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
Maintainer: ISAR project <isar-users@googlegroups.com>
+Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
Package: ${DEBIAN_PACKAGE_NAME}
Architecture: ${DISTRO_ARCH}
diff --git a/meta/recipes-bsp/optee-os/optee-os.inc b/meta/recipes-bsp/optee-os/optee-os.inc
index eac75ae8..edd21f58 100644
--- a/meta/recipes-bsp/optee-os/optee-os.inc
+++ b/meta/recipes-bsp/optee-os/optee-os.inc
@@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
+DEBIAN_RULES_REQUIRES_ROOT ?= "no"
+
TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
-TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
+TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
# split strip platform flavor, if any, from the specified platform string
OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
index cf4607e3..311b44c0 100644
--- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
+++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
@@ -4,6 +4,7 @@ Priority: optional
Standards-Version: 3.9.6
Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
Maintainer: ISAR project <isar-users@googlegroups.com>
+Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
Package: trusted-firmware-a-${TF_A_NAME}
Architecture: ${DISTRO_ARCH}
diff --git a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
index 9f143b13..4ea7cc6c 100644
--- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
+++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
@@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin"
DEBIAN_BUILD_DEPENDS ?= ""
+DEBIAN_RULES_REQUIRES_ROOT ?= "no"
+
PROVIDES += "trusted-firmware-a-${TF_A_NAME}"
TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
-TEMPLATE_VARS += "DEBIAN_COMPAT \
+TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \
TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS"
do_prepare_build() {
diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
index 006982c2..6cbdf02c 100644
--- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl
+++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
@@ -4,6 +4,7 @@ Priority: optional
Standards-Version: 3.9.6
Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
Maintainer: ISAR project <isar-users@googlegroups.com>
+Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
Package: u-boot-${MACHINE}
Architecture: ${DISTRO_ARCH}
diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc b/meta/recipes-bsp/u-boot/u-boot-custom.inc
index 2d6dd8e0..e3081ce9 100644
--- a/meta/recipes-bsp/u-boot/u-boot-custom.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc
@@ -20,12 +20,14 @@ SRC_URI += "file://debian/"
DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git"
+DEBIAN_RULES_REQUIRES_ROOT ?= "no"
+
U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}"
U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}"
TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
-TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \
+TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT U_BOOT_CONFIG U_BOOT_BIN \
U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT"
U_BOOT_TOOLS_PACKAGE ?= "0"
diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
index 45fcbc0e..914733d8 100644
--- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl
+++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
@@ -4,6 +4,7 @@ Priority: optional
Standards-Version: 3.9.6
Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
Maintainer: ${MAINTAINER}
+Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
Package: ${PN}
Architecture: any
diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc
index d2a41766..b51e8965 100644
--- a/meta/recipes-kernel/linux-module/module.inc
+++ b/meta/recipes-kernel/linux-module/module.inc
@@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= ""
DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
+DEBIAN_RULES_REQUIRES_ROOT ?= "no"
SRC_URI += "file://debian/"
@@ -63,6 +64,7 @@ TEMPLATE_VARS += " \
KAFLAGS \
MODULE_DIR \
DEBIAN_BUILD_DEPENDS \
+ DEBIAN_RULES_REQUIRES_ROOT \
SIGNATURE_KEYFILE \
SIGNATURE_CERTFILE \
SIGNATURE_HASHFN \
diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl b/meta/recipes-kernel/linux/files/debian/control.tmpl
index a79b86c4..479f8ff0 100644
--- a/meta/recipes-kernel/linux/files/debian/control.tmpl
+++ b/meta/recipes-kernel/linux/files/debian/control.tmpl
@@ -4,6 +4,7 @@ Priority: optional
Maintainer: ${MAINTAINER}
Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, ${KBUILD_DEPENDS}
Homepage: http://www.kernel.org/
+Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
Package: linux-image-${KERNEL_NAME_PROVIDED}
Build-Profiles: <kernel>
diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc
index 01e9bff7..e073206f 100644
--- a/meta/recipes-kernel/linux/linux-custom.inc
+++ b/meta/recipes-kernel/linux/linux-custom.inc
@@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR"
# pinned due to known or possible issues with compat 12
DEBIAN_COMPAT:buster = "10"
+DEBIAN_RULES_REQUIRES_ROOT ?= "no"
+
KBUILD_DEPENDS ?= "build-essential:native, \
libelf-dev:native, \
libncurses-dev:native, \
--
2.47.3
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250907204258.201718-1-badrikesh.prusty%40siemens.com.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] meta: default "Rules-Requires-Root: no", make it configurable
2025-09-07 20:42 [PATCH] meta: default "Rules-Requires-Root: no", make it configurable 'Badrikesh Prusty' via isar-users
@ 2025-09-07 20:54 ` 'Badrikesh Prusty' via isar-users
2025-09-08 5:28 ` 'Jan Kiszka' via isar-users
2025-09-08 8:02 ` 'Felix Moessbauer' via isar-users
2 siblings, 0 replies; 5+ messages in thread
From: 'Badrikesh Prusty' via isar-users @ 2025-09-07 20:54 UTC (permalink / raw)
To: isar-users
[-- Attachment #1.1: Type: text/plain, Size: 10847 bytes --]
Hello,
This is follow up of the
patch: https://groups.google.com/g/isar-users/c/MYQDhaHPtX0/m/2ZWf0he8CgAJ
Some recipes use a predefined control.tmpl file instead of generating it
with the debianize class.
Thanks,
Badrikesh
On Monday, September 8, 2025 at 2:13:15 AM UTC+5:30 Badrikesh Prusty wrote:
> From: badrikesh prusty <badrikes...@siemens.com>
>
> Setting "Rules-Requires-Root: no" in the debian/control file avoids
> unnecessarily calling fakeroot in the build environment. Packages which
> require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable
> with the desired value.
>
> Debian recommends not using fakeroot to build a package if it is not
> required i.e., if a package's build doesn't require any privileged
> operations such as changing ownership to root, installing/modifying
> files as root.
>
> This also fixes hangs observed during fakeroot calls in
> dpkg-buildpackage. References:
> https://github.com/ilbers/isar/issues/113
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521
>
> Signed-off-by: Badrikesh Prusty <badrikes...@siemens.com>
> ---
> meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++
> meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-os/optee-os.inc | 4 +++-
> meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 +
> .../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++-
> meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++-
> meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux-module/module.inc | 2 ++
> meta/recipes-kernel/linux/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux/linux-custom.inc | 2 ++
> 12 files changed, 22 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> index e6af7554..d4374909 100644
> --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Maintainer: Unknown maintainer <unk...@example.com>
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}),
> ${DEBIAN_BUILD_DEPENDS}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> index 738b694a..257c5c4c 100644
> --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \
> optee-os-tadevkit-${OPTEE_NAME} \
> "
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TA_CPU ?= "unknown"
> TA_DEV_KIT_DIR ?= "unknown"
> OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
> TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \
> DEBIAN_COMPAT \
> + DEBIAN_RULES_REQUIRES_ROOT \
> OPTEE_FTPM_BUILD_ARGS_EXTRA \
> TA_CPU \
> TA_DEV_KIT_DIR"
> diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> index 7bcd6edb..443578bd 100644
> --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}),
> ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-...@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${DEBIAN_PACKAGE_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/optee-os/optee-os.inc
> b/meta/recipes-bsp/optee-os/optee-os.inc
> index eac75ae8..edd21f58 100644
> --- a/meta/recipes-bsp/optee-os/optee-os.inc
> +++ b/meta/recipes-bsp/optee-os/optee-os.inc
> @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
>
> DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME
> DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME
> DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM
> OPTEE_EXTRA_BUILDARGS"
>
> # split strip platform flavor, if any, from the specified platform string
> OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> index cf4607e3..311b44c0 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}),
> ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-...@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: trusted-firmware-a-${TF_A_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git
> a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> index 9f143b13..4ea7cc6c 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin"
>
> DEBIAN_BUILD_DEPENDS ?= ""
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> PROVIDES += "trusted-firmware-a-${TF_A_NAME}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT \
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \
> TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS"
>
> do_prepare_build() {
> diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> index 006982c2..6cbdf02c 100644
> --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}),
> ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-...@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: u-boot-${MACHINE}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc
> b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> index 2d6dd8e0..e3081ce9 100644
> --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc
> +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> @@ -20,12 +20,14 @@ SRC_URI += "file://debian/"
>
> DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}"
>
> U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \
> +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT
> U_BOOT_CONFIG U_BOOT_BIN \
> U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT"
>
> U_BOOT_TOOLS_PACKAGE ?= "0"
> diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> index 45fcbc0e..914733d8 100644
> --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}),
> ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ${MAINTAINER}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-kernel/linux-module/module.inc
> b/meta/recipes-kernel/linux-module/module.inc
> index d2a41766..b51e8965 100644
> --- a/meta/recipes-kernel/linux-module/module.inc
> +++ b/meta/recipes-kernel/linux-module/module.inc
> @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= ""
> DEB_BUILD_PROFILES += "${@'pkg.signwith' if
> bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEPENDS += "${@'module-signer secure-boot-secrets' if
> bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if
> bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
>
> SRC_URI += "file://debian/"
>
> @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \
> KAFLAGS \
> MODULE_DIR \
> DEBIAN_BUILD_DEPENDS \
> + DEBIAN_RULES_REQUIRES_ROOT \
> SIGNATURE_KEYFILE \
> SIGNATURE_CERTFILE \
> SIGNATURE_HASHFN \
> diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl
> b/meta/recipes-kernel/linux/files/debian/control.tmpl
> index a79b86c4..479f8ff0 100644
> --- a/meta/recipes-kernel/linux/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Maintainer: ${MAINTAINER}
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio,
> ${KBUILD_DEPENDS}
> Homepage: http://www.kernel.org/
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: linux-image-${KERNEL_NAME_PROVIDED}
> Build-Profiles: <kernel>
> diff --git a/meta/recipes-kernel/linux/linux-custom.inc
> b/meta/recipes-kernel/linux/linux-custom.inc
> index 01e9bff7..e073206f 100644
> --- a/meta/recipes-kernel/linux/linux-custom.inc
> +++ b/meta/recipes-kernel/linux/linux-custom.inc
> @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR"
> # pinned due to known or possible issues with compat 12
> DEBIAN_COMPAT:buster = "10"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> KBUILD_DEPENDS ?= "build-essential:native, \
> libelf-dev:native, \
> libncurses-dev:native, \
> --
> 2.47.3
>
>
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/242594a2-a961-4735-abf3-3b0c95f1f09fn%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 14088 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] meta: default "Rules-Requires-Root: no", make it configurable
2025-09-07 20:42 [PATCH] meta: default "Rules-Requires-Root: no", make it configurable 'Badrikesh Prusty' via isar-users
2025-09-07 20:54 ` 'Badrikesh Prusty' via isar-users
@ 2025-09-08 5:28 ` 'Jan Kiszka' via isar-users
2025-09-08 8:02 ` 'Felix Moessbauer' via isar-users
2 siblings, 0 replies; 5+ messages in thread
From: 'Jan Kiszka' via isar-users @ 2025-09-08 5:28 UTC (permalink / raw)
To: Badrikesh Prusty, isar-users
On 07.09.25 22:42, 'Badrikesh Prusty' via isar-users wrote:
> From: badrikesh prusty <badrikesh.prusty@siemens.com>
>
> Setting "Rules-Requires-Root: no" in the debian/control file avoids
> unnecessarily calling fakeroot in the build environment. Packages which
> require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable
> with the desired value.
>
> Debian recommends not using fakeroot to build a package if it is not
> required i.e., if a package's build doesn't require any privileged
> operations such as changing ownership to root, installing/modifying
> files as root.
>
> This also fixes hangs observed during fakeroot calls in
> dpkg-buildpackage. References:
> https://github.com/ilbers/isar/issues/113
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521
>
> Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com>
> ---
> meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++
> meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-os/optee-os.inc | 4 +++-
> meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 +
> .../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++-
> meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++-
> meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux-module/module.inc | 2 ++
> meta/recipes-kernel/linux/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux/linux-custom.inc | 2 ++
> 12 files changed, 22 insertions(+), 3 deletions(-)
You are missing the most important control point:
meta/classes/debianize.bbclass
But not already the changes here justify a RECIPE-API-CHANGELOG.md entry.
BTW, what about meta-isar/recipes-app/snake4/files/debian/control
and meta-isar/recipes-bsp/optee-examples/files/debian/control.tmpl?
>
> diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> index e6af7554..d4374909 100644
> --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Maintainer: Unknown maintainer <unknown@example.com>
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
Why making this a variable? optee-client already hard-codes it to no.
Applies to the others as well.
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> index 738b694a..257c5c4c 100644
> --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \
> optee-os-tadevkit-${OPTEE_NAME} \
> "
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TA_CPU ?= "unknown"
> TA_DEV_KIT_DIR ?= "unknown"
> OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
> TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \
> DEBIAN_COMPAT \
> + DEBIAN_RULES_REQUIRES_ROOT \
> OPTEE_FTPM_BUILD_ARGS_EXTRA \
> TA_CPU \
> TA_DEV_KIT_DIR"
> diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> index 7bcd6edb..443578bd 100644
> --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${DEBIAN_PACKAGE_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/optee-os/optee-os.inc b/meta/recipes-bsp/optee-os/optee-os.inc
> index eac75ae8..edd21f58 100644
> --- a/meta/recipes-bsp/optee-os/optee-os.inc
> +++ b/meta/recipes-bsp/optee-os/optee-os.inc
> @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
>
> DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
>
> # split strip platform flavor, if any, from the specified platform string
> OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> index cf4607e3..311b44c0 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: trusted-firmware-a-${TF_A_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> index 9f143b13..4ea7cc6c 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin"
>
> DEBIAN_BUILD_DEPENDS ?= ""
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> PROVIDES += "trusted-firmware-a-${TF_A_NAME}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT \
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \
> TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS"
>
> do_prepare_build() {
> diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> index 006982c2..6cbdf02c 100644
> --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: u-boot-${MACHINE}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> index 2d6dd8e0..e3081ce9 100644
> --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc
> +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> @@ -20,12 +20,14 @@ SRC_URI += "file://debian/"
>
> DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}"
>
> U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \
> +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT U_BOOT_CONFIG U_BOOT_BIN \
> U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT"
>
> U_BOOT_TOOLS_PACKAGE ?= "0"
> diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> index 45fcbc0e..914733d8 100644
> --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ${MAINTAINER}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc
> index d2a41766..b51e8965 100644
> --- a/meta/recipes-kernel/linux-module/module.inc
> +++ b/meta/recipes-kernel/linux-module/module.inc
> @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= ""
> DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
>
> SRC_URI += "file://debian/"
>
> @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \
> KAFLAGS \
> MODULE_DIR \
> DEBIAN_BUILD_DEPENDS \
> + DEBIAN_RULES_REQUIRES_ROOT \
> SIGNATURE_KEYFILE \
> SIGNATURE_CERTFILE \
> SIGNATURE_HASHFN \
> diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl b/meta/recipes-kernel/linux/files/debian/control.tmpl
> index a79b86c4..479f8ff0 100644
> --- a/meta/recipes-kernel/linux/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Maintainer: ${MAINTAINER}
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, ${KBUILD_DEPENDS}
> Homepage: http://www.kernel.org/
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: linux-image-${KERNEL_NAME_PROVIDED}
> Build-Profiles: <kernel>
> diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc
> index 01e9bff7..e073206f 100644
> --- a/meta/recipes-kernel/linux/linux-custom.inc
> +++ b/meta/recipes-kernel/linux/linux-custom.inc
> @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR"
> # pinned due to known or possible issues with compat 12
> DEBIAN_COMPAT:buster = "10"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> KBUILD_DEPENDS ?= "build-essential:native, \
> libelf-dev:native, \
> libncurses-dev:native, \
Do we have packages in isar where we know that root is indeed needed?
Jan
--
Siemens AG, Foundational Technologies
Linux Expert Center
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/e9e7f9af-9f53-437d-b6d7-59c58280ff2a%40siemens.com.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] meta: default "Rules-Requires-Root: no", make it configurable
2025-09-07 20:42 [PATCH] meta: default "Rules-Requires-Root: no", make it configurable 'Badrikesh Prusty' via isar-users
2025-09-07 20:54 ` 'Badrikesh Prusty' via isar-users
2025-09-08 5:28 ` 'Jan Kiszka' via isar-users
@ 2025-09-08 8:02 ` 'Felix Moessbauer' via isar-users
2025-09-11 9:43 ` 'Prusty, Badrikesh' via isar-users
2 siblings, 1 reply; 5+ messages in thread
From: 'Felix Moessbauer' via isar-users @ 2025-09-08 8:02 UTC (permalink / raw)
To: isar-users
On 9/7/25 22:42, 'Badrikesh Prusty' via isar-users wrote:
> From: badrikesh prusty <badrikesh.prusty@siemens.com>
>
> Setting "Rules-Requires-Root: no" in the debian/control file avoids
> unnecessarily calling fakeroot in the build environment. Packages which
> require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable
> with the desired value.
>
> Debian recommends not using fakeroot to build a package if it is not
> required i.e., if a package's build doesn't require any privileged
> operations such as changing ownership to root, installing/modifying
> files as root.
>
> This also fixes hangs observed during fakeroot calls in
> dpkg-buildpackage. References:
> https://github.com/ilbers/isar/issues/113
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521
Thanks for bringing this upstream as well. I hope they will backport the
fakeroot fix, as indicated in 1114644. Once we have that, we can / have
to also update the kas container.
Anyways, your patch does not fix the hang, it just makes it less likely
as now more packages are build without fakeroot. It merely is an
optimization.
While debian does not recommend to set this to yes, I'm wondering if the
default is still yes (or if that changed in trixie).
Felix
>
> Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com>
> ---
> meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++
> meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/optee-os/optee-os.inc | 4 +++-
> meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 +
> .../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++-
> meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 +
> meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++-
> meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux-module/module.inc | 2 ++
> meta/recipes-kernel/linux/files/debian/control.tmpl | 1 +
> meta/recipes-kernel/linux/linux-custom.inc | 2 ++
> 12 files changed, 22 insertions(+), 3 deletions(-)
>
> diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> index e6af7554..d4374909 100644
> --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Maintainer: Unknown maintainer <unknown@example.com>
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> index 738b694a..257c5c4c 100644
> --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc
> @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \
> optee-os-tadevkit-${OPTEE_NAME} \
> "
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TA_CPU ?= "unknown"
> TA_DEV_KIT_DIR ?= "unknown"
> OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " "
> TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl"
> TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \
> DEBIAN_COMPAT \
> + DEBIAN_RULES_REQUIRES_ROOT \
> OPTEE_FTPM_BUILD_ARGS_EXTRA \
> TA_CPU \
> TA_DEV_KIT_DIR"
> diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> index 7bcd6edb..443578bd 100644
> --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${DEBIAN_PACKAGE_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/optee-os/optee-os.inc b/meta/recipes-bsp/optee-os/optee-os.inc
> index eac75ae8..edd21f58 100644
> --- a/meta/recipes-bsp/optee-os/optee-os.inc
> +++ b/meta/recipes-bsp/optee-os/optee-os.inc
> @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}"
>
> DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS"
>
> # split strip platform flavor, if any, from the specified platform string
> OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}"
> diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> index cf4607e3..311b44c0 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: trusted-firmware-a-${TF_A_NAME}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> index 9f143b13..4ea7cc6c 100644
> --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc
> @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin"
>
> DEBIAN_BUILD_DEPENDS ?= ""
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> PROVIDES += "trusted-firmware-a-${TF_A_NAME}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "DEBIAN_COMPAT \
> +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \
> TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS"
>
> do_prepare_build() {
> diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> index 006982c2..6cbdf02c 100644
> --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ISAR project <isar-users@googlegroups.com>
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: u-boot-${MACHINE}
> Architecture: ${DISTRO_ARCH}
> diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> index 2d6dd8e0..e3081ce9 100644
> --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc
> +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc
> @@ -20,12 +20,14 @@ SRC_URI += "file://debian/"
>
> DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}"
>
> U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}"
>
> TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl"
> -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \
> +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT U_BOOT_CONFIG U_BOOT_BIN \
> U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT"
>
> U_BOOT_TOOLS_PACKAGE ?= "0"
> diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> index 45fcbc0e..914733d8 100644
> --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Standards-Version: 3.9.6
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS}
> Maintainer: ${MAINTAINER}
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: ${PN}
> Architecture: any
> diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc
> index d2a41766..b51e8965 100644
> --- a/meta/recipes-kernel/linux-module/module.inc
> +++ b/meta/recipes-kernel/linux-module/module.inc
> @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= ""
> DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}"
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
>
> SRC_URI += "file://debian/"
>
> @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \
> KAFLAGS \
> MODULE_DIR \
> DEBIAN_BUILD_DEPENDS \
> + DEBIAN_RULES_REQUIRES_ROOT \
> SIGNATURE_KEYFILE \
> SIGNATURE_CERTFILE \
> SIGNATURE_HASHFN \
> diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl b/meta/recipes-kernel/linux/files/debian/control.tmpl
> index a79b86c4..479f8ff0 100644
> --- a/meta/recipes-kernel/linux/files/debian/control.tmpl
> +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl
> @@ -4,6 +4,7 @@ Priority: optional
> Maintainer: ${MAINTAINER}
> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, ${KBUILD_DEPENDS}
> Homepage: http://www.kernel.org/
> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT}
>
> Package: linux-image-${KERNEL_NAME_PROVIDED}
> Build-Profiles: <kernel>
> diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc
> index 01e9bff7..e073206f 100644
> --- a/meta/recipes-kernel/linux/linux-custom.inc
> +++ b/meta/recipes-kernel/linux/linux-custom.inc
> @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR"
> # pinned due to known or possible issues with compat 12
> DEBIAN_COMPAT:buster = "10"
>
> +DEBIAN_RULES_REQUIRES_ROOT ?= "no"
> +
> KBUILD_DEPENDS ?= "build-essential:native, \
> libelf-dev:native, \
> libncurses-dev:native, \
--
Siemens AG
Linux Expert Center
Friedrich-Ludwig-Bauer-Str. 3
85748 Garching, Germany
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/e7a914ea-82f2-4423-a898-821c3d5fdd5c%40siemens.com.
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: [PATCH] meta: default "Rules-Requires-Root: no", make it configurable
2025-09-08 8:02 ` 'Felix Moessbauer' via isar-users
@ 2025-09-11 9:43 ` 'Prusty, Badrikesh' via isar-users
0 siblings, 0 replies; 5+ messages in thread
From: 'Prusty, Badrikesh' via isar-users @ 2025-09-11 9:43 UTC (permalink / raw)
To: Kiszka, Jan, MOESSBAUER, Felix, isar-users
Hi Jan and Felix,
Thanks for your response.
> BTW, what about meta-isar/recipes-app/snake4/files/debian/control
> and meta-isar/recipes-bsp/optee-examples/files/debian/control.tmpl?
Will check and update.
> You are missing the most important control point:
> meta/classes/debianize.bbclass
>
> But not already the changes here justify a RECIPE-API-CHANGELOG.md entry.
I saw the patch from Issac True, did the changes in debianize.bbclass: https://groups.google.com/g/isar-users/c/MYQDhaHPtX0
Avoided duplicating here.
> Why making this a variable? optee-client already hard-codes it to no.
> Applies to the others as well.
>
> Do we have packages in isar where we know that root is indeed needed?
Yes, I initially thought the same, but needed some suggestions. Since I didn't find any recipe requiring root permissions to build (as we're not installing anything to the system paths), I also tested building all the recipes with Rules-Requires-Root: no. The build progressed fine.
On salsa.debian.org, I checked some package sources like Linux, U-Boot, etc., and they build without requiring fakeroot.
Should I avoid creating a variable and setting it to no by default for all of these ?
> While debian does not recommend to set this to yes, I'm wondering if the
> default is still yes (or if that changed in trixie).
With dpkg version 1.22.13, which is present in Debian Trixie, the default value is no.
In dpkg versions used in Debian Bookworm and earlier, the default value of Rules-Requires-Root was binary-targets.
> Anyways, your patch does not fix the hang, it just makes it less likely
> as now more packages are build without fakeroot. It merely is an
> optimization.
Yes, that's true. I also noticed that it builds slightly faster on Debian Bookworm-not a significant difference, but it may become noticeable with longer tasks.
Regards,
Badrikesh
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/SG2PR06MB51077A2852C1F5C28EA9DF8D9109A%40SG2PR06MB5107.apcprd06.prod.outlook.com.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-09-11 9:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-07 20:42 [PATCH] meta: default "Rules-Requires-Root: no", make it configurable 'Badrikesh Prusty' via isar-users
2025-09-07 20:54 ` 'Badrikesh Prusty' via isar-users
2025-09-08 5:28 ` 'Jan Kiszka' via isar-users
2025-09-08 8:02 ` 'Felix Moessbauer' via isar-users
2025-09-11 9:43 ` 'Prusty, Badrikesh' via isar-users
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox