Package: snapd
Severity: important
A tool we use in raspbian to check that packages listed in built-using are
actually available recently popped up the following.
failed to find
s/sbuild-build-depends-core-dummy/sbuild-build-depends-core-dummy_0.invalid.0.dsc
needed by package snapd
failed to find
s/sbuild-build-depends-snapd-dummy/sbuild-build-depends-snapd-dummy_0.invalid.0.dsc
needed by package snapd
I traced this back to the following code in debian/rules
# Currently, we enable confinement for Ubuntu only, not for derivatives,
# because derivatives may have different kernels that don't support all the
# required confinement features and we don't to mislead anyone about the
# security of the system. Discuss a proper approach to this for downstreams
# if and when they approach us
ifeq ($(shell dpkg-vendor --query Vendor),Ubuntu)
# On Ubuntu 16.04 we need to produce a build that can be used on wide
# variety of systems. As such we prefer static linking over dynamic linking
# for stability, predicability and easy of deployment. We need to link some
# things dynamically though: udev has no stable IPC protocol between
# libudev and udevd so we need to link with it dynamically.
VENDOR_ARGS=--enable-nvidia-ubuntu --enable-static-libcap
--enable-static-libapparmor --enable-static-libseccomp
BUILT_USING_PACKAGES=libcap-dev libapparmor-dev libseccomp-dev
else
ifeq ($(shell dpkg-vendor --query Vendor),Debian)
VENDOR_ARGS=--disable-apparmor --disable-seccomp --enable-static-libcap
BUILT_USING_PACKAGES=libcap-dev
else
VENDOR_ARGS=--disable-apparmor
endif
endif
BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), '
-W $(BUILT_USING_PACKAGES))
There are a couple of issues I see with this code.
1. In general the principle of least surprise says that derivatives should be
treated the same as their parent distros unless they have requested otherwise.
A justification is given for treating deriviatives of Ubuntu differently from
Ubuntu but no justification is given for treating derivatives of Debian
differently from Debian.
2. If BUILT_USING_PACKAGES is empty as it currently is on everything other than
Debian and Ubuntu then BUILT_USING includes entries for every package on the
system. Including things like dummy packages built by sbuild.
I would also note that many deriviatives don't rebuild everything, so just
because you only build with certain options on Ubuntu and not it's derivatives
doesn't mean that the packages built with those options will only be used on
Ubuntu and not it's derivatives.
