Hi Niels, thanks a lot for your answer.
* Niels Thykier <[email protected]> [2025-08-18 18:08]:
The safer option would be for `debrebuild` to always pull in `fakeroot` when in doubt. I would not like it personally because I want to remove `fakeroot` plus the design choice for only pulling in direct declared dependencies.
I totally agree that we should get rid of fakeroot. Actually I think we could do that today by using $build_as_root_when_needed on the buildds.
That being said, I do not understand this weird hybrid setup where we can do chown to root but we do not actually have root permissions. A true root (or `fakeroot`) would ignore the not being the owner and not having relevant permissions. A normal user would fall at the `install -o` part. I find it scary that we somehow managed to get/invent a new failure mode where we are 50% root. Therefore, I am less sure if my fix works here or it just runs into the "50% root" problem a few lines later now.
I think you are jumping to conclusions too fast here. You can get the same failure by building smartlist as root whereas building it as root with fakeroot works. So smartlist detects fakeroot in some way and behaves differently. @Santiago could you give some insights here?
I think those packages with the LD_LIBRARY_PATH should get a bug report like #1104998. For shellia and bup it should be enough to disable the testsThey can also `Build-Depends: fakeroot <!nocheck>` and run the tests under `fakeroot` if it is because the tests need to run under `(fake)root`. This is the correct thing to do if the test wants to run under root since the Debian packaging system expects tests to be run without root. Blindly calling `fakeroot` from `debian/rules` without a `Build-Depends` is a bug in the package - always was, just not very visible given `fakeroot` was always there.
For bup I would prefer if the package maintainer simply disables the test as that's what the package does in the fakeroot case anyhow:
https://sources.debian.org/src/bup/0.33.7-1/test/int/test_metadata.py?hl=272#L272And is probably sensible as the test seems to try loading kernel modules. If they do not want to patch the upstream code, they can also set the $FAKEROOTKEY variable in d/rules as that's what the packages checks:
https://sources.debian.org/src/bup/0.33.7-1/lib/bup/helpers.py?hl=430#L430 Setting the variable is enough to make the package reproducible. Similar for shellia which tests for $FAKED_MODE here: https://sources.debian.org/src/shellia/5.9/sshd2222#L115And setting it in d/rules makes the package reproducible. Note that this again just skips the test as sshd is not installed into the build environment.
I am less sure if `smartlist` could be converted to `dh-sequence-debputy-rrr` since it seems to disable `dh_md5sums` explicitly, which is currently not supported under `debputy` currently. I would have to understand the use-case and add support for it first provided the conversion has any interest at all.
@Santiago can you give some insights here? Cheers Jochen
signature.asc
Description: PGP signature
