On Wed, Jan 01, 2025 at 03:00:19PM +0100, Niels Thykier wrote: > On Wed, 1 Jan 2025 14:32:17 +0100 Sebastian Ramacher <sramac...@debian.org> > wrote: > > Source: djbdns > > Version: 1:1.05-17 > > Severity: serious > > Tags: ftbfs > > Justification: fails to build from source (but built successfully in the > > past) > > X-Debbugs-Cc: sramac...@debian.org > > > > https://buildd.debian.org/status/fetch.php?pkg=djbdns&arch=amd64&ver=1%3A1.05-17&stamp=1735573976&raw=0 > > > > [...] > > Hi, > > I saw this error with ipsvd as well. > > The solution is to run that particular part under `fakeroot` (remember > explicit Builds-Depends on `fakeroot`). > > I am not sure why it happens now. In ipsvd it was incorrectly attributed to > a `Rules-Requires-Root: no` change, but reverting it did not fix the > problem. I suspect something has changed on the buildd side recently.
Thanks for looking into this. I believe that what recently changed was that the buildds started using user namespaces instead of schroot environments. Thus, there are some issues around setgroups(2) as documented in user_namespaces(7); I will look into this more. The truth is, I noticed the messages about the buildds switching to user namespaces, and the warning in the schroot package's changelog, and I thought "yeah, I will switch away from directory schroots to something else, but not today, I don't want to switch back to tarballs right now, and I have some personal tooling around schroot, so let's do that later" :) So I guess only catching this on the buildds is mostly on me - I knowingly did not run my test builds in the same environment, since I kind of thought there was no way anything that matters would be different :) Well, apparently there is something different... Thanks for the fakeroot suggestion, I was wondering whether to slap the full Rules-Requires-Root: yes bandaid temporarily, but I know that is the nuclear option. The fakeroot change might work until I look a bit deeper into this, set up a "real" build environment locally, and try to figure out whether there is any chance to help by writing to /proc/self/setgroups or something... G'luck, Peter PS. BTW I haven't mentioned that, but, Niels, thanks for your continued work on debhelper and for your push for Rules-Requires-Root: no. For the packages I maintain, this is mostly already handled by declaring dpkg-build-api v1, but still it is a good idea to apply it by default across the board. -- Peter Pentchev r...@ringlet.net r...@debian.org pe...@morpheusly.com PGP key: https://www.ringlet.net/roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
signature.asc
Description: PGP signature
