Message ID | 20231128153858.84932-1-masahiroy@kernel.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp4015684vqx; Tue, 28 Nov 2023 07:39:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IHiovocb9+FDUe8CK1553IYiR3j8+gs8yNRu+Hu71ep8C4OUYN6T3Tw/Tnl6W+Y9lH899tX X-Received: by 2002:a05:6a20:430d:b0:187:5dd:16dc with SMTP id h13-20020a056a20430d00b0018705dd16dcmr14859226pzk.17.1701185982218; Tue, 28 Nov 2023 07:39:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701185982; cv=none; d=google.com; s=arc-20160816; b=yWAJG9/Hyek1W24Q/bmWKiZoHZ+uxCSHZvkHX0c/4bqvA0k4Ps3BQrQFumQlmPP+PX oHuQiZOUOYUQqpulyTzFTA2Y0AIHtXLRb8gCOzlDy35Kl38wDONw5c/AqoeoNz5I22UY t+G/Amw+5H9mo0Li2C3AFnYcKG4rjytYSbOSbtVO/faxiZNQ9jmPj7vIK0YupebAEmi3 bvZIJS2CZuHdL33bNy0s8jfwveVBQ4D7oqZuPJZ2GjcCoO2CU4pqp0EcOFPp4eSYOQqc cAxpNELI1cLrQqdAU6y8L/alNWtMaelbxMvproXyewt61+t8uC+qJe0K6BsvNC+cMGig Rufw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=k3ifDnRkCkZ0Zx0g3I3vmU4wSjo3a1oai4g4+KMK1v0=; fh=YRXGQk/HFQa4m0Wt8I2zBZV8pwB8/PsOmZZYsB3Rim8=; b=NvKcRsbS/WwyOOhWSg06sQStj/nQc4JoehbXA4XF9DPydDt0I5e+VpvMQ3GJ0C4Jlv VV6y064BazQmhs8xPdsA/gRAmYMy8XAnJHPAc77gjnnMx3hr85e6hK5P/DQL9yPJ1u4Z OObQKUT+4C1IRrfUSVMrb+PBdl6GEaXXIZSyRpm2F0NyYqpCXP5ZiZJEm0p72h0hItYX hlza8jPD2Smo9Muyjo/70uXfyFtQPMdUCtuVExMJdNHtF2Q/hIK9iWZMk7UQJeDXZPKw FSUsFXUOZs/atvJh3SBZwrl7g8gXZd3m3wSComQzZXORcWkf/4LDqU4Fk/djS3ULKGGz VKaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bxtKZl5c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id s3-20020a656443000000b005b887ff580asi12073436pgv.878.2023.11.28.07.39.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 07:39:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bxtKZl5c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id B6C2D805E00B; Tue, 28 Nov 2023 07:39:38 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346879AbjK1PjV (ORCPT <rfc822;toshivichauhan@gmail.com> + 99 others); Tue, 28 Nov 2023 10:39:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33236 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346835AbjK1PjU (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 28 Nov 2023 10:39:20 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B7B8B0 for <linux-kernel@vger.kernel.org>; Tue, 28 Nov 2023 07:39:27 -0800 (PST) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A32AC433C7; Tue, 28 Nov 2023 15:39:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1701185966; bh=Ul+5JsEr00hCpcNY6/TNQDzkKwuTkuFGMnHWCDK+NiQ=; h=From:To:Cc:Subject:Date:From; b=bxtKZl5cWQvfmShV2blhYD0rDSVuah4Ce0Eozowu4YOmpaYNRnSb6GLgpLG0AWcut Iwr6tTepl394varvsVmU920cR7OmdKvFrcGMfSOrDw46hVs4DQ7pb0ai+zk6vcqzEI je5wWmc/0iegGdNDotkuZ+LeVAASpcsvPazhoKMBOpYcEqEuQFqBWshfM820Qx3y2z HMya6KS6oNDZtscgJA+TbVOPEHr2A11XC49PQSWqJJ27xPhWEmulgKkMjFnb8sfDUi gPs7wsZsQv5AoXdP9Pvs8D93I7da5S3WRRM3tvWajQyOeFFUTWMR7MJPT0hd6d1ik6 wZL1U2qEboNwQ== From: Masahiro Yamada <masahiroy@kernel.org> To: linux-kbuild@vger.kernel.org Cc: Guillem Jover <guillem@debian.org>, Ben Hutchings <ben@decadent.org.uk>, Masahiro Yamada <masahiroy@kernel.org>, Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Nicolas Schier <nicolas@fjasle.eu>, linux-kernel@vger.kernel.org Subject: [PATCH v2] kbuild: deb-pkg: remove the fakeroot builds support Date: Wed, 29 Nov 2023 00:38:58 +0900 Message-Id: <20231128153858.84932-1-masahiroy@kernel.org> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 28 Nov 2023 07:39:38 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783812559357728357 X-GMAIL-MSGID: 1783822792256952597 |
Series |
[v2] kbuild: deb-pkg: remove the fakeroot builds support
|
|
Commit Message
Masahiro Yamada
Nov. 28, 2023, 3:38 p.m. UTC
In 2017, the dpkg suite introduced the rootless builds support with the
following commits:
- 2436807c87b0 ("dpkg-deb: Add support for rootless builds")
- fca1bfe84068 ("dpkg-buildpackage: Add support for rootless builds")
This feature is available in the default dpkg on Debian 10 and Ubuntu
20.04.
Remove the old method.
Additionally, export DEB_RULES_REQUIRES_ROOT=no in case debian/rules is
invoked without dpkg-buildpackage. This change aligns with the Debian
kernel commit 65206e29f378 ("Allow to run d/rules.real without root").
While the upstream kernel currently does not run dh_testroot, it may
be useful in the future.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---
Changes in v2:
- add DEB_RULES_REQUIRES_ROOT=no to debian/rules
scripts/Makefile.package | 4 +---
scripts/package/builddeb | 8 +-------
scripts/package/debian/rules | 2 ++
3 files changed, 4 insertions(+), 10 deletions(-)
Comments
On Wed, 2023-11-29 at 00:38 +0900, Masahiro Yamada wrote: > In 2017, the dpkg suite introduced the rootless builds support with the > following commits: > > - 2436807c87b0 ("dpkg-deb: Add support for rootless builds") > - fca1bfe84068 ("dpkg-buildpackage: Add support for rootless builds") > > This feature is available in the default dpkg on Debian 10 and Ubuntu > 20.04. > > Remove the old method. This seems reasonable. > Additionally, export DEB_RULES_REQUIRES_ROOT=no in case debian/rules is > invoked without dpkg-buildpackage. This change aligns with the Debian > kernel commit 65206e29f378 ("Allow to run d/rules.real without root"). The Debian linux package has multiple makefiles used recursively (rather than included). The referenced commit is kind of a hack to make rootless builds of a subset of binary packages work when invoking one of the lower-level makefiles directly. It works because the package runs dh_builddeb, which checks DEB_RULES_REQUIRES_ROOT. But setting DEB_RULES_REQUIRES_ROOT has absolutely zero effect on dpkg-deb or other low-level tools. > While the upstream kernel currently does not run dh_testroot, it may > be useful in the future. We can do one of: 1. Ignore DEB_RULES_REQUIRES_ROOT, assume that dpkg-deb supports --root-owner-group and use it unconditionally (your v1). 2. Check DEB_RULES_REQUIRES_ROOT, do either fakeroot and chown or dpkg-deb --root-owner-group (current behaviour), and maybe also do the equivalent of dh_testroot. 3. Delegate this to dh_builddeb. Since we use dh_listpackages now, debhelper is already required and this would make things a lot simpler. But the combination of changes in v2 does not make sense to me. Ben. > Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> > --- > > Changes in v2: > - add DEB_RULES_REQUIRES_ROOT=no to debian/rules > > scripts/Makefile.package | 4 +--- > scripts/package/builddeb | 8 +------- > scripts/package/debian/rules | 2 ++ > 3 files changed, 4 insertions(+), 10 deletions(-) > > diff --git a/scripts/Makefile.package b/scripts/Makefile.package > index 0c3adc48dfe8..a81dfb1f5181 100644 > --- a/scripts/Makefile.package > +++ b/scripts/Makefile.package > @@ -109,8 +109,6 @@ debian-orig: linux.tar$(debian-orig-suffix) debian > cp $< ../$(orig-name); \ > fi > > -KBUILD_PKG_ROOTCMD ?= 'fakeroot -u' > - > PHONY += deb-pkg srcdeb-pkg bindeb-pkg > > deb-pkg: private build-type := source,binary > @@ -125,7 +123,7 @@ deb-pkg srcdeb-pkg bindeb-pkg: > $(if $(findstring source, $(build-type)), \ > --unsigned-source --compression=$(KDEB_SOURCE_COMPRESS)) \ > $(if $(findstring binary, $(build-type)), \ > - -R'$(MAKE) -f debian/rules' -j1 -r$(KBUILD_PKG_ROOTCMD) -a$$(cat debian/arch), \ > + -R'$(MAKE) -f debian/rules' -j1 -a$$(cat debian/arch), \ > --no-check-builddeps) \ > $(DPKG_FLAGS)) > > diff --git a/scripts/package/builddeb b/scripts/package/builddeb > index d7dd0d04c70c..2fe51e6919da 100755 > --- a/scripts/package/builddeb > +++ b/scripts/package/builddeb > @@ -36,19 +36,13 @@ create_package() { > sh -c "cd '$pdir'; find . -type f ! -path './DEBIAN/*' -printf '%P\0' \ > | xargs -r0 md5sum > DEBIAN/md5sums" > > - # Fix ownership and permissions > - if [ "$DEB_RULES_REQUIRES_ROOT" = "no" ]; then > - dpkg_deb_opts="--root-owner-group" > - else > - chown -R root:root "$pdir" > - fi > # a+rX in case we are in a restrictive umask environment like 0077 > # ug-s in case we build in a setuid/setgid directory > chmod -R go-w,a+rX,ug-s "$pdir" > > # Create the package > dpkg-gencontrol -p$pname -P"$pdir" > - dpkg-deb $dpkg_deb_opts ${KDEB_COMPRESS:+-Z$KDEB_COMPRESS} --build "$pdir" .. > + dpkg-deb --root-owner-group ${KDEB_COMPRESS:+-Z$KDEB_COMPRESS} --build "$pdir" .. > } > > install_linux_image () { > diff --git a/scripts/package/debian/rules b/scripts/package/debian/rules > index 3dafa9496c63..f23d97087948 100755 > --- a/scripts/package/debian/rules > +++ b/scripts/package/debian/rules > @@ -5,6 +5,8 @@ include debian/rules.vars > > srctree ?= . > > +export DEB_RULES_REQUIRES_ROOT := no > + > ifneq (,$(filter-out parallel=1,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))) > NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) > MAKEFLAGS += -j$(NUMJOBS)
On Wed, Nov 29, 2023 at 1:31 AM Ben Hutchings <ben@decadent.org.uk> wrote: > > On Wed, 2023-11-29 at 00:38 +0900, Masahiro Yamada wrote: > > In 2017, the dpkg suite introduced the rootless builds support with the > > following commits: > > > > - 2436807c87b0 ("dpkg-deb: Add support for rootless builds") > > - fca1bfe84068 ("dpkg-buildpackage: Add support for rootless builds") > > > > This feature is available in the default dpkg on Debian 10 and Ubuntu > > 20.04. > > > > Remove the old method. > > This seems reasonable. > > > > Additionally, export DEB_RULES_REQUIRES_ROOT=no in case debian/rules is > > invoked without dpkg-buildpackage. This change aligns with the Debian > > kernel commit 65206e29f378 ("Allow to run d/rules.real without root"). > > The Debian linux package has multiple makefiles used recursively > (rather than included). The referenced commit is kind of a hack to > make rootless builds of a subset of binary packages work when invoking > one of the lower-level makefiles directly. The upstream kernel does not support individual package build since it is implemented in scripts/package/builddeb shell script. Is the direct execution of debian/rules still worth supporting in the upstream kernel? If the answer is no, "export DEB_RULES_REQUIRES_ROOT=no" is meaningless. > It works because the package runs dh_builddeb, which checks > DEB_RULES_REQUIRES_ROOT. But setting DEB_RULES_REQUIRES_ROOT has > absolutely zero effect on dpkg-deb or other low-level tools. Please let me clarify your statement. Do you mean this? ("is needed" ?) "It is needed because the package runs dh_builddeb, which checks DEB_RULES_REQUIRES_ROOT." > > While the upstream kernel currently does not run dh_testroot, it may > > be useful in the future. > > We can do one of: > > 1. Ignore DEB_RULES_REQUIRES_ROOT, assume that dpkg-deb supports > --root-owner-group and use it unconditionally (your v1). > 2. Check DEB_RULES_REQUIRES_ROOT, do either fakeroot and chown or > dpkg-deb --root-owner-group (current behaviour), and maybe also do > the equivalent of dh_testroot. > 3. Delegate this to dh_builddeb. Since we use dh_listpackages now, > debhelper is already required and this would make things a lot > simpler. > > But the combination of changes in v2 does not make sense to me. I like 1 or 3. If I go with 3., does splitting it into two patches make sense? 1/2: remove fakeroot (just like v1) 2/2: dh_* conversion + "export DEB_RULES_REQUIRES_ROOT=no" -- Best Regards Masahiro Yamada
On Wed, 2023-11-29 at 03:56 +0900, Masahiro Yamada wrote: > On Wed, Nov 29, 2023 at 1:31 AM Ben Hutchings <ben@decadent.org.uk> wrote: > > > > On Wed, 2023-11-29 at 00:38 +0900, Masahiro Yamada wrote: > > > In 2017, the dpkg suite introduced the rootless builds support with the > > > following commits: > > > > > > - 2436807c87b0 ("dpkg-deb: Add support for rootless builds") > > > - fca1bfe84068 ("dpkg-buildpackage: Add support for rootless builds") > > > > > > This feature is available in the default dpkg on Debian 10 and Ubuntu > > > 20.04. > > > > > > Remove the old method. > > > > This seems reasonable. > > > > > > > Additionally, export DEB_RULES_REQUIRES_ROOT=no in case debian/rules is > > > invoked without dpkg-buildpackage. This change aligns with the Debian > > > kernel commit 65206e29f378 ("Allow to run d/rules.real without root"). > > > > The Debian linux package has multiple makefiles used recursively > > (rather than included). The referenced commit is kind of a hack to > > make rootless builds of a subset of binary packages work when invoking > > one of the lower-level makefiles directly. > > > The upstream kernel does not support individual package build > since it is implemented in scripts/package/builddeb shell script. > > > Is the direct execution of debian/rules still worth supporting > in the upstream kernel? I don't have an opinion on that. > If the answer is no, "export DEB_RULES_REQUIRES_ROOT=no" > is meaningless. > > > > It works because the package runs dh_builddeb, which checks > > DEB_RULES_REQUIRES_ROOT. But setting DEB_RULES_REQUIRES_ROOT has > > absolutely zero effect on dpkg-deb or other low-level tools. > > Please let me clarify your statement. > > Do you mean this? ("is needed" ?) > > "It is needed because the package runs dh_builddeb, which checks > DEB_RULES_REQUIRES_ROOT." Yes. > > > While the upstream kernel currently does not run dh_testroot, it may > > > be useful in the future. > > > > We can do one of: > > > > 1. Ignore DEB_RULES_REQUIRES_ROOT, assume that dpkg-deb supports > > --root-owner-group and use it unconditionally (your v1). > > 2. Check DEB_RULES_REQUIRES_ROOT, do either fakeroot and chown or > > dpkg-deb --root-owner-group (current behaviour), and maybe also do > > the equivalent of dh_testroot. > > 3. Delegate this to dh_builddeb. Since we use dh_listpackages now, > > debhelper is already required and this would make things a lot > > simpler. > > > > But the combination of changes in v2 does not make sense to me. > > > > I like 1 or 3. > > > > If I go with 3., > does splitting it into two patches make sense? > > > 1/2: remove fakeroot (just like v1) > 2/2: dh_* conversion + "export DEB_RULES_REQUIRES_ROOT=no" Yes, that makes sense to me. Ben.
diff --git a/scripts/Makefile.package b/scripts/Makefile.package index 0c3adc48dfe8..a81dfb1f5181 100644 --- a/scripts/Makefile.package +++ b/scripts/Makefile.package @@ -109,8 +109,6 @@ debian-orig: linux.tar$(debian-orig-suffix) debian cp $< ../$(orig-name); \ fi -KBUILD_PKG_ROOTCMD ?= 'fakeroot -u' - PHONY += deb-pkg srcdeb-pkg bindeb-pkg deb-pkg: private build-type := source,binary @@ -125,7 +123,7 @@ deb-pkg srcdeb-pkg bindeb-pkg: $(if $(findstring source, $(build-type)), \ --unsigned-source --compression=$(KDEB_SOURCE_COMPRESS)) \ $(if $(findstring binary, $(build-type)), \ - -R'$(MAKE) -f debian/rules' -j1 -r$(KBUILD_PKG_ROOTCMD) -a$$(cat debian/arch), \ + -R'$(MAKE) -f debian/rules' -j1 -a$$(cat debian/arch), \ --no-check-builddeps) \ $(DPKG_FLAGS)) diff --git a/scripts/package/builddeb b/scripts/package/builddeb index d7dd0d04c70c..2fe51e6919da 100755 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb @@ -36,19 +36,13 @@ create_package() { sh -c "cd '$pdir'; find . -type f ! -path './DEBIAN/*' -printf '%P\0' \ | xargs -r0 md5sum > DEBIAN/md5sums" - # Fix ownership and permissions - if [ "$DEB_RULES_REQUIRES_ROOT" = "no" ]; then - dpkg_deb_opts="--root-owner-group" - else - chown -R root:root "$pdir" - fi # a+rX in case we are in a restrictive umask environment like 0077 # ug-s in case we build in a setuid/setgid directory chmod -R go-w,a+rX,ug-s "$pdir" # Create the package dpkg-gencontrol -p$pname -P"$pdir" - dpkg-deb $dpkg_deb_opts ${KDEB_COMPRESS:+-Z$KDEB_COMPRESS} --build "$pdir" .. + dpkg-deb --root-owner-group ${KDEB_COMPRESS:+-Z$KDEB_COMPRESS} --build "$pdir" .. } install_linux_image () { diff --git a/scripts/package/debian/rules b/scripts/package/debian/rules index 3dafa9496c63..f23d97087948 100755 --- a/scripts/package/debian/rules +++ b/scripts/package/debian/rules @@ -5,6 +5,8 @@ include debian/rules.vars srctree ?= . +export DEB_RULES_REQUIRES_ROOT := no + ifneq (,$(filter-out parallel=1,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))) NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) MAKEFLAGS += -j$(NUMJOBS)