Re: RFC: Support for selective usage of (fake)root during package build (R³)
- Date: Sat, 04 Nov 2017 07:14:00 +0000
- From: Niels Thykier <niels@xxxxxxxxxxx>
- Subject: Re: RFC: Support for selective usage of (fake)root during package build (R³)
> We have written a new specification for supporting selective usage of
> (fake)root during package builds (see attached file). The specification
> defines a new field called "Rules-Requires-Root" (R³ for short) that
> enables maintainers to define if and how their package requires root
> during package build.
> The specification is accompanied by an initial implementation in dpkg
> and debhelper (in unstable), so you can experiment with it already now.
> While dpkg and debhelper implement the entire specification, there are
> still some limitations in what we can support at the moment. These
> limitations are listed in the "Limitations" section below.
> * Please, review the specification plus implementations and provide
> feedback on the proposal.
> * Deadline for feedback: 2 weeks from today (but we are happy to extend
> it if people find this too short).
> - if there are no major concerns with this proposal at that time
> we will consider the specification as stable, and mark it as so.
> * Even though we think the current specification is solid, as long
> as it is not marked as stable, it might change its semantics, and
> any early adopter should be prepared to adapt to new updates.
> Guillem and Niels
While there has not been any comments / feedback on devel-devel, we have
seen about 35-40 packages adopting R³ since the proposal was posted to
This puts us on about ~50 packages that can now build without
(fake)root today (per [codesearch query]).
* Please consider taking R³ for a spin and see if it works for your
* Thanks to Simon McVittie (#880095), dh_girepository now supports
R³=no builds (available both in unstable and testing).
* If your package is (bit-for-bit) reproducible, then the checksum will
generally remain the same when you adopt R³ (assuming you fixate
package version, build-dependencies, etc.).
* Even when you do not have/get a bit-for-bit reproducible output,
there is always diffoscope to tell you what changed.
PS: Thanks to codesearch.d.n for making a (mostly) "silent adoption"
NB: There are 5 unique packages in the "per package view". Currently,
dpkg is still "opt'ing out" but is expected to opt-in on the 1.19.1 upload.