Web lists-archives.com

Re: RFC: Support for selective usage of (fake)root during package build (R³)

Niels Thykier:
> Hi
> We have written a new specification for supporting selective usage of
> (fake)root during package builds (see attached file).  The specification
> defines a new field called "Rules-Requires-Root" (R³ for short) that
> enables maintainers to define if and how their package requires root
> during package build.
> The specification is accompanied by an initial implementation in dpkg
> and debhelper (in unstable), so you can experiment with it already now.
> While dpkg and debhelper implement the entire specification, there are
> still some limitations in what we can support at the moment.  These
> limitations are listed in the "Limitations" section below.
>  * Please, review the specification plus implementations and provide
>    feedback on the proposal.
>  * Deadline for feedback: 2 weeks from today (but we are happy to extend
>    it if people find this too short).
>    - if there are no major concerns with this proposal at that time
>      we will consider the specification as stable, and mark it as so.
>  * Even though we think the current specification is solid, as long
>    as it is not marked as stable, it might change its semantics, and
>    any early adopter should be prepared to adapt to new updates.
> [...]
> Thanks,
> Guillem and Niels


While there has not been any comments / feedback on devel-devel, we have
seen about 35-40 packages adopting R³ since the proposal was posted to
debian-devel. :)
  This puts us on about ~50 packages that can now build without
(fake)root today (per [codesearch query]).

 * Please consider taking R³ for a spin and see if it works for your

 * Thanks to Simon McVittie (#880095), dh_girepository now supports
   R³=no builds (available both in unstable and testing).

 * If your package is (bit-for-bit) reproducible, then the checksum will
   generally remain the same when you adopt R³ (assuming you fixate
   package version, build-dependencies, etc.).

 * Even when you do not have/get a bit-for-bit reproducible output,
   there is always diffoscope to tell you what changed.


PS: Thanks to codesearch.d.n for making a (mostly) "silent adoption"


[codesearch query]:

NB: There are 5 unique packages in the "per package view".  Currently,
dpkg is still "opt'ing out" but is expected to opt-in on the 1.19.1 upload.