| Message ID | 20250814143405.204360-2-itrue@emlix.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | debianize: set Rules-Requires-Root in debian/control | expand |
On 14.08.25 16:34, Isaac True wrote: > Setting "Rules-Requires-Root: no" in the debian/control file avoids > unnecessarily calling fakeroot in the build environment. Packages which > require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable > with the desired value. Hmm, but the Policy says it's default-no anyway: https://www.debian.org/doc/debian-policy/ch-controlfields.html#rules-requires-root Did that default change recently? > > This is specifically useful when using dpkg-raw, as it no longer needs > fakeroot to create the packages. This provides a considerable speedup in > some environments (e.g. systems with very high open file descriptor > limits and specific versions of fakeroot). > > Signed-off-by: Isaac True <itrue@emlix.com> > --- > meta/classes/debianize.bbclass | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/meta/classes/debianize.bbclass b/meta/classes/debianize.bbclass > index 4989c601..eeebea69 100644 > --- a/meta/classes/debianize.bbclass > +++ b/meta/classes/debianize.bbclass > @@ -16,6 +16,7 @@ DEBIAN_BREAKS ??= "" > DEBIAN_MULTI_ARCH ??= "no" > DEBIAN_COMPAT ??= "10" > DEBIAN_CHANGELOG_TIMESTAMP ??= "3600" > +DEBIAN_RULES_REQUIRES_ROOT ??= "no" > DESCRIPTION ??= "must not be empty" > MAINTAINER ??= "Unknown maintainer <unknown@example.com>" > > @@ -74,7 +75,8 @@ deb_create_control[vardeps] += "DEBIANIZE_BUILD_DEPENDS \ > DEBIAN_PROVIDES \ > DEBIAN_REPLACES \ > DEBIAN_BREAKS \ > - DEBIAN_CONFLICTS" > + DEBIAN_CONFLICTS \ > + DEBIAN_RULES_REQUIRES_ROOT" > deb_create_control() { > cat << EOF > ${S}/debian/control > Source: ${BPN} > @@ -83,6 +85,7 @@ Priority: optional > Standards-Version: 3.9.6 > Maintainer: ${MAINTAINER} > Build-Depends: ${@ deb_list_beautify(d, 'DEBIANIZE_BUILD_DEPENDS')} > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${BPN} > Architecture: ${DPKG_ARCH} > This is a change that first of all requires an entry in RECIPE-API-CHANGELOG.md. But you also need to explain if this is fine down to buster (we still support building for it, yes, it's ELTS). And you need to ensure that it will not change anything for existing layers - which is in conflict with the expressed intention of this change. Jan
> > Hmm, but the Policy says it's default-no anyway: > > https://www.debian.org/doc/debian-policy/ch-controlfields.html#rules-requires-root > > Did that default change recently? According to the deb-src-control man page (https://www.man7.org/linux/man-pages/man5/deb-src-control.5.html) this only became the default with dpkg >= 1.22.13, which is relatively recent. Anything with a dpkg version earlier than that (which includes Ubuntu Jammy and Noble) uses `binary-targets` as the default, which calls fakeroot. > This is a change that first of all requires an entry in > RECIPE-API-CHANGELOG.md. But you also need to explain if this is fine > down to buster (we still support building for it, yes, it's ELTS). And > you need to ensure that it will not change anything for existing layers > - which is in conflict with the expressed intention of this change. Understood. Would you prefer that it doesn't add the field by default in order to maintain backwards-compatibility, and instead only add the field when the value is set? Cheers, Isaac On 15/08/25 15:01, Jan Kiszka wrote: > On 14.08.25 16:34, Isaac True wrote: >> Setting "Rules-Requires-Root: no" in the debian/control file avoids >> unnecessarily calling fakeroot in the build environment. Packages which >> require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable >> with the desired value. > > Hmm, but the Policy says it's default-no anyway: > > https://www.debian.org/doc/debian-policy/ch-controlfields.html#rules-requires-root > > Did that default change recently? > >> >> This is specifically useful when using dpkg-raw, as it no longer needs >> fakeroot to create the packages. This provides a considerable speedup in >> some environments (e.g. systems with very high open file descriptor >> limits and specific versions of fakeroot). >> >> Signed-off-by: Isaac True <itrue@emlix.com> >> --- >> meta/classes/debianize.bbclass | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/meta/classes/debianize.bbclass b/meta/classes/debianize.bbclass >> index 4989c601..eeebea69 100644 >> --- a/meta/classes/debianize.bbclass >> +++ b/meta/classes/debianize.bbclass >> @@ -16,6 +16,7 @@ DEBIAN_BREAKS ??= "" >> DEBIAN_MULTI_ARCH ??= "no" >> DEBIAN_COMPAT ??= "10" >> DEBIAN_CHANGELOG_TIMESTAMP ??= "3600" >> +DEBIAN_RULES_REQUIRES_ROOT ??= "no" >> DESCRIPTION ??= "must not be empty" >> MAINTAINER ??= "Unknown maintainer <unknown@example.com>" >> >> @@ -74,7 +75,8 @@ deb_create_control[vardeps] += "DEBIANIZE_BUILD_DEPENDS \ >> DEBIAN_PROVIDES \ >> DEBIAN_REPLACES \ >> DEBIAN_BREAKS \ >> - DEBIAN_CONFLICTS" >> + DEBIAN_CONFLICTS \ >> + DEBIAN_RULES_REQUIRES_ROOT" >> deb_create_control() { >> cat << EOF > ${S}/debian/control >> Source: ${BPN} >> @@ -83,6 +85,7 @@ Priority: optional >> Standards-Version: 3.9.6 >> Maintainer: ${MAINTAINER} >> Build-Depends: ${@ deb_list_beautify(d, 'DEBIANIZE_BUILD_DEPENDS')} >> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} >> >> Package: ${BPN} >> Architecture: ${DPKG_ARCH} >> > > This is a change that first of all requires an entry in > RECIPE-API-CHANGELOG.md. But you also need to explain if this is fine > down to buster (we still support building for it, yes, it's ELTS). And > you need to ensure that it will not change anything for existing layers > - which is in conflict with the expressed intention of this change. > > Jan >
On 15.08.25 15:09, Isaac True wrote: >> >> Hmm, but the Policy says it's default-no anyway: >> >> https://www.debian.org/doc/debian-policy/ch-controlfields.html#rules- > requires-root >> >> Did that default change recently? > > According to the deb-src-control man page (https://www.man7.org/linux/ > man-pages/man5/deb-src-control.5.html) this only became the default with > dpkg >= 1.22.13, which is relatively recent. Anything with a dpkg > version earlier than that (which includes Ubuntu Jammy and Noble) uses > `binary-targets` as the default, which calls fakeroot. > >> This is a change that first of all requires an entry in >> RECIPE-API-CHANGELOG.md. But you also need to explain if this is fine >> down to buster (we still support building for it, yes, it's ELTS). And >> you need to ensure that it will not change anything for existing layers >> - which is in conflict with the expressed intention of this change. > > Understood. Would you prefer that it doesn't add the field by default in > order to maintain backwards-compatibility, and instead only add the > field when the value is set? For source-based packages, we should not change the API level's default unless explicitly requested by the recipe. So, you could add "Rules-Requires-Root" only if DEBIAN_RULES_REQUIRES_ROOT is set e.g. For dpkg-prebuilt, I think we can safely go to non-root but only on those distros that already understood "Rules-Requires-Root". Jan
diff --git a/meta/classes/debianize.bbclass b/meta/classes/debianize.bbclass index 4989c601..eeebea69 100644 --- a/meta/classes/debianize.bbclass +++ b/meta/classes/debianize.bbclass @@ -16,6 +16,7 @@ DEBIAN_BREAKS ??= "" DEBIAN_MULTI_ARCH ??= "no" DEBIAN_COMPAT ??= "10" DEBIAN_CHANGELOG_TIMESTAMP ??= "3600" +DEBIAN_RULES_REQUIRES_ROOT ??= "no" DESCRIPTION ??= "must not be empty" MAINTAINER ??= "Unknown maintainer <unknown@example.com>" @@ -74,7 +75,8 @@ deb_create_control[vardeps] += "DEBIANIZE_BUILD_DEPENDS \ DEBIAN_PROVIDES \ DEBIAN_REPLACES \ DEBIAN_BREAKS \ - DEBIAN_CONFLICTS" + DEBIAN_CONFLICTS \ + DEBIAN_RULES_REQUIRES_ROOT" deb_create_control() { cat << EOF > ${S}/debian/control Source: ${BPN} @@ -83,6 +85,7 @@ Priority: optional Standards-Version: 3.9.6 Maintainer: ${MAINTAINER} Build-Depends: ${@ deb_list_beautify(d, 'DEBIANIZE_BUILD_DEPENDS')} +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Package: ${BPN} Architecture: ${DPKG_ARCH}
Setting "Rules-Requires-Root: no" in the debian/control file avoids unnecessarily calling fakeroot in the build environment. Packages which require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable with the desired value. This is specifically useful when using dpkg-raw, as it no longer needs fakeroot to create the packages. This provides a considerable speedup in some environments (e.g. systems with very high open file descriptor limits and specific versions of fakeroot). Signed-off-by: Isaac True <itrue@emlix.com> --- meta/classes/debianize.bbclass | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)