| Message ID | 20250907204258.201718-1-badrikesh.prusty@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | meta: default "Rules-Requires-Root: no", make it configurable | expand |
Hello, This is follow up of the patch: https://groups.google.com/g/isar-users/c/MYQDhaHPtX0/m/2ZWf0he8CgAJ Some recipes use a predefined control.tmpl file instead of generating it with the debianize class. Thanks, Badrikesh On Monday, September 8, 2025 at 2:13:15 AM UTC+5:30 Badrikesh Prusty wrote: > From: badrikesh prusty <badrikes...@siemens.com> > > Setting "Rules-Requires-Root: no" in the debian/control file avoids > unnecessarily calling fakeroot in the build environment. Packages which > require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable > with the desired value. > > Debian recommends not using fakeroot to build a package if it is not > required i.e., if a package's build doesn't require any privileged > operations such as changing ownership to root, installing/modifying > files as root. > > This also fixes hangs observed during fakeroot calls in > dpkg-buildpackage. References: > https://github.com/ilbers/isar/issues/113 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521 > > Signed-off-by: Badrikesh Prusty <badrikes...@siemens.com> > --- > meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 + > meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++ > meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 + > meta/recipes-bsp/optee-os/optee-os.inc | 4 +++- > meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 + > .../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++- > meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 + > meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++- > meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 + > meta/recipes-kernel/linux-module/module.inc | 2 ++ > meta/recipes-kernel/linux/files/debian/control.tmpl | 1 + > meta/recipes-kernel/linux/linux-custom.inc | 2 ++ > 12 files changed, 22 insertions(+), 3 deletions(-) > > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > index e6af7554..d4374909 100644 > --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Maintainer: Unknown maintainer <unk...@example.com> > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), > ${DEBIAN_BUILD_DEPENDS} > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${PN} > Architecture: any > diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > index 738b694a..257c5c4c 100644 > --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \ > optee-os-tadevkit-${OPTEE_NAME} \ > " > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > TA_CPU ?= "unknown" > TA_DEV_KIT_DIR ?= "unknown" > OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \ > DEBIAN_COMPAT \ > + DEBIAN_RULES_REQUIRES_ROOT \ > OPTEE_FTPM_BUILD_ARGS_EXTRA \ > TA_CPU \ > TA_DEV_KIT_DIR" > diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl > b/meta/recipes-bsp/optee-os/files/debian/control.tmpl > index 7bcd6edb..443578bd 100644 > --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl > +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), > ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-...@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${DEBIAN_PACKAGE_NAME} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/optee-os/optee-os.inc > b/meta/recipes-bsp/optee-os/optee-os.inc > index eac75ae8..edd21f58 100644 > --- a/meta/recipes-bsp/optee-os/optee-os.inc > +++ b/meta/recipes-bsp/optee-os/optee-os.inc > @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}" > > DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME > DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" > +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME > DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM > OPTEE_EXTRA_BUILDARGS" > > # split strip platform flavor, if any, from the specified platform string > OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}" > diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > index cf4607e3..311b44c0 100644 > --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), > ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-...@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: trusted-firmware-a-${TF_A_NAME} > Architecture: ${DISTRO_ARCH} > diff --git > a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > index 9f143b13..4ea7cc6c 100644 > --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin" > > DEBIAN_BUILD_DEPENDS ?= "" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > PROVIDES += "trusted-firmware-a-${TF_A_NAME}" > > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "DEBIAN_COMPAT \ > +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \ > TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS" > > do_prepare_build() { > diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl > b/meta/recipes-bsp/u-boot/files/debian/control.tmpl > index 006982c2..6cbdf02c 100644 > --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl > +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), > ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-...@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: u-boot-${MACHINE} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc > b/meta/recipes-bsp/u-boot/u-boot-custom.inc > index 2d6dd8e0..e3081ce9 100644 > --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc > +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc > @@ -20,12 +20,14 @@ SRC_URI += "file://debian/" > > DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}" > > U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}" > > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \ > +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT > U_BOOT_CONFIG U_BOOT_BIN \ > U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT" > > U_BOOT_TOOLS_PACKAGE ?= "0" > diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl > b/meta/recipes-kernel/linux-module/files/debian/control.tmpl > index 45fcbc0e..914733d8 100644 > --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl > +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), > ${DEBIAN_BUILD_DEPENDS} > Maintainer: ${MAINTAINER} > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${PN} > Architecture: any > diff --git a/meta/recipes-kernel/linux-module/module.inc > b/meta/recipes-kernel/linux-module/module.inc > index d2a41766..b51e8965 100644 > --- a/meta/recipes-kernel/linux-module/module.inc > +++ b/meta/recipes-kernel/linux-module/module.inc > @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= "" > DEB_BUILD_PROFILES += "${@'pkg.signwith' if > bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > DEPENDS += "${@'module-signer secure-boot-secrets' if > bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if > bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > > SRC_URI += "file://debian/" > > @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \ > KAFLAGS \ > MODULE_DIR \ > DEBIAN_BUILD_DEPENDS \ > + DEBIAN_RULES_REQUIRES_ROOT \ > SIGNATURE_KEYFILE \ > SIGNATURE_CERTFILE \ > SIGNATURE_HASHFN \ > diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl > b/meta/recipes-kernel/linux/files/debian/control.tmpl > index a79b86c4..479f8ff0 100644 > --- a/meta/recipes-kernel/linux/files/debian/control.tmpl > +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Maintainer: ${MAINTAINER} > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, > ${KBUILD_DEPENDS} > Homepage: http://www.kernel.org/ > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: linux-image-${KERNEL_NAME_PROVIDED} > Build-Profiles: <kernel> > diff --git a/meta/recipes-kernel/linux/linux-custom.inc > b/meta/recipes-kernel/linux/linux-custom.inc > index 01e9bff7..e073206f 100644 > --- a/meta/recipes-kernel/linux/linux-custom.inc > +++ b/meta/recipes-kernel/linux/linux-custom.inc > @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR" > # pinned due to known or possible issues with compat 12 > DEBIAN_COMPAT:buster = "10" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > KBUILD_DEPENDS ?= "build-essential:native, \ > libelf-dev:native, \ > libncurses-dev:native, \ > -- > 2.47.3 > >
On 07.09.25 22:42, 'Badrikesh Prusty' via isar-users wrote: > From: badrikesh prusty <badrikesh.prusty@siemens.com> > > Setting "Rules-Requires-Root: no" in the debian/control file avoids > unnecessarily calling fakeroot in the build environment. Packages which > require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable > with the desired value. > > Debian recommends not using fakeroot to build a package if it is not > required i.e., if a package's build doesn't require any privileged > operations such as changing ownership to root, installing/modifying > files as root. > > This also fixes hangs observed during fakeroot calls in > dpkg-buildpackage. References: > https://github.com/ilbers/isar/issues/113 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521 > > Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com> > --- > meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 + > meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++ > meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 + > meta/recipes-bsp/optee-os/optee-os.inc | 4 +++- > meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 + > .../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++- > meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 + > meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++- > meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 + > meta/recipes-kernel/linux-module/module.inc | 2 ++ > meta/recipes-kernel/linux/files/debian/control.tmpl | 1 + > meta/recipes-kernel/linux/linux-custom.inc | 2 ++ > 12 files changed, 22 insertions(+), 3 deletions(-) You are missing the most important control point: meta/classes/debianize.bbclass But not already the changes here justify a RECIPE-API-CHANGELOG.md entry. BTW, what about meta-isar/recipes-app/snake4/files/debian/control and meta-isar/recipes-bsp/optee-examples/files/debian/control.tmpl? > > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > index e6af7554..d4374909 100644 > --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Maintainer: Unknown maintainer <unknown@example.com> > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Why making this a variable? optee-client already hard-codes it to no. Applies to the others as well. > > Package: ${PN} > Architecture: any > diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > index 738b694a..257c5c4c 100644 > --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \ > optee-os-tadevkit-${OPTEE_NAME} \ > " > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > TA_CPU ?= "unknown" > TA_DEV_KIT_DIR ?= "unknown" > OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \ > DEBIAN_COMPAT \ > + DEBIAN_RULES_REQUIRES_ROOT \ > OPTEE_FTPM_BUILD_ARGS_EXTRA \ > TA_CPU \ > TA_DEV_KIT_DIR" > diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl > index 7bcd6edb..443578bd 100644 > --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl > +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-users@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${DEBIAN_PACKAGE_NAME} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/optee-os/optee-os.inc b/meta/recipes-bsp/optee-os/optee-os.inc > index eac75ae8..edd21f58 100644 > --- a/meta/recipes-bsp/optee-os/optee-os.inc > +++ b/meta/recipes-bsp/optee-os/optee-os.inc > @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}" > > DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" > +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" > > # split strip platform flavor, if any, from the specified platform string > OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}" > diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > index cf4607e3..311b44c0 100644 > --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-users@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: trusted-firmware-a-${TF_A_NAME} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > index 9f143b13..4ea7cc6c 100644 > --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin" > > DEBIAN_BUILD_DEPENDS ?= "" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > PROVIDES += "trusted-firmware-a-${TF_A_NAME}" > > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "DEBIAN_COMPAT \ > +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \ > TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS" > > do_prepare_build() { > diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl b/meta/recipes-bsp/u-boot/files/debian/control.tmpl > index 006982c2..6cbdf02c 100644 > --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl > +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-users@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: u-boot-${MACHINE} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc b/meta/recipes-bsp/u-boot/u-boot-custom.inc > index 2d6dd8e0..e3081ce9 100644 > --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc > +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc > @@ -20,12 +20,14 @@ SRC_URI += "file://debian/" > > DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}" > > U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}" > > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \ > +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT U_BOOT_CONFIG U_BOOT_BIN \ > U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT" > > U_BOOT_TOOLS_PACKAGE ?= "0" > diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl b/meta/recipes-kernel/linux-module/files/debian/control.tmpl > index 45fcbc0e..914733d8 100644 > --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl > +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ${MAINTAINER} > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${PN} > Architecture: any > diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc > index d2a41766..b51e8965 100644 > --- a/meta/recipes-kernel/linux-module/module.inc > +++ b/meta/recipes-kernel/linux-module/module.inc > @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= "" > DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > > SRC_URI += "file://debian/" > > @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \ > KAFLAGS \ > MODULE_DIR \ > DEBIAN_BUILD_DEPENDS \ > + DEBIAN_RULES_REQUIRES_ROOT \ > SIGNATURE_KEYFILE \ > SIGNATURE_CERTFILE \ > SIGNATURE_HASHFN \ > diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl b/meta/recipes-kernel/linux/files/debian/control.tmpl > index a79b86c4..479f8ff0 100644 > --- a/meta/recipes-kernel/linux/files/debian/control.tmpl > +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Maintainer: ${MAINTAINER} > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, ${KBUILD_DEPENDS} > Homepage: http://www.kernel.org/ > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: linux-image-${KERNEL_NAME_PROVIDED} > Build-Profiles: <kernel> > diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc > index 01e9bff7..e073206f 100644 > --- a/meta/recipes-kernel/linux/linux-custom.inc > +++ b/meta/recipes-kernel/linux/linux-custom.inc > @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR" > # pinned due to known or possible issues with compat 12 > DEBIAN_COMPAT:buster = "10" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > KBUILD_DEPENDS ?= "build-essential:native, \ > libelf-dev:native, \ > libncurses-dev:native, \ Do we have packages in isar where we know that root is indeed needed? Jan
On 9/7/25 22:42, 'Badrikesh Prusty' via isar-users wrote: > From: badrikesh prusty <badrikesh.prusty@siemens.com> > > Setting "Rules-Requires-Root: no" in the debian/control file avoids > unnecessarily calling fakeroot in the build environment. Packages which > require root can override the new "DEBIAN_RULES_REQUIRES_ROOT" variable > with the desired value. > > Debian recommends not using fakeroot to build a package if it is not > required i.e., if a package's build doesn't require any privileged > operations such as changing ownership to root, installing/modifying > files as root. > > This also fixes hangs observed during fakeroot calls in > dpkg-buildpackage. References: > https://github.com/ilbers/isar/issues/113 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114644 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072521 Thanks for bringing this upstream as well. I hope they will backport the fakeroot fix, as indicated in 1114644. Once we have that, we can / have to also update the kas container. Anyways, your patch does not fix the hang, it just makes it less likely as now more packages are build without fakeroot. It merely is an optimization. While debian does not recommend to set this to yes, I'm wondering if the default is still yes (or if that changed in trixie). Felix > > Signed-off-by: Badrikesh Prusty <badrikesh.prusty@siemens.com> > --- > meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl | 1 + > meta/recipes-bsp/optee-ftpm/optee-ftpm.inc | 3 +++ > meta/recipes-bsp/optee-os/files/debian/control.tmpl | 1 + > meta/recipes-bsp/optee-os/optee-os.inc | 4 +++- > meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl | 1 + > .../trusted-firmware-a/trusted-firmware-a-custom.inc | 4 +++- > meta/recipes-bsp/u-boot/files/debian/control.tmpl | 1 + > meta/recipes-bsp/u-boot/u-boot-custom.inc | 4 +++- > meta/recipes-kernel/linux-module/files/debian/control.tmpl | 1 + > meta/recipes-kernel/linux-module/module.inc | 2 ++ > meta/recipes-kernel/linux/files/debian/control.tmpl | 1 + > meta/recipes-kernel/linux/linux-custom.inc | 2 ++ > 12 files changed, 22 insertions(+), 3 deletions(-) > > diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > index e6af7554..d4374909 100644 > --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Maintainer: Unknown maintainer <unknown@example.com> > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${PN} > Architecture: any > diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > index 738b694a..257c5c4c 100644 > --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc > @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \ > optee-os-tadevkit-${OPTEE_NAME} \ > " > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > TA_CPU ?= "unknown" > TA_DEV_KIT_DIR ?= "unknown" > OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " > TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" > TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \ > DEBIAN_COMPAT \ > + DEBIAN_RULES_REQUIRES_ROOT \ > OPTEE_FTPM_BUILD_ARGS_EXTRA \ > TA_CPU \ > TA_DEV_KIT_DIR" > diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl > index 7bcd6edb..443578bd 100644 > --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl > +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-users@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${DEBIAN_PACKAGE_NAME} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/optee-os/optee-os.inc b/meta/recipes-bsp/optee-os/optee-os.inc > index eac75ae8..edd21f58 100644 > --- a/meta/recipes-bsp/optee-os/optee-os.inc > +++ b/meta/recipes-bsp/optee-os/optee-os.inc > @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}" > > DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" > +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" > > # split strip platform flavor, if any, from the specified platform string > OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}" > diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > index cf4607e3..311b44c0 100644 > --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-users@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: trusted-firmware-a-${TF_A_NAME} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > index 9f143b13..4ea7cc6c 100644 > --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc > @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin" > > DEBIAN_BUILD_DEPENDS ?= "" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > PROVIDES += "trusted-firmware-a-${TF_A_NAME}" > > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "DEBIAN_COMPAT \ > +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \ > TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS" > > do_prepare_build() { > diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl b/meta/recipes-bsp/u-boot/files/debian/control.tmpl > index 006982c2..6cbdf02c 100644 > --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl > +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ISAR project <isar-users@googlegroups.com> > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: u-boot-${MACHINE} > Architecture: ${DISTRO_ARCH} > diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc b/meta/recipes-bsp/u-boot/u-boot-custom.inc > index 2d6dd8e0..e3081ce9 100644 > --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc > +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc > @@ -20,12 +20,14 @@ SRC_URI += "file://debian/" > > DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}" > > U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}" > > TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" > -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \ > +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT U_BOOT_CONFIG U_BOOT_BIN \ > U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT" > > U_BOOT_TOOLS_PACKAGE ?= "0" > diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl b/meta/recipes-kernel/linux-module/files/debian/control.tmpl > index 45fcbc0e..914733d8 100644 > --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl > +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Standards-Version: 3.9.6 > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} > Maintainer: ${MAINTAINER} > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: ${PN} > Architecture: any > diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc > index d2a41766..b51e8965 100644 > --- a/meta/recipes-kernel/linux-module/module.inc > +++ b/meta/recipes-kernel/linux-module/module.inc > @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= "" > DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > > SRC_URI += "file://debian/" > > @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \ > KAFLAGS \ > MODULE_DIR \ > DEBIAN_BUILD_DEPENDS \ > + DEBIAN_RULES_REQUIRES_ROOT \ > SIGNATURE_KEYFILE \ > SIGNATURE_CERTFILE \ > SIGNATURE_HASHFN \ > diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl b/meta/recipes-kernel/linux/files/debian/control.tmpl > index a79b86c4..479f8ff0 100644 > --- a/meta/recipes-kernel/linux/files/debian/control.tmpl > +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl > @@ -4,6 +4,7 @@ Priority: optional > Maintainer: ${MAINTAINER} > Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, ${KBUILD_DEPENDS} > Homepage: http://www.kernel.org/ > +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} > > Package: linux-image-${KERNEL_NAME_PROVIDED} > Build-Profiles: <kernel> > diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc > index 01e9bff7..e073206f 100644 > --- a/meta/recipes-kernel/linux/linux-custom.inc > +++ b/meta/recipes-kernel/linux/linux-custom.inc > @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR" > # pinned due to known or possible issues with compat 12 > DEBIAN_COMPAT:buster = "10" > > +DEBIAN_RULES_REQUIRES_ROOT ?= "no" > + > KBUILD_DEPENDS ?= "build-essential:native, \ > libelf-dev:native, \ > libncurses-dev:native, \
diff --git a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl index e6af7554..d4374909 100644 --- a/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl +++ b/meta/recipes-bsp/optee-ftpm/files/debian/control.tmpl @@ -4,6 +4,7 @@ Priority: optional Standards-Version: 3.9.6 Maintainer: Unknown maintainer <unknown@example.com> Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Package: ${PN} Architecture: any diff --git a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc index 738b694a..257c5c4c 100644 --- a/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc +++ b/meta/recipes-bsp/optee-ftpm/optee-ftpm.inc @@ -23,6 +23,8 @@ DEBIAN_BUILD_DEPENDS ?= " \ optee-os-tadevkit-${OPTEE_NAME} \ " +DEBIAN_RULES_REQUIRES_ROOT ?= "no" + TA_CPU ?= "unknown" TA_DEV_KIT_DIR ?= "unknown" OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " @@ -30,6 +32,7 @@ OPTEE_FTPM_BUILD_ARGS_EXTRA ?= " " TEMPLATE_FILES = "debian/rules.tmpl debian/control.tmpl" TEMPLATE_VARS += "DEBIAN_BUILD_DEPENDS \ DEBIAN_COMPAT \ + DEBIAN_RULES_REQUIRES_ROOT \ OPTEE_FTPM_BUILD_ARGS_EXTRA \ TA_CPU \ TA_DEV_KIT_DIR" diff --git a/meta/recipes-bsp/optee-os/files/debian/control.tmpl b/meta/recipes-bsp/optee-os/files/debian/control.tmpl index 7bcd6edb..443578bd 100644 --- a/meta/recipes-bsp/optee-os/files/debian/control.tmpl +++ b/meta/recipes-bsp/optee-os/files/debian/control.tmpl @@ -4,6 +4,7 @@ Priority: optional Standards-Version: 3.9.6 Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} Maintainer: ISAR project <isar-users@googlegroups.com> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Package: ${DEBIAN_PACKAGE_NAME} Architecture: ${DISTRO_ARCH} diff --git a/meta/recipes-bsp/optee-os/optee-os.inc b/meta/recipes-bsp/optee-os/optee-os.inc index eac75ae8..edd21f58 100644 --- a/meta/recipes-bsp/optee-os/optee-os.inc +++ b/meta/recipes-bsp/optee-os/optee-os.inc @@ -22,8 +22,10 @@ DEBIAN_PACKAGE_NAME ?= "optee-os-${OPTEE_NAME}" DEBIAN_BUILD_DEPENDS ?= "python3-pycryptodome:native, python3-pyelftools" +DEBIAN_RULES_REQUIRES_ROOT ?= "no" + TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" -TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_PACKAGE_NAME DEBIAN_RULES_REQUIRES_ROOT OPTEE_NAME DEBIAN_BUILD_DEPENDS OPTEE_PLATFORM OPTEE_EXTRA_BUILDARGS" # split strip platform flavor, if any, from the specified platform string OPTEE_PLATFORM_BASE = "${@d.getVar('OPTEE_PLATFORM').split('-')[0]}" diff --git a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl index cf4607e3..311b44c0 100644 --- a/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl +++ b/meta/recipes-bsp/trusted-firmware-a/files/debian/control.tmpl @@ -4,6 +4,7 @@ Priority: optional Standards-Version: 3.9.6 Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} Maintainer: ISAR project <isar-users@googlegroups.com> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Package: trusted-firmware-a-${TF_A_NAME} Architecture: ${DISTRO_ARCH} diff --git a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc index 9f143b13..4ea7cc6c 100644 --- a/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc +++ b/meta/recipes-bsp/trusted-firmware-a/trusted-firmware-a-custom.inc @@ -20,10 +20,12 @@ TF_A_BINARIES ?= "release/bl31.bin" DEBIAN_BUILD_DEPENDS ?= "" +DEBIAN_RULES_REQUIRES_ROOT ?= "no" + PROVIDES += "trusted-firmware-a-${TF_A_NAME}" TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" -TEMPLATE_VARS += "DEBIAN_COMPAT \ +TEMPLATE_VARS += "DEBIAN_COMPAT DEBIAN_RULES_REQUIRES_ROOT \ TF_A_NAME DEBIAN_BUILD_DEPENDS TF_A_PLATFORM TF_A_EXTRA_BUILDARGS" do_prepare_build() { diff --git a/meta/recipes-bsp/u-boot/files/debian/control.tmpl b/meta/recipes-bsp/u-boot/files/debian/control.tmpl index 006982c2..6cbdf02c 100644 --- a/meta/recipes-bsp/u-boot/files/debian/control.tmpl +++ b/meta/recipes-bsp/u-boot/files/debian/control.tmpl @@ -4,6 +4,7 @@ Priority: optional Standards-Version: 3.9.6 Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} Maintainer: ISAR project <isar-users@googlegroups.com> +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Package: u-boot-${MACHINE} Architecture: ${DISTRO_ARCH} diff --git a/meta/recipes-bsp/u-boot/u-boot-custom.inc b/meta/recipes-bsp/u-boot/u-boot-custom.inc index 2d6dd8e0..e3081ce9 100644 --- a/meta/recipes-bsp/u-boot/u-boot-custom.inc +++ b/meta/recipes-bsp/u-boot/u-boot-custom.inc @@ -20,12 +20,14 @@ SRC_URI += "file://debian/" DEBIAN_BUILD_DEPENDS ?= "bc, bison, flex, device-tree-compiler, git" +DEBIAN_RULES_REQUIRES_ROOT ?= "no" + U_BOOT_BIN_INSTALL ?= "${U_BOOT_BIN}" U_BOOT_EXTRA_BUILDARGS ??= "BL31=${BL31} TEE=${TEE}" TEMPLATE_FILES = "debian/control.tmpl debian/rules.tmpl" -TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS U_BOOT_CONFIG U_BOOT_BIN \ +TEMPLATE_VARS += "MACHINE DEBIAN_BUILD_DEPENDS DEBIAN_RULES_REQUIRES_ROOT U_BOOT_CONFIG U_BOOT_BIN \ U_BOOT_EXTRA_BUILDARGS DEBIAN_COMPAT" U_BOOT_TOOLS_PACKAGE ?= "0" diff --git a/meta/recipes-kernel/linux-module/files/debian/control.tmpl b/meta/recipes-kernel/linux-module/files/debian/control.tmpl index 45fcbc0e..914733d8 100644 --- a/meta/recipes-kernel/linux-module/files/debian/control.tmpl +++ b/meta/recipes-kernel/linux-module/files/debian/control.tmpl @@ -4,6 +4,7 @@ Priority: optional Standards-Version: 3.9.6 Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), ${DEBIAN_BUILD_DEPENDS} Maintainer: ${MAINTAINER} +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Package: ${PN} Architecture: any diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc index d2a41766..b51e8965 100644 --- a/meta/recipes-kernel/linux-module/module.inc +++ b/meta/recipes-kernel/linux-module/module.inc @@ -34,6 +34,7 @@ KERNEL_MODULE_SIGNATURES ??= "" DEB_BUILD_PROFILES += "${@'pkg.signwith' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" DEPENDS += "${@'module-signer secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" DEBIAN_BUILD_DEPENDS .= "${@', module-signer, secure-boot-secrets' if bb.utils.to_boolean(d.getVar('KERNEL_MODULE_SIGNATURES')) else ''}" +DEBIAN_RULES_REQUIRES_ROOT ?= "no" SRC_URI += "file://debian/" @@ -63,6 +64,7 @@ TEMPLATE_VARS += " \ KAFLAGS \ MODULE_DIR \ DEBIAN_BUILD_DEPENDS \ + DEBIAN_RULES_REQUIRES_ROOT \ SIGNATURE_KEYFILE \ SIGNATURE_CERTFILE \ SIGNATURE_HASHFN \ diff --git a/meta/recipes-kernel/linux/files/debian/control.tmpl b/meta/recipes-kernel/linux/files/debian/control.tmpl index a79b86c4..479f8ff0 100644 --- a/meta/recipes-kernel/linux/files/debian/control.tmpl +++ b/meta/recipes-kernel/linux/files/debian/control.tmpl @@ -4,6 +4,7 @@ Priority: optional Maintainer: ${MAINTAINER} Build-Depends: debhelper-compat (= ${DEBIAN_COMPAT}), bc, kmod, cpio, ${KBUILD_DEPENDS} Homepage: http://www.kernel.org/ +Rules-Requires-Root: ${DEBIAN_RULES_REQUIRES_ROOT} Package: linux-image-${KERNEL_NAME_PROVIDED} Build-Profiles: <kernel> diff --git a/meta/recipes-kernel/linux/linux-custom.inc b/meta/recipes-kernel/linux/linux-custom.inc index 01e9bff7..e073206f 100644 --- a/meta/recipes-kernel/linux/linux-custom.inc +++ b/meta/recipes-kernel/linux/linux-custom.inc @@ -17,6 +17,8 @@ DISTRIBUTOR ?= "ISAR" # pinned due to known or possible issues with compat 12 DEBIAN_COMPAT:buster = "10" +DEBIAN_RULES_REQUIRES_ROOT ?= "no" + KBUILD_DEPENDS ?= "build-essential:native, \ libelf-dev:native, \ libncurses-dev:native, \