[buildd-tools-devel] Bug#836940: Bug#836940: cowbuilder, sbuild: should behave identically in regard to default gnupg installation

Wed Sep 7 14:05:24 UTC 2016

Hi Markus!

Quoting Markus Koschany (2016-09-07 13:28:41)
> I am assigning this bug report to both of you in order to determine the
> best course of action. Please feel free to reassign and change the
> severity as appropriate.
> 
> The package xmlgraphics-commons started recently failing to build from
> source in a clean sbuild environment although it was built successfully
> on the buildd network a few months ago. This behavior cannot be observed
> in a clean cowbuilder environment though. [1]
> 
> The reasoning for the FTBFS is a missing dependency on gnupg which was
> always present in default cowbuilder and sbuild environments until
> recently. According to [2] this behavioral change was introduced by the
> apt maintainers, more accurately in version 1.3~exp1 of apt.
> 
> * move gnupg|gnupg2 from apt Depends to Recommends
> 
> This is causing build failures in sbuild now, not only for
> xmlgraphics-commons but for all packages that relied on gnupg being
> installed by default.
> 
> Please clarify if
> 
> 1. This change should be reverted in apt to restore the old behavior

apt will not revert that change. Moving gnupg to Recommends was a very
intentional step toward getting rid of gnupg as a dependency of apt completely.
So the plan of the apt maintainers is to even remove gnupg from Recommends at
some point in the future.

> 2. or if sbuild should install gnupg by default

I don't think it should. By it having it installed by default (through apt
depending on it) bugs like the missing build dependency of xmlgraphics-commons
on gnupg were never found until now.

Source packages should be built in a very minimal environment, not only to
reduce the influence that extra packages might have on the build in a non-clean
environment but also because it makes sure that the source package has all its
build dependencies declared correctly. Without programs that make it easy to
build source packages in a clean chroot we'd have lots of packages in the
archive that were only built on developer's machines and might thus potentially
miss declaring build dependencies that the maintainer happened to have
installed.

The rule is, that a source package must declare all packages it build depends
on except build-essential and all Essential:yes packages (and their transitive
dependencies) on which every source package implicitly depends. Thus, if a
source package like xmlgraphics-commons needs gnupg, then it must build depend
on it independent on whether sbuild or cowbuilder install gnupg by default.

The packages that sbuild and cowbuilder install by default are in no way meant
to express what every source package can expect to find in a minimal system.

> 3. or if cowbuilder should not install gnupg by default

I think it should not because I think that source packages should be compiled
in an environment that is as minimal as possible for the reasons given above.
But of course this is up to the cowbuilder maintainers.

> I think it is important that all maintainers can rely on the same default
> chroot environment to test their packages before uploading to avoid possible
> build failures.
> 
> Thanks for maintaining these important tools and keep up the good work.

In fact, to further minimize the number of packages installed into the build
chroot, I have plans to even get rid of apt and its dependencies during the
build and only leave build-essential, Essential:yes packages, the build
dependencies and their transitive dependencies.

Thanks!

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20160907/0fa24f59/attachment.sig>