Hi,

On 2020-08-27 13:25, Holger Levsen wrote:
> Package: buildd.debian.org
> Severity: wishlist
> User: [email protected]
> Usertags: environment
> 
> Dear buildd maintainers,
> 
> since a while dpkg adds a small note to a .buildinfo if /usr/local/sbin
> is populated (which I'm not sure I agree is sensible, but it's what dpkg
> currently does), eg
> 
> holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$
>  rgrep Build-Tainted-By: 08/ |wc -l
> 35473
> holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$
>  find 08 -name "*.buildinfo" | wc -l
> 37182
> 
> so almost all .buildinfo files from August 2020 are tainted.
> 
> (profitbricks7 is hosting https://buildinfos.debian.net if you want to check
> for yourself easily.)
> 
> So how are they tainted:
> 
> holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$
>  grep -A 2 Build-Tainted-By: 08/06/firejail_0.9.62-4_ppc64el-buildd.buildinfo
> Build-Tainted-By:
>  usr-local-has-programs
> Installed-Build-Depends:
> 
> 
> And then, also, not all .buildinfo files are taited by 
> "usr-local-has-programs" because
> holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$
>  rgrep usr-local-has-programs 08/ |wc -l
> 35017
> 
> (But I guess that's probably material for another bug report.)
> 
> Any chance the Debian buildds could not have a tained /usr/local?

The only file in /usr/local is /usr/local/sbin/policy-rc.d which is
needed to prevent daemons to start in the chroot. Not sure how we can do
things differently.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
[email protected]                 http://www.aurel32.net

Attachment: signature.asc
Description: PGP signature

Reply via email to