Hi, On 2020-08-27 13:25, Holger Levsen wrote: > Package: buildd.debian.org > Severity: wishlist > User: [email protected] > Usertags: environment > > Dear buildd maintainers, > > since a while dpkg adds a small note to a .buildinfo if /usr/local/sbin > is populated (which I'm not sure I agree is sensible, but it's what dpkg > currently does), eg > > holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ > rgrep Build-Tainted-By: 08/ |wc -l > 35473 > holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ > find 08 -name "*.buildinfo" | wc -l > 37182 > > so almost all .buildinfo files from August 2020 are tainted. > > (profitbricks7 is hosting https://buildinfos.debian.net if you want to check > for yourself easily.) > > So how are they tainted: > > holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ > grep -A 2 Build-Tainted-By: 08/06/firejail_0.9.62-4_ppc64el-buildd.buildinfo > Build-Tainted-By: > usr-local-has-programs > Installed-Build-Depends: > > > And then, also, not all .buildinfo files are taited by > "usr-local-has-programs" because > holger@profitbricks-build7-amd64:~jenkins/userContent/reproducible/debian/ftp-master.debian.org/buildinfo/2020$ > rgrep usr-local-has-programs 08/ |wc -l > 35017 > > (But I guess that's probably material for another bug report.) > > Any chance the Debian buildds could not have a tained /usr/local?
The only file in /usr/local is /usr/local/sbin/policy-rc.d which is needed to prevent daemons to start in the chroot. Not sure how we can do things differently. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B [email protected] http://www.aurel32.net
signature.asc
Description: PGP signature

