reassing 354113 tex-common thanks I think this problem is of general interest, or at least I don't feel we (the TeX Task Force) cannot decide this on our own.
In short: May a package assume that package builds are performed with root-like rights, and thus use non-world-writable directories for caching purposes? Daniel Schepler <[EMAIL PROTECTED]> wrote: >> > From my pbuilder build log: >> > >> > ... >> > mkdir: cannot create directory `././var/cache/fonts/tfm/jknappen': >> > Permission denied mktextfm: mktexdir /var/cache/fonts/tfm/jknappen/ec [...] >> I cannot reproduce this here. [...] >> >> I'm using a normal pbuilder setup with sudo - do you somehow chroot >> without being root? And if that is the case, is the respective user >> member of the "users" group in the chroot? Probably not, and that will >> be the problem. > > I ran pbuilder as root, but I have pbuilder set up to su to a normal user for > the build. > > So are you saying it's a bug for pbuilder not to put that user in the users > group? I thought the users group was pretty much obsolete anyway, replaced > by per-user groups -- at least on my system, where I did nothing special, > running "groups" from my normal account gives > daniel dialout cdrom floppy audio video No, I don't think that it's a bug in pbuilder. But on the other hand, I think that it was a security risk that TeX's font cache directory was world-writable in previous versions. Changing that to allow write access only for a specific group seemed a good compromise (until some new clever font caching mechanism, probably with a client/server architecture, is implemented. But that's only a dream). So the current state is: If pbuilder runs all commands inside the chroot, everything is fine, and AFAIK the same is true for the buildds. But if you su to some user in the chroot, near to every package that Build-depends on tetex-bin will FTBFS, unless you specifically arrange for that user to be in group "users" (or anything else we switch to, I don't care much). Is this a bug in tex-common, or should package builders just be more careful with their setup? What do others think? TIA, Frank P.S. Making the change is easy, it's just changing a debconf default -- Frank Küster Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich Debian Developer (teTeX)
