Sean Whitton: > Hello, > > On Fri 09 Nov 2018 at 09:46PM GMT, Niels Thykier wrote: > >> I suspect we are missing an exception allowing the binary targets to >> write the produced binaries in the parent directory of the unpacked >> source tree. >> Otherwise pretty much all packages violate the policy when they >> generate the actual .debs/.udebs. :) > > Heh. You're right. > > Here is a new version of the patch, fixing this problem. I am not sure > that it is meaningful to require that this change be seconded, but out > of (possibly too much) respect for process, seeking seconds (and CCing > those who have already seconded in the hope they'll renew their > seconds): > > diff --git a/policy/ch-source.rst b/policy/ch-source.rst > index dc80243..3c6c9d5 100644 > --- a/policy/ch-source.rst > +++ b/policy/ch-source.rst > @@ -291,6 +291,20 @@ For packages in the main archive, no required targets > may attempt > network access, except, via the loopback interface, to services on the > build host that have been started by the build. > > +Required targets must not attempt to write outside of the unpacked > +source package tree. There are two exceptions. Firstly, the binary > +targets may write the binary packages to the parent directory of the > +unpacked source package tree. Secondly, required targets may write to > +the directory specified by the ``TMPDIR`` environment variable (or > +``/tmp`` if that is not set), provided that files created in that > +directory are deleted before the target completes and are not reused > +by subsequent executions of the target. > + > +This restriction is intended to prevent source package builds creating > +and depending on state outside of themselves, thus affecting multiple > +independent rebuilds. In particular, the required targets must not > +attempt to write into ``HOME``. > + > The targets are as follows: > > ``build`` (required) >
Seconded, thanks. ~Niels
signature.asc
Description: OpenPGP digital signature
