On Sat, Nov 10, 2018 at 08:38:07PM -0700, Sean Whitton wrote: > diff --git a/policy/ch-source.rst b/policy/ch-source.rst > index dc80243..3c6c9d5 100644 > --- a/policy/ch-source.rst > +++ b/policy/ch-source.rst > @@ -291,6 +291,20 @@ For packages in the main archive, no required targets > may attempt > network access, except, via the loopback interface, to services on the > build host that have been started by the build. > > +Required targets must not attempt to write outside of the unpacked > +source package tree. There are two exceptions. Firstly, the binary > +targets may write the binary packages to the parent directory of the > +unpacked source package tree. Secondly, required targets may write to > +the directory specified by the ``TMPDIR`` environment variable (or > +``/tmp`` if that is not set), provided that files created in that > +directory are deleted before the target completes and are not reused > +by subsequent executions of the target. > + > +This restriction is intended to prevent source package builds creating > +and depending on state outside of themselves, thus affecting multiple > +independent rebuilds. In particular, the required targets must not > +attempt to write into ``HOME``. > +
seconded, thanks.
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
