Forum: >>> Magnum BBS <<<

Please, minimize your build chroots

From Santiago Vila@21:1/5 to All on Fri Dec 16 02:20:01 2022

Greetings.

I'm doing archive-wide rebuilds again.

I've just filed 21 bugs with subject "Missing build-depends on tzdata"
in bookworm (as tzdata is not build-essential).

This is of course not fun for the maintainers, but it's also not fun
for people doing QA, because those bugs could be caught earlier in the
chain, but they are not. This is extra work for everybody.

(Similar bugs are even sliding into stable releases, I plan to report
a few of them against bullseye after 11.6 this Saturday, as bullseye
is the currently supported stable release).

Because people accept the default by debootrap "as is", chroots used
to build packages include packages which are neither essential nor build-essential, like tzdata, mount or e2fsprogs.

I can think of two solutions for this:

A) Either debootstrap, when using buildd profile, installs only
essential and build-essential packages.

or

B) debootstrap keeps installing all required packages in the buildd profile,
no matter if they are really build-essential or not, but those who
are not build-essential should have their priority downgraded to "important"
by ftpmaster.

This problem was already reported here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837060

and apparently we have not decided yet if we are going to do A or B,
or maybe some other thing. I don't really care how it's fixed, but I
believe it's about time that we sync practice with policy, because
currently we are doing this in a quite suboptimal way.

In the meantime: If you want to help QA and have any kind of chroot used
for any kind of QA (say, ci.debian.org or reproducible-builds, or even
your personal chroots), please try to minimize the packages there,
do not merely accept debootstrap default behaviour.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Johannes Schauer Marin Rodrigues@21:1/5 to All on Fri Dec 16 05:00:01 2022

Quoting Santiago Vila (2022-12-16 02:15:13)

I've just filed 21 bugs with subject "Missing build-depends on tzdata"
in bookworm (as tzdata is not build-essential).

thank you for that!

I can think of two solutions for this:

A) Either debootstrap, when using buildd profile, installs only
essential and build-essential packages.

or

B) debootstrap keeps installing all required packages in the buildd profile, no matter if they are really build-essential or not, but those who
are not build-essential should have their priority downgraded to "important" by ftpmaster.

This problem was already reported here:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837060

Thank you for finding my bug from back then. :)

and apparently we have not decided yet if we are going to do A or B,
or maybe some other thing. I don't really care how it's fixed, but I
believe it's about time that we sync practice with policy, because
currently we are doing this in a quite suboptimal way.

I think truly fixing this problem is a bit more tricky because most build tools like the sbuild schroot backend require apt being installed in the chroot. As of today, the sbuild schroot backend is unable to function with a chroot that doesn't contain apt. I don't think it's conceptually possible to fix the schroot backend to work with chroots without apt because schroot (for good reason) doesn't give you root anywhere but inside the chroot.

To be able to install build dependencies in chroots without apt, the sbuild unshare backend could be used. Also helmut's mdbp can easily be changed to build packages in chroots without apt when using its mmdebstrap backend.

But of course changing debootstrap to only install essential, build-essential and apt (but not prio:required) would already fix a large part of the problem.

In the meantime: If you want to help QA and have any kind of chroot used
for any kind of QA (say, ci.debian.org or reproducible-builds, or even
your personal chroots), please try to minimize the packages there,
do not merely accept debootstrap default behaviour.

You can use mmdebstrap to create such a chroot:

$ mmdebstrap --variant=apt --include=build-essential unstable chroot.tar

This will also install apt because most build tools need it. The mmdebstrap package mimics debootstrap behaviour. As soon as debootstrap --variant=buildd is fixed, I'll let mmdebstrap do the same thing.

Thanks!

cheers, josch

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Fri Dec 16 15:40:01 2022

El 16/12/22 a las 4:39, Johannes Schauer Marin Rodrigues escribió:

I think truly fixing this problem is a bit more tricky because most build tools
like the sbuild schroot backend require apt being installed in the chroot. As of today, the sbuild schroot backend is unable to function with a chroot that doesn't contain apt. I don't think it's conceptually possible to fix the schroot backend to work with chroots without apt because schroot (for good reason) doesn't give you root anywhere but inside the chroot.

You are right. My email should not be interpreted as "let's fix
this once and forever" but more than "let's see how much of this
we can fix easily, and how much of it would need more work".

In my experience, both "tzdata" and "mount" may be removed without trouble.

Then there is "e2fsprogs", which apt seems to treat as if it were
an essential package:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826587

This sort-of breaks sbuild when using an ordinary chroot (not overlayfs), because after building a package needing e2fsprogs, it may not be removed
and it's kept in the chroot.

I think apt authors did not think that apt is used by sbuild to
build packages. Here we would need some interface like SUDO_FORCE_REMOVE=yes, or maybe just stop doing anything at all with the Important:yes flag.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Guillem Jover@21:1/5 to Andreas Metzler on Fri Dec 16 19:10:01 2022

On Fri, 2022-12-16 at 18:55:42 +0100, Andreas Metzler wrote:

or apt.

I am wondering if there is point to this or whether policy should be
changed? Is there some value in investing work in having packages
buildable without Prioriry required packages?

Such installations can only be found as artifacts since there does not
seem to be a supported way to upgrade them or (un)install packages
(quoting policy: "Removing a "required" package may cause your system to become totally broken and you may not even be able to use "dpkg" to put things back, so only do so if you know what you are doing.") Essentialy policy is telling us it might work to install b-d, and uninstall
Prioriry required, however dpkg might break halfway through and it would
not be a bug.

<https://bugs.debian.org/950440>

Thanks,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Andreas Metzler@21:1/5 to sanvila@debian.org on Fri Dec 16 19:00:01 2022

On 2022-12-16 Santiago Vila <sanvila@debian.org> wrote:

Greetings.

I'm doing archive-wide rebuilds again.

I've just filed 21 bugs with subject "Missing build-depends on tzdata"
in bookworm (as tzdata is not build-essential).

This is of course not fun for the maintainers, but it's also not fun
for people doing QA, because those bugs could be caught earlier in the
chain, but they are not. This is extra work for everybody.

(Similar bugs are even sliding into stable releases, I plan to report
a few of them against bullseye after 11.6 this Saturday, as bullseye
is the currently supported stable release).

Because people accept the default by debootrap "as is", chroots used
to build packages include packages which are neither essential nor build-essential, like tzdata, mount or e2fsprogs.

[...]

or apt.

I am wondering if there is point to this or whether policy should be
changed? Is there some value in investing work in having packages
buildable without Prioriry required packages?

Such installations can only be found as artifacts since there does not
seem to be a supported way to upgrade them or (un)install packages
(quoting policy: "Removing a "required" package may cause your system to
become totally broken and you may not even be able to use "dpkg" to put
things back, so only do so if you know what you are doing.") Essentialy
policy is telling us it might work to install b-d, and uninstall
Prioriry required, however dpkg might break halfway through and it would
not be a bug.

cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Fri Dec 16 19:20:01 2022

El 16/12/22 a las 18:55, Andreas Metzler escribió:

I am wondering if there is point to this or whether policy should be
changed? Is there some value in investing work in having packages
buildable without Prioriry required packages?

Please do not misrepresent what I said.

I never proposed such thing ("without priority required packages").

I propose that we follow Policy as closely as we reasonably can,
and Policy says this:

If build-time dependencies are specified, it must be possible to build
the package and produce working binaries on a system with only essential
and build-essential packages installed and also those required to satisfy
the build-time relationships (including any implied relationships).

This is the policy we should follow to build packages, not the paragraph
you quoted about what disaster may happen if you deinstall a required package in a general sense.

Certainly uninstalling tzdata does not prevent you from installing it again using dpkg and apt.

Maybe the paragraph you quoted have to be reworded, yes, but that was not
the purpose of my initial email.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Sat Dec 17 09:30:01 2022

El 16/12/22 a las 18:55, Andreas Metzler escribió:

I am wondering if there is point to this or whether policy should be
changed? Is there some value in investing work in having packages
buildable without Prioriry required packages?

I'd like to apologize to Andreas for my previous answer, as I believe
there has been a misunderstanding.

There are actually two meanings for "required package". One of them
is "packages having the 'required' value in the priority field of the
control file". The other meaning is the one you quote in policy, i.e.
packages which may make your system become broken when you remove them.

I propose that we remove certain packages from chroots, packages which currently have the priority required in the control field, because they
are not needed for building.

Whether that requires to modify the definition of required in policy,
I don't know.

I think we definitely need to decouple "the set of required packages" with
"the set of packages needed for building", because they are different
and none of them is a proper subset of the other. For example,
we already don't install a kernel or an init system in a chroot used for building.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From David Kalnischkies@21:1/5 to Santiago Vila on Sun Dec 18 17:30:01 2022

On Fri, Dec 16, 2022 at 03:38:17PM +0100, Santiago Vila wrote:

Then there is "e2fsprogs", which apt seems to treat as if it were
an essential package:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826587

As Julian explained, it is considered "essential" because the maintainer
said so. If you don't think e2fsprogs should be considered "essential"
for a system it is installed on please talk to the maintainer.

Sure, the package is not (anymore) really "Essential:yes", but 'apt'
isn't either and will print the same message anyhow. I don't think it
would be a net-benefit for a user to invent words for different types of essentialness in apt because in the end you either know what you are
doing while removing a somewhat essential package and continue or
you don't know what you are doing and (hopefully) get the hell out.

This sort-of breaks sbuild when using an ordinary chroot (not overlayfs), because after building a package needing e2fsprogs, it may not be removed
and it's kept in the chroot.

"It may". Well, certainly apt won't autoremove it. Like a lot of other
packages it wont even through they aren't essential or protected or
whatever… ("just" prio:required is enough for example). They are not not irremovable through. It might just be a little harder to remove them
than to install them. Heck, some people believe its far easier to start
vim than to exit it.

I think apt authors did not think that apt is used by sbuild to

I think (the few) apt authors deal with way too many users with way too
many (sometimes mutually exclusive) ideas of how it should behave:

build packages. Here we would need some interface like SUDO_FORCE_REMOVE=yes, or maybe just stop doing anything at all with the Important:yes flag.

Ironically, one of the selling points for Protected:yes (that is how the
field ended up named which dpkg is supporting by now) was that it allows
to shrink the essential set (e2fsprogs even being an example) as there
is a non-empty set of people who believe users do incredibly dumb things
if you give them the option to.

I mean, we got practically bullied into replacing the "Do as I say!"
prompt with a semi-hidden cmndline flag (--allow-remove-essential)
because some wannabe YT star yolo'ed the prompt ending in misery and
somehow that was framed as our fault by everyone as we didn't show the appropriate meme-gif (rendered with caca) to make them understand
without reading [sorry, not sorry. I am not even exaggerating that much].

Due to that, you are now presented with:
| E: Removing essential system-critical packages is not permitted. This might break the system.

See? "essential" again and even "system-critical" at that.
It is all a lie of course. Nobody really needs an init system, much less
some silly metapackage for it, as long as there is /bin/sh and a keyboard.
I should make a video about it to – essentially – become famous & rich…

Btw, apt also has behaviour specifically for sbuild: 'apt-cache show mail-transport-agent' has a zero exitcode even through that makes no
sense at all apart from not making (some?) sbuild versions explode.
You are welcome. I hate it.

So, long story short, apt features and behaviour are very seldom done
because we are bored and had nothing better to do. It is far more common
that it was heavily requested to be that way for $REASONS. Sometimes its
even the same $REASONS you have for disliking it. Users are the worst,
I said it here first. But no problem, there usually is an option to
change anything in apt. If not, we can usually add it.

Just don't assume that the behaviour you prefer will be the default.
We have a strong tendency to make everyone unhappy.
(I should know, I never get what I want.)

Best regards

David Kalnischkies

P.S.: You thought we are surprised by sbuild using apt? Sorry, but you
are up against ISO building needing 'apt-cache depends' output previously unknown even to the CD team itself (https://bugs.debian.org/218995#54)
(yes, it is a decade old. It's still my favorite). Try harder.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE5sn+Q4uCja/tn0GrMRvlz3HQeIMFAmOfPU4ACgkQMRvlz3HQ eINSlRAAjSL4b/jMl+iu1klXaPUB4xYjxNJzNTNI7rxgVPC02Bhmk4Qyxv9Fu6qV H0aytBhlj2KuPIVmxVECiGNXw4KW7LqO67yDiyaflBe1UsOhytntW527+TzWEZyw 5KyuJquHoCmRGdvpn/t3VpeBqVoE/bKhsD11g11BiBvhMJihGVoh1uJGOxOlqBwP jZCP//q2S8ERJAoh7j2uMxsi7M+XUv+ZsU7TUNeKPsV23vXEJ12vTU1ckDm1XX/I zsU7aspTA5uFeWgt40DKyGAEMAGlF6TMVgC5ba/3GenGiqFjvdEwoBCPIE/GWmo1 JrdRbTNhm9Lsgm/GTL9gL1q51C9c0kGAVOxfKcVoijEJx7nSp+GVjIDaZ8jAN4vt 0uXQD4KGVVTBRs6TbdEDeWSL59YnJB4D+tlbJvdgqfwAwTktjp0en7Rp7DysnPRM lU11DOfXCKmiu457yQsj2qRMeeQnj+LH7hFHc/kB69YKocOKVgos3SdyBcgKF140 ThzQeOz4fz21d7yb/z+s+pbGym+kC2QL+TkbhMZuPPTwEhePt5DBhAC3hRmC86r9 kozdlQRyh+Bva+Z6seQxuvFwNFbBpVG2HowyniAjm6t88+WA5Z8QJfpk28C8tLai 4YMsFfuTG1GZMBIx0XCOMXsvPw+hC8KpV3PiG5sJLuYUawbaRAw=
=B9xy
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Johannes Schauer Marin Rodrigues@21:1/5 to All on Sun Dec 18 18:30:01 2022

Hi,

Quoting David Kalnischkies (2022-12-18 17:18:28)

On Fri, Dec 16, 2022 at 03:38:17PM +0100, Santiago Vila wrote:

Then there is "e2fsprogs", which apt seems to treat as if it were
an essential package:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826587

As Julian explained, it is considered "essential" because the maintainer
said so. If you don't think e2fsprogs should be considered "essential"
for a system it is installed on please talk to the maintainer.

Sure, the package is not (anymore) really "Essential:yes", but 'apt'
isn't either and will print the same message anyhow. I don't think it
would be a net-benefit for a user to invent words for different types of essentialness in apt because in the end you either know what you are
doing while removing a somewhat essential package and continue or you don't know what you are doing and (hopefully) get the hell out.

would it be so difficult to cater to both kind of users? For those who do not know the terminology, using the word "essential" is probably fine. But for those who do it's confusing. Why can apt not say something like:

WARNING: The following packages will be removed. Apt considers them essential because they are marked as Priority:required. This should NOT be done unless you know exactly what you are doing!

This sort-of breaks sbuild when using an ordinary chroot (not overlayfs), because after building a package needing e2fsprogs, it may not be removed and it's kept in the chroot.

"It may". Well, certainly apt won't autoremove it. Like a lot of other packages it wont even through they aren't essential or protected or whatever… ("just" prio:required is enough for example). They are not not irremovable through. It might just be a little harder to remove them
than to install them. Heck, some people believe its far easier to start
vim than to exit it.

Note also, that you really shouldn't be using sbuild with an ordinary chroot, that is without overlayfs or without the chroot being a tarball unpacked to a tmpfs. The system will not only be different from before after removal of packages at the end, if you add --allow-remove-essential to the removal commandline in sbuild, the chroot might even be completely unusable. What is the use-case of using sbuild with non-emphimeral chroots?

So personally, I'll not invest my own time in making sbuild better at package removal at the end of the build process.

build packages. Here we would need some interface like SUDO_FORCE_REMOVE=yes, or maybe just stop doing anything at all with the Important:yes flag.

Ironically, one of the selling points for Protected:yes (that is how the field ended up named which dpkg is supporting by now) was that it allows
to shrink the essential set (e2fsprogs even being an example) as there
is a non-empty set of people who believe users do incredibly dumb things
if you give them the option to.

I mean, we got practically bullied into replacing the "Do as I say!"
prompt with a semi-hidden cmndline flag (--allow-remove-essential)
because some wannabe YT star yolo'ed the prompt ending in misery and
somehow that was framed as our fault by everyone as we didn't show the appropriate meme-gif (rendered with caca) to make them understand
without reading [sorry, not sorry. I am not even exaggerating that much].

After this operation, 195 MS disk space will be freed.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'

https://youtu.be/0506yDSgU7M?t=637

"I have to type 'Yes, do as I say!' in order to install it."

Sigh...

Due to that, you are now presented with:
| E: Removing essential system-critical packages is not permitted. This might break the system.

See? "essential" again and even "system-critical" at that.
It is all a lie of course. Nobody really needs an init system, much less
some silly metapackage for it, as long as there is /bin/sh and a keyboard.
I should make a video about it to – essentially – become famous & rich…

Dammit, and now you wrote that one can use in a public forum that it's possible to add --allow-remove-essential! Think of the children!

Btw, apt also has behaviour specifically for sbuild: 'apt-cache show mail-transport-agent' has a zero exitcode even through that makes no
sense at all apart from not making (some?) sbuild versions explode.
You are welcome. I hate it.

Errrr... lets change that. What's the problem in sbuild?

Thanks!

cheers, josch

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From David Kalnischkies@21:1/5 to Johannes Schauer Marin Rodrigues on Mon Dec 19 18:10:01 2022

On Sun, Dec 18, 2022 at 06:08:57PM +0100, Johannes Schauer Marin Rodrigues wrote:

Quoting David Kalnischkies (2022-12-18 17:18:28)

On Fri, Dec 16, 2022 at 03:38:17PM +0100, Santiago Vila wrote:

Then there is "e2fsprogs", which apt seems to treat as if it were
an essential package:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826587

As Julian explained, it is considered "essential" because the maintainer said so. If you don't think e2fsprogs should be considered "essential"
for a system it is installed on please talk to the maintainer.

Sure, the package is not (anymore) really "Essential:yes", but 'apt'
isn't either and will print the same message anyhow. I don't think it
would be a net-benefit for a user to invent words for different types of essentialness in apt because in the end you either know what you are
doing while removing a somewhat essential package and continue or you don't know what you are doing and (hopefully) get the hell out.

would it be so difficult to cater to both kind of users? For those who do not know the terminology, using the word "essential" is probably fine. But for those who do it's confusing. Why can apt not say something like:

WARNING: The following packages will be removed. Apt considers them essential because they are marked as Priority:required. This should NOT be done unless you know exactly what you are doing!

This is objectively wronger™ through: prio:required packages are not considered essential by apt. Most are for other reasons, but priority
has nothing to do with it. The same "you are about to remove an
essential package" (paraphrased) message is shown for:
- packages marked as Essential:yes in ANY [native] version known to apt
(if you don't modify that behaviour with pkgCacheGen::Essential)
- packages marked as Important:yes/Protected:yes in ANY [native] version
(surprisingly Julian has not added a option here… mhhhh)
- binary packages listed via the pkgCacheGen::ForceEssential option,
(the list can NOT be empty, it will default to "apt")
- binary packages listed via the pkgCacheGen::ForceImportant option
(empty list by default)
- packages that are (pre-)dependencies of the other points if that
package is removed, too.

(Note that the mentioned options do work only if you generate a cache
and also 'taint' that cache meaning that a reused cache later without
those options will still behave as if they were given.
You have been warned.)

The later ensures that you can e.g. change awk providers, but be smacked
with a huge clue bat if you remove the last provider, even if that
happens to be the prio:optional gawk which as a package itself doesn't
look like it would be essential in any way without going into a lot of
details completely lost on most apt users (for good reason, after all,
if you wanted to know all that, you would probably do dpkg by hand or
at least maintain apt… and nobody wants to do THAT, am I right…)

Also: "marked as …" – by whom? If you say it like that, a user might
think they did; like they marked some package to be held back for
example and that marking can (should?) be removed.

The problem in showing something different for Essential:yes (derived)
and Protected:yes (derived) essential packages is that the difference
between the two is marginal from apts POV: Essential:yes has to work in unpacked state, but that is a dpkg-level thing to worry about and hardly
a real concern for the general public. Just like the reduced install
order requirements in general.

Okay, things don't need to depend on Essential:yes packages if they use
them, but that tends to be the case for Protected:yes as well as not
that much really "uses" an init system for example. Other distros slap Protected:yes on high-level meta packages like 'gnome'. Nobody depends
on that either.

All the two really do in terms of apt (front ends – the message is apt specific, but the fields aren't so it would be kinda nice if terminology
could be reused by other front ends if they so choose) is making it
a pain to remove them, but being too upfront about that has its problems
as well as it naturally leads to the question "why?" which apt preempts
with the ultimate hammer: Its essential for the system as the individual
reason for each package might even be distro-specific. Users usually
don't question that.

It's a lie. Heck, it might even be deception. But the truth hurts more:
"Heh, you are a great user, you really are, but you know, no offense,
but I am a computer program on a device you (think you) own and should
probably be able to do whatever you want to do with it, but there are
other people who are not you who think you might be an idiot, so they
said I should not let you do that and I trust them because they… well,
how do I put it so that even you understand it… they live in the cloud,
yes? So, anyway, are you like, absolutely positively sure about this?"

"It may". Well, certainly apt won't autoremove it. Like a lot of other packages it wont even through they aren't essential or protected or whatever… ("just" prio:required is enough for example). They are not not

(As that might be the source of the prio-confusion: Note that I said
"autoremove" as I assume that is what deals with the removal of build
dependencies after a build in non-ephemeral chroots. That is an
operation which is a lot more conservative than a "(manual)remove"
spelled out directly by a user)

Due to that, you are now presented with:
| E: Removing essential system-critical packages is not permitted. This might break the system.

See? "essential" again and even "system-critical" at that.
It is all a lie of course. Nobody really needs an init system, much less some silly metapackage for it, as long as there is /bin/sh and a keyboard. I should make a video about it to – essentially – become famous & rich…

Dammit, and now you wrote that one can use in a public forum that it's possible
to add --allow-remove-essential! Think of the children!

I know, I know, I am a monster.
As the same public forum is still discussing fortune-off I do question
what you consider an appropriate place for [your] kids to read through.

Also: I "wrote", that means someone would need to "read" it.
That violates the premise of "video, or it didn't happen". 😉

Btw, apt also has behaviour specifically for sbuild: 'apt-cache show mail-transport-agent' has a zero exitcode even through that makes no
sense at all apart from not making (some?) sbuild versions explode.
You are welcome. I hate it.

Errrr... lets change that. What's the problem in sbuild?

Honestly? No idea and probably not the right place to talk about it.
I have just very faint memories of writing decade old hotfixes:

apt (0.7.26~exp12) experimental; urgency=low
[…]
* cmdline/apt-cache.cc:
- use Notice instead of Error in the CacheSetHelper messages
for compat reasons. Otherwise tools like sbuild blow up
- return success in show if a virtual package was given
[…]
-- Michael Vogt <mvo@debian.org> Fri, 30 Jul 2010 11:55:48 +0200

or:

apt (0.8.15.8) unstable; urgency=low
[…]
* cmdline/apt-get.cc:
- output list of virtual package providers to c1out in -q=1
instead of /dev/null to unbreak sbuild (LP: #816155)
[…]
-- Michael Vogt <mvo@debian.org> Wed, 14 Sep 2011 12:08:25 +0200

I just thought the implied "do they care about sbuild?" deserved an
example of how apt tends to bend over backwards, even for sbuild.
Likely not the best one I could have picked in hindsight.

Best regards

David Kalnischkies

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE5sn+Q4uCja/tn0GrMRvlz3HQeIMFAmOgmZIACgkQMRvlz3HQ eIP9yQ//S2PbYvxZlEy1lHomBBB6I/jucYG5jfKpXLHQr3hGcB+V7YpY0QCiBdPk h6QGl+/YHPrxsaZHaNZDfjROaCmS9atCDHckqwC0ElbEAhkskYJIQ1ciXA8/8gBS kpGloUy6V4QM7lpEKUJCAsMS1bZG0u4GfFAvlXoFF+LQMYU+jvvM7C+jxzKDJe1a whskLLqmIp1Q9dFlWGQ2Pb7sarASY5YWjTgi6ic5esS4WM5/IJCYL/Dz80O6OAeH JGaW798B4JUZA5DT5NGTX2nnXJPSbJTxxFUUe5A+0+SmdcTWH4JXPgRhMiOicWuk d5K+xRyAUFEc1xS2AwxMlVG4STcVJfroAWjT3I8wDb5J8KIWr1u1OMFtEx1Q7Wk0 9pKDIlkFdM7lyHDB4yKQogKZeeREsf1wCLz1qPXirreTm+SlXayMRF6VglHv30tK 3+3bNvnML6+eufLlrSjxM6XGiGyidaVjcrMFtoZwAegU0TeJGZG6fcpCbtj44iPN sxccnwSaZFuNqNOxwahvABFgi0lOPAlJH74StmWo6eDfOi6tNSyWYJm4XtmrN3/c IAJvp0aGUjaY3K7iRG1Bym02rOVYwG+GJ3CS7jh5l0gwg442fO/kaY7bfI1iGNQX 3BTmnMZqruDzD+fRfBPLcVAKfBtAKPFIwflcV2Mz7MvGCoU3uV4=
=pZHl
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Andreas Henriksson@21:1/5 to Santiago Vila on Sat Jan 28 13:10:01 2023

Hello,

I've previously discussed this topic with Santiago Vila on a bug report
but sharing my opinion here for the wider audience.

On Sat, Jan 28, 2023 at 12:20:16AM +0100, Santiago Vila wrote:

El 27/1/23 a las 22:37, Adrian Bunk escribi�:

[...]

This is not the right time to change policy.

This is the right time to question your interpretation of policy.

Policy is not a religion. Policy has many bugs. Policy is very outdated.
Doing something just because an outdated document says so is worse than
not doing anything in my opinion. You need to understand if what you're actually doing is correct and then see if policy agrees with you to
justify the severity.
Or as the saying goes: Policy is not a stick to beat people with!

Here's an example you could follow: https://lists.debian.org/debian-policy/2022/12/msg00023.html
(I don't agree with the suggestion. It was however suggested on the
correct list and since there was no traction to the suggestion it was
not followed up with mass bug filing. Minimal disruption to the project. Updating the definition/description of the Priority levels would however
be very useful. The description seem very outdated, to the point of
being irrelevant, by now.)

[...]

In general, disputing the severity because it does not happen in the buildds misses completely the point of what should be the goal, namely, a distribution
which may be rebuilt by everybody following documented procedures, not
a distribution which may only be rebuilt in our buildds.

The end user MUST be able to rebuild the packages. Otherwise our
free software licenses are meaningless in practice.

Claiming there's no point to free software when the problem is simply
that you are using an *unsupported* setup?!?! All debootstrap variants
include Priority: required packages. As you can see they do so for a
reason!
The --exclude option of debootstrap works equally well even on
Essential: yes packages. Being able to experiment like this is great!
It is however still just an experiment which does not warrant filing release-critical bugs against various packages.

It is not helpful if people try to force the few people who are doing
QA work to spend their scarce QA time on fixing bugs that only happen
when building on single-core machines or in non-UTF-8 locales or without packages that are in practice installed everywhere, by making such
issues that are not a problem on our buildds release critical bugs.

That's the wrong approach. If the end user wants to make a modification,
they can't use our buildd network.

[...]

There are alot of packages which does not properly build in an unclean environment. In practise you need a controlled build environment to
properly build debian archive packages form source (which starts with deboostrap --variant=buildd ...).
If you think people should be able to build on top of their regular
install with various packages installed and various configurations it
would be much better if you tried to fix the many packages who fails in
this scenario.
If you think every packages should list just about all of the archive in Build-Conflicts just to not pick up unwanted extra autodetected
dependencies that make the package FTBFS then I think it would be
a good idea to check if there's actually project consensus on that.
If you think that every package must use configure flags to override autodetection of features, seek project consensus. Discuss it on the
policy list, where they'll probably tell you to first fix the archive
(without filing RC-bugs) and then come back.

If you want to do mass bug filing of release-critical severity you
better make sure there's project consensus on what you're doing and
than you're not just wasting everybodys limited time.
Multiple people have now raised their conserns with your approach.
As I've said before I appreciate the bug reports being filed,
even if it's just for "theoretical correctness", but a proper
severity would be wishlist. If your only motivation for this is
to be allowed to file release-critical bugs, then I think it's
better if you just stop.

Regards,
Andreas Henriksson

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Timo =?utf-8?Q?R=C3=B6hling?=@21:1/5 to All on Sat Jan 28 13:40:01 2023

Hi Andreas,

* Andreas Henriksson <andreas@fatal.se> [2023-01-28 12:50]:

Policy is not a religion. Policy has many bugs. Policy is very outdated. >[...]
Here's an example you could follow: >https://lists.debian.org/debian-policy/2022/12/msg00023.html

Your argument cuts both ways. Right now, Policy says that
the bugs are RC, and if you believe that should be different, why
don't you propose such a change and seek consensus yourself?

Cheers
Timo

--
⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮
⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │
⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │
⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmPVFXAACgkQ+C8H+466 LVl2UQv/S/Sp07cyWVMT3DrGHfvhP+F6Fy7SPUOty+GTs5GgUoVeVsUVyC70iC9F H/YR5s4wdKQdEyprBt5N+1WiJNdW21/WyuJoIl8J9zxYrL6xY168iCvZhau6m3st sGe7tbDRhVcVHuI1w46N0XNGbLjL/8OqG7x7Q59MJQm66bhucs/dBBg3mKeCfKdb MxnnkTRxiCLkwoVqTXSSr/7Hdz+3/kqD2dDABPgmNBHqsMSUhNHOhhkHDzem8q6O U+UOtzwwAgT01HD6VE0Za5JZtmJRi4o7TlIEHrW4IBnFitc+hAxKEjZuC6T6TsXN ReJe+Vt59pyafZ51aSX5dzJUBcX7YvIoNo7R2gxLmWr

From Santiago Vila@21:1/5 to Policy on Sat Jan 28 14:10:01 2023

El 28/1/23 a las 12:50, Andreas Henriksson escribió:

Policy is not a religion. Policy has many bugs. Policy is very outdated.

buildd is not a religion. buildd has bugs, etc.

Claiming there's no point to free software when the problem is simply
that you are using an *unsupported* setup?!?!

Unsupported by whom? What is supported or unsupported is explained in policy. Policy says it must work. Therefore it should be supported (by fixing the bugs).

All debootstrap variants
include Priority: required packages. As you can see they do so for a
reason!

Yes, because debootstrap has a bug. So no, there is not a reason other
than debootstrap insistence that this should be fixed by downgrading severities.

The --exclude option of debootstrap works equally well even on
Essential: yes packages.

That's a straw man. I'm not proposing anything of the sort. Policy says packages must build when essential and build-essential packages
are installed (plus build-dependencies).

If you think people should be able to build on top of their regular
install with various packages installed and various configurations it

Another straw man. I'm not proposing anything of the sort.

If you think every packages should list just about all of the archive in Build-Conflicts just to not pick up unwanted extra autodetected
dependencies that make the package FTBFS then I think it would be

Straw man. I'm not proposing anything like that.

Please stop.

You and others are essentially saying I should not follow policy
and release policy (when it's absolutely trivial to do so) but instead
some sloppy rule which is against policy and release policy.

That kind of coercion to NOT follow policy must stop. Seriously.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Johannes Schauer Marin Rodrigues@21:1/5 to All on Sat Jan 28 14:30:01 2023

Quoting Timo Röhling (2023-01-28 13:30:42)

Hi Andreas,

* Andreas Henriksson <andreas@fatal.se> [2023-01-28 12:50]:

Policy is not a religion. Policy has many bugs. Policy is very outdated. >[...]
Here's an example you could follow: >https://lists.debian.org/debian-policy/2022/12/msg00023.html

Your argument cuts both ways. Right now, Policy says that
the bugs are RC, and if you believe that should be different, why don't you propose such a change and seek consensus yourself?

could we decouple the policy and bug severity question from the question of what a buildd chroot should contain, please?

Santiago did the work, filed bugs and the fix is to add one more line to d/control. If you want to reproduce it, use `mmdebstrap --variant=apt --include=build-essential unstable chroot.tar` to create your chroot tarball.

I think the much more interesting question is in what environment we want to build our packages in. Currently, on buildds, we build them in a chroot that has Priority:required and build-essential because of (what I think is) a bug in debootstrap: #837060

So there are two ways forward:

1. accept that Priority:required is needed for building source packages

- adapt Debian policy accordingly
- revert the changes to packages made due to Santiago's bugs
- change all tools that do build dependency resolution to now also
consider Priority:required packages

2. make sure that packages are built without Priority:required packages

- fix debootstrap #837060 or use mmdebstrap to create buildd chroots
- Santiago already did a mass-rebuild and submitted bugs to make sure that
packages do not FTBFS

The last time I changed all the tools involved in build dependency resolution I had to submit patches to dpkg, sbuild, apt, dose3, debhelper, cdbs, pbuilder, lintian, wanna-build, devscripts and others. Of those who prefer option (1) over option (2) who is going to investigate and potentially change all the tools who currently just add the "build-essential" package? Or is the solution to add a dependency to build-essential on all Priority:required packages?

To me it seems that we nearly are already at (2). The debootstrap bug #837060 has a working patch and mmdebstrap exists that can do what is needed today. Santiago did an archive rebuild to make sure our source package compile in a chroot without Priority:required.

Why do people call just accepting that Priority:required packages have to be part of the buildd chroot the easier solution? We just need to fix debootstrap bug #837060 and we are done, no?

Thanks!

cheers, josch
--==============y40858924933004331=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmPVIvoACgkQ8sulx4+9 g+HQEhAAvG9KIXtcs+CZm4ongu23psSOOmr7cTRgqqOnQjDW1cikJBq3FAPWSzKA CSilYPpDawt70UjnDulXb9aNSI6wKToLoS7X7YBGjk3LCoJro89Qh+lZXV0iKB5i YZu4iyfyTs/J5Wkg4CSuM+k3k78GJxK77EAXHp6tefkln2W317u79/90gZmhargO cVBA3OXRkU/PEFd77UhAwP2LJ1J4f78DWyFBFXIu0PMFC/z9Rblt4wRfEJuJ49HG 4fxh8Xbr3nOKfOKjpMMJG7MbgAwtP46fQmqhMcnqUurJAd7+OX52dpzZJ+e/mDHT az/eZOGo19HESEbkRMAB2038IDa4eWA9jh3s7Lwvour4xEEJLgXhIq55vDQlBa11 x8OZ7KMC0ForrE4vaN8wlDFc+k+SXtQM2U8dij/ezOndEFxx8L0xEFCGoRSmyzvX /OpfaNySaQQIn6JvH4Odb07aTnwVuPxOLyDketFazp+8TEicuHlF6DkmK5gkRE1M KDnn+oNKKEcwu/RS8BcPFoQ10JVk6svU6fbiZrsPBlv56Hx3TyFvt0UtoHygf1q/ 0FBlPw1gSYlHTS+U3oFdtoPSDdB5S1oHAK47B/wKWrxXpTfy5npiIS1s7ihP4bHo 08vh4RPAM/l5PEq5+/pLHuGs/WcnTmiacfwdf8FTLQNDZpyQDvg=
=eTEq
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Shengjing Zhu@21:1/5 to josch@debian.org on Sat Jan 28 14:50:01 2023

On Sat, Jan 28, 2023 at 9:29 PM Johannes Schauer Marin Rodrigues <josch@debian.org> wrote:

To me it seems that we nearly are already at (2). The debootstrap bug #837060 has a working patch and mmdebstrap exists that can do what is needed today. Santiago did an archive rebuild to make sure our source package compile in a chroot without Priority:required.

Why do people call just accepting that Priority:required packages have to be part of the buildd chroot the easier solution? We just need to fix debootstrap
bug #837060 and we are done, no?

Yes, please fix debootstrap or anything else first, and ensure buildd
uses the fixed version.

If you can't convince the buildd to follow the policy, why should the individual package maintainers?

--
Shengjing Zhu

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Ansgar@21:1/5 to Johannes Schauer Marin Rodrigues on Sat Jan 28 14:50:01 2023

Johannes Schauer Marin Rodrigues writes:

I think the much more interesting question is in what environment we want to build our packages in. Currently, on buildds, we build them in a chroot that has Priority:required and build-essential because of (what I think is) a bug in
debootstrap: #837060

I would rather say: The build-essential packages are those installed by debootstrap's buildd profile. At least that seems to be current practice
for a long time.

So there are two ways forward:

1. accept that Priority:required is needed for building source packages

- adapt Debian policy accordingly

AFAIU it would not need changes? Policy doesn't seem to explicitly state
what packages are actually build-essential...

- revert the changes to packages made due to Santiago's bugs
- change all tools that do build dependency resolution to now also
consider Priority:required packages

Why would they need changes? Do they explicitly include essential
packages too?

2. make sure that packages are built without Priority:required packages

To me it seems that we nearly are already at (2).

I think we are already at (1) given everything works already?

Ansgar

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Holger Levsen@21:1/5 to Johannes Schauer Marin Rodrigues on Sat Jan 28 15:00:01 2023

On Sat, Jan 28, 2023 at 02:28:30PM +0100, Johannes Schauer Marin Rodrigues wrote:

could we decouple the policy and bug severity question from the question of what a buildd chroot should contain, please?

[...]

Why do people call just accepting that Priority:required packages have to be part of the buildd chroot the easier solution? [...]

because people get upset if they receive bug reports with severity serious
when they don't perceive these bugs as serious.

happened more than 9000 times already.

--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

This too shall pass.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmPVKNwACgkQCRq4Vgaa qhybCw/+PX16m9DbXv5h8KO9ycr21alsl9Dij2FtiZB0roSA3/pk21S5rMmzjNhT HB/SlZqIybsZW2QL+YRpJbntFCbT7iN6RFTRGup/zDHdelF5n2LL5CKVYLarV871 2TMkdQWr5LS7xvyC9o5/M9vEtRkqJKZY9xghN0Kwf9l+JTXEn1LDhtk3Zj4qhT6M SV0/8fnlf/8ctLkpF5esLsmZ+bwhPGoru3tBGDxI4HIQ2sO9xvQj6u+XQfwz0zZe 4uIgBU0mZtwH/VlKgPmh74zNSEfjn7xtkwR7oaNbUvq+gd3/S3KIV+/P7ZZjZOvY YVZPACqm6iiRVwK5FxU5zBrwnyL9zcp1hUL3QiJ5BMMT08aF23hFyFcsT0SThPNT VYl+B56+IY/nvi3v2XwqNT5Lq/w6Nx2hWCoZyfc97mnwI3WzeHvZRydoKmvIh47+ kHUdlfOiZaZMsBTabJyp66o5sYLOX6YzyL9CVsV9ShneU5y38hiP0/2iCU5/UQN0 WfY83PszaAFVeX4DdxAhJZZrGyhdeKCqa1KEjZortz7ONscU7lDJ11CRMDjMlj9p cUc9CpvBqB3liJqORcO/ID06EEnpTc2SGXIjSAaUfnUeVioAnrEvjGoerlxigDnL tygV98wMwviScUqU8l0UiSTAMD

From Adrian Bunk@21:1/5 to Johannes Schauer Marin Rodrigues on Sat Jan 28 15:10:01 2023

On Sat, Jan 28, 2023 at 02:28:30PM +0100, Johannes Schauer Marin Rodrigues wrote:

...
Why do people call just accepting that Priority:required packages have to be part of the buildd chroot the easier solution? We just need to fix debootstrap
bug #837060 and we are done, no?

This is mostly a new problem, a side effect of a different recent change:
The efforts to reduce the essential set for enabling smaller installs
of Debian.

"Priority: required" packages like e2fsprogs and tzdata used to be part
of the essential set, tzdata is no longer (transitively) essential since stretch and e2fsprogs no longer essential since buster.

It was not an intended goal to remove such packages from the *build*
essential set, and they are installed in all reasonable build
environments which makes it a non-issue in practice.

Adding them to build-essential would just enforce what was enforced
differently in the past, and what is still true in practice today.

It should at least be discussed first whether packages like tzdata that
have been a part of the build essential set should stay there.

Thanks!

cheers, josch

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Johannes Schauer Marin Rodrigues@21:1/5 to All on Sat Jan 28 15:20:01 2023

Quoting Holger Levsen (2023-01-28 14:53:37)

On Sat, Jan 28, 2023 at 02:28:30PM +0100, Johannes Schauer Marin Rodrigues wrote:

could we decouple the policy and bug severity question from the question of what a buildd chroot should contain, please?

[...]

Why do people call just accepting that Priority:required packages have to be
part of the buildd chroot the easier solution? [...]

because people get upset if they receive bug reports with severity serious when they don't perceive these bugs as serious.

happened more than 9000 times already.

And I asked in my mail to please "decouple the policy and bug severity question from the question of what a buildd chroot should contain" for a reason.

I have no problem with downgrading the severity of these bugs to non-RC and release bookworm without explicit build dependencies on e2fsprogs.

Discussing policy questions and bug severity distracts from the actual question that I find interesting.

Thanks!

cheers, josch
--==============05096919181227887=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmPVLRgACgkQ8sulx4+9 g+H0CxAAmVxTxU+gGzFXuTMbj/nrATVWcovvfXhXPXgFHSI0VSazOnudrBWy5u0D +cDr9PeFjs9H9w7mh/NsFDgcLtfj+XcVCkKY3CpXCr+YIdypfdVSn6ww69vZ7uC2 sbsD81bF1sKgaTkYthiEZQfiYONHAnRC5gLTBt8jEX806Clr1mSwoTE3ZEo5gHTC 77f3gG4nsu3KGxj8ty1k4F1HCa3rtsx/if2r8AHek8VgG9VZ12No7CuJm89h/QTJ Ik1k3WY3ZvsCh5zCkzeftvPdoQsP/ZfAeQNwM4ja8gNaiuhVsPIN/sdKoJkSMkoA Fkiwq8OIDCnNpJD9R1K1zuLplSju2VMcq7yqo1EO51jWrAgi3czMAxwRY7k1GQiH cTUmPywwPL9i8H08xVmYBZ5PJs3RIhAGvgGtDdwI3KoyRsTugTnuIB6QM9W8Hm0d ksX3b1joP87zwppZKfDpoNwBDSxzUtuwGoqnM0yrD/iRTcsl1ygAYJrxuOmszWDz Sxv0Luc/MgtNczQmtImcUK0ns5kbh9OBFnlWIxrOdwX4Lej34ZCU06/xsyJgp1B2 8js0bLxPzIXZ0InwQ7Km1bHOG8o6ZmfgWvCgblhQvVNqHmaGIRsN5wBwoy8F9fTF HcorqTZyUxV9gAZ6XZG+fd9pjCTblyKwrULFHa+WDYITGd05d9o=
=gpYT
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Johannes Schauer Marin Rodrigues@21:1/5 to All on Sat Jan 28 15:30:01 2023

Quoting Ansgar (2023-01-28 14:41:31)

Johannes Schauer Marin Rodrigues writes:

I think the much more interesting question is in what environment we want to
build our packages in. Currently, on buildds, we build them in a chroot that
has Priority:required and build-essential because of (what I think is) a bug in
debootstrap: #837060

I would rather say: The build-essential packages are those installed by debootstrap's buildd profile. At least that seems to be current practice
for a long time.

Do you agree that the software in our archive should agree on which packages are needed to build a source package? Currently, they do not. dose3 requires only Essential:yes and build-essential being installed. Who is buggy? If you think that dose3 is buggy, who is writing the dose3 patch? Is it not easier to just fix debootstrap so that debootstraps buildd profile does the same thing as most other pieces of software resolving build dependencies in the archive? I know of no other build dependency resolving software in Debian that considers Priority:required packages to be required for building source packages other than debootstrap. Do you?

So there are two ways forward:

1. accept that Priority:required is needed for building source packages

- adapt Debian policy accordingly

AFAIU it would not need changes? Policy doesn't seem to explicitly state
what packages are actually build-essential...

I'm not sure. But I also find the policy question less interesting. I find it more interesting to first agree how the final solution should look like and then change policy accordingly (if needed).

- revert the changes to packages made due to Santiago's bugs - change
all tools that do build dependency resolution to now also consider
Priority:required packages

Why would they need changes? Do they explicitly include essential
packages too?

Of course they do not do so explicitly, because all Essential:yes packages are dependencies (and build dependencies) of all packages already *implicitly*.

2. make sure that packages are built without Priority:required packages

To me it seems that we nearly are already at (2).

I think we are already at (1) given everything works already?

Aha. Try running "apt-get build-dep" on a system without tzdata nor e2fsprogs and witness how apt will not install tzdata nor e2fsprogs. The only reason this usually works right now is because debootstrap installs Priority:required by default in all situations including the buildd variant.

My proposal is to fix debootstrap #837060 (patch is in the bug report) so that it only installs Essential:yes, build-essential and apt and discuss if it makes sense to have packages like tzdata or e2fsprogs in a buildd chroot or not and if yes, add those packages as dependencies of the build-essential package.

I do not propose to do this before bookworm release.

Thanks!

cheers, josch
--==============g21548250718338004=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmPVMScACgkQ8sulx4+9 g+Eo3g//TU8XQLQ6u6feR65mvvXYWreLAgOUNFt5xChVCRu2li4+Uh2aCacgcrdj lVkdJlMTuJ/W9pNLvbhGO1rObSPDI6hWiW3NLtnDTO4NASoT/7nQunOWtWKLbd2l qunHDOP7KKh1kJF08GShnl75N3c0uLEy1o6DDYXSgIZn3eAoAJS9L5Kjs5bgvKEW fK2rVrzAlT/xMa4g4XXUbvvvy4I0E89+1uCp+niuuMFl/jD84YtYYLBRh0VqfqQJ 05vLyvCewplA1RH4zRnxsCLRmIKTDn+vKUW8bn83AYYln/phjETb42aU1QFi3gAQ oGlc362hAqLK89jbViB/ai0ADSKIpOXDroOh7WrX1ZtpBks6s/lB+YvgyUL1kSe8 eKEppqSSf47zjEpONvR0VNjgPHEyh4fMWGFwfdQDrzicu6nEmDWKuScBlxC7MELz fVi06eg+AeYRtZsWpCxATul0awlzNT4c7E7PWRuQZUfPjjWnNQEAtzjoFvBzqsp2 WeNi4wuCXKnRghn+Y+pHFBwN6DC/S1ZfRbeMcXSUnle1qrhWkZJBmMa4YxdCLlil qvS/s3LCEBpXe1CfcHfPpuhQYdDiabZNXIaYBXmjMYyGBOurpZdmtwux1rRDcxO9 O2ssyzBO6smRVDSm0CNPZfYzZvLPGmr2m2I7LEA7+M4kXtJ3eG8=
=V46T
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adam Borowski@21:1/5 to Santiago Vila on Sat Jan 28 16:40:01 2023

On Sat, Jan 28, 2023 at 01:59:40PM +0100, Santiago Vila wrote:

El 28/1/23 a las 12:50, Andreas Henriksson escribió:

Claiming there's no point to free software when the problem is simply
that you are using an *unsupported* setup?!?!

Unsupported by whom? What is supported or unsupported is explained in policy. Policy says it must work. Therefore it should be supported (by fixing the bugs).

Policy §2.5:
# "required"
# Packages which are necessary for the proper functioning of the
# system (usually, this means that dpkg functionality depends on
# these packages). Removing a "required" package may cause your
# system to become totally broken and you may not even be able to use
# "dpkg" to put things back, so only do so if you know what you are
# doing.

That's a straw man. I'm not proposing anything of the sort. Policy says packages must build when essential and build-essential packages
are installed (plus build-dependencies).

Build-essential _packages_. Not the "build-essential" package which very clearly says its dependencies are purely informational.

You and others are essentially saying I should not follow policy

No, we are saying that we believe your understanding of the policy is
flawed.

Meow!
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Let's make a Debian conference in Yalta, Ukraine. ⢿⡄⠘⠷⠚⠋⠀
⠈⠳⣄⠀⠀⠀⠀

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Ansgar@21:1/5 to Johannes Schauer Marin Rodrigues on Sat Jan 28 16:40:01 2023

Johannes Schauer Marin Rodrigues wrote:

Do you agree that the software in our archive should agree on which
packages are needed to build a source package? Currently, they do
not. dose3 requires only Essential:yes and build-essential being
installed. Who is buggy?

Well, the /informational/ list in build-essential could be updated if
people find that required packages should be listed there explicitly as
well.

I find it not very interesting to try and reduce the set of packages
used considered build-essential (which does include required packages
in practice as buildds have those installed).

(Also we do consider not installing "required" packages unsupported as
per the description of what "required" is; so if your build environment
doesn't include it, you are on your own.)

Ansgar

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Holger Levsen@21:1/5 to Johannes Schauer Marin Rodrigues on Sat Jan 28 16:50:01 2023

On Sat, Jan 28, 2023 at 03:11:39PM +0100, Johannes Schauer Marin Rodrigues wrote:

And I asked in my mail to please "decouple the policy and bug severity question
from the question of what a buildd chroot should contain" for a reason.

yes, I know. my point was that too many people won't be able to do this
(which this thread proves again.)

Discussing policy questions and bug severity distracts from the actual question
that I find interesting.

yes.

(and as (too many) people are not able to do this my suggestion is to
lower the severity of these bugs. not every policy violation is RC.)

--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

Some of my friends and I overcommit to things, so we made "Saying No to Things" punch cards. If you say no to 10 things, your friends have to buy you an ice cream. In a pilot study, we found participants both said no to more things and got more free ice cream. (@leah_pierson)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmPVQ8gACgkQCRq4Vgaa qhywehAAl+yqM+WpWk14BrsvUeO9GeLWdTTECeyGc+jdATDag77bOfrjYQra5ED5 YdPE9uIuFHreAqpWTUe0IXREg5BoVADTX4coIPYtFt847/SliGg2OtSfwOj68RgE N2s95/qGeFwFsCWWd7Sdg/hy1rzS+lUhRrr1UdfC6BxCFKWJ6dX2iAYeCz2t5lWX /ZUqF3sY89b4SkGJDhHIpbJq/pJ/B1A1ytCH+s8ZrEXOCzxXUlw/pyQLNQRk/n3O A04nez6ajxNpU2ELqFohVLBNkh442LGf/0HKh9O2JagFtQHMaZEMJkonxzF5+CNE 1CmixiUdg+TnLjeUWB166g+bM0OyEZr5oJWZt/VCItD8YweqEfSbKci3Y/dvOqZy 2Ppbm3HSNYKHWgP+qnpeMOrAtuIlWb3

From Adrian Bunk@21:1/5 to Johannes Schauer Marin Rodrigues on Sat Jan 28 16:50:01 2023

On Sat, Jan 28, 2023 at 03:28:58PM +0100, Johannes Schauer Marin Rodrigues wrote:

...
My proposal is to fix debootstrap #837060 (patch is in the bug report) so that
it only installs Essential:yes, build-essential and apt and discuss if it makes
sense to have packages like tzdata or e2fsprogs in a buildd chroot or not and if yes, add those packages as dependencies of the build-essential package.
...

Note that there are at least 2 potential reasons why a package should
stay in the build essential set:

1. many users, like tzdata

2. Important: yes
Making e2fsprogs not build essential would make it legal to do
Build-Conflicts: e2fsprogs
It might avoid problems in the future to make such nearly-essential
packages apt refuses to remove build-essential, otherwise there
could be problems like dose3 sending packages to a buildd where
apt refuses to fulfill the Build-Conflicts.

Thanks!

cheers, josch

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Guillem Jover@21:1/5 to Adam Borowski on Sat Jan 28 19:40:01 2023

On Sat, 2023-01-28 at 16:32:17 +0100, Adam Borowski wrote:

On Sat, Jan 28, 2023 at 01:59:40PM +0100, Santiago Vila wrote:

Unsupported by whom? What is supported or unsupported is explained in policy.
Policy says it must work. Therefore it should be supported (by fixing the bugs).

Policy §2.5:
# "required"
# Packages which are necessary for the proper functioning of the
# system (usually, this means that dpkg functionality depends on
# these packages). Removing a "required" package may cause your
# system to become totally broken and you may not even be able to use
# "dpkg" to put things back, so only do so if you know what you are
# doing.

As stated several times now this passage seems wrong, or inaccurate at
best. See #950440. And I don't see how tzdata would ever fall into
this definition even if that paragraph was correct. As mentioned
before, the tzdata package does not seem like a "required" package at
all, and this should be fixed by lowering its priority. Whether
debootstrap can be fixed to not use the Priority workaround, seem
orthogonal to the issue at hand.

That's a straw man. I'm not proposing anything of the sort. Policy says packages must build when essential and build-essential packages
are installed (plus build-dependencies).

Build-essential _packages_. Not the "build-essential" package which very clearly says its dependencies are purely informational.

It does not seem fair to argue both that the build-essential package is
just informational (when it's in fact the canonical declaration of what
is Build-Essential, and what every tool uses to install or check for the Build-Essential package set), and then also argue that whatever
debootstrap installs (which is based both on build-essential plus a
workaround due to lack of proper dependency resolution) is the canonical
thing.

Regards,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adrian Bunk@21:1/5 to Guillem Jover on Sat Jan 28 21:00:01 2023

On Sat, Jan 28, 2023 at 07:34:48PM +0100, Guillem Jover wrote:

On Sat, 2023-01-28 at 16:32:17 +0100, Adam Borowski wrote:

On Sat, Jan 28, 2023 at 01:59:40PM +0100, Santiago Vila wrote:

Unsupported by whom? What is supported or unsupported is explained in policy.
Policy says it must work. Therefore it should be supported (by fixing the bugs).

Policy §2.5:
# "required"
# Packages which are necessary for the proper functioning of the
# system (usually, this means that dpkg functionality depends on
# these packages). Removing a "required" package may cause your
# system to become totally broken and you may not even be able to use
# "dpkg" to put things back, so only do so if you know what you are
# doing.

As stated several times now this passage seems wrong, or inaccurate at
best. See #950440. And I don't see how tzdata would ever fall into
this definition even if that paragraph was correct. As mentioned
before, the tzdata package does not seem like a "required" package at
all, and this should be fixed by lowering its priority. Whether
debootstrap can be fixed to not use the Priority workaround, seem
orthogonal to the issue at hand.

That's a straw man. I'm not proposing anything of the sort. Policy says packages must build when essential and build-essential packages
are installed (plus build-dependencies).

Build-essential _packages_. Not the "build-essential" package which very clearly says its dependencies are purely informational.

It does not seem fair to argue both that the build-essential package is
just informational (when it's in fact the canonical declaration of what
is Build-Essential, and what every tool uses to install or check for the Build-Essential package set), and then also argue that whatever
debootstrap installs (which is based both on build-essential plus a workaround due to lack of proper dependency resolution) is the canonical thing.

I don't think such arguments are bringing us forward,
we should rather resolve the problem that these differ.

All/Most(?) packages where they do differ are packages that were until
recently part of the essential set, and since debootstrap still installs
them they are in practice still part of the build essential set.

Removing tzdata from the essential set made sense, and I do see your
point that tzdata does not fit the "totally broken" definition of
"required".

What we need are technical discussions like whether packages like tzdata
should also be removed from the build essential set, or whether tzdata
being a part of the build essential set should be expressed by making
the build-essential package depend on tzdata.

I have so far not seen any technical arguments why removing tzdata from
the build essential set would be better for Debian than keeping it there. Removing tzdata reduces the size of a chroot that has the build
dependencies for the hello package installed by ~ 0.5%, this size
decrease does not strike me as a sufficient reason for reducing the
build essential set.

Everyone can feel free to disagree with me on the previous paragraph,
but please argue technically and not based on wording in policy.

Regards,
Guillem

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Sat Jan 28 22:00:01 2023

El 28/1/23 a las 20:44, Sebastian Ramacher escribió:

On 2023-01-28 15:03:04 +0200, Adrian Bunk wrote:

On Sat, Jan 28, 2023 at 12:24:47PM +0100, Santiago Vila wrote:

...
* Those bugs are RC by definition and have been for a long time.
...

Please provide a pointer where a release team member has said so
explicitly in recent years.

In my experience they are usually saying that FTBFS that do not happen
on the buildds of release architectures are usually not RC.

Indeed. We require that packages are buildable on the buildds. If they
don't and they built before, they are RC buggy. For all other FTBFS
bugs, please use severity important at most.

So: What am I supposed to do when some maintainer rejects that this is a bug
at all and closes the bug? (See #1027364 for an example).

I believe Adam Borowski just does not understand the current build essential definition. Could somebody please explain it to him? I tried and failed.

Also: What I am supposed to do when some maintainer marks the bugs as "unreproducible"?
I think that's completely missing the point on what's the meaning of unreproducible.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Sat Jan 28 21:50:01 2023

El 28/1/23 a las 20:35, Adrian Bunk escribió:

I have so far not seen any technical arguments why removing tzdata from
the build essential set would be better for Debian than keeping it there. Removing tzdata reduces the size of a chroot that has the build
dependencies for the hello package installed by ~ 0.5%, this size
decrease does not strike me as a sufficient reason for reducing the
build essential set.

I believe tzdata not being build-essential is useful for two reasons:

One of them: I've actually found *two* cases where the build failure
(when not having tzdata in the chroot) was due to a missing *binary* dependency (of one of the build-depends).

The missing binary bug may not be very relevant, but it was discovered thanks to using a minimal build environment (and reporting build failures), as a side effect.

The other one: There are a bunch of packages whose unit tests rely on tzdata. The tzdata
package changes often during the lifetime of stable, and as a result, some package might
stop building from source. If we wanted to know in advance which packages might break after
a tzdata update, we could use the available information in the build-depends fields.

Of course, not that I personally have plenty of time for that, but in a general sense, having
the information of which packages use tzdata for building is better than not having such information
anywhere.

As you requested, I think the above two are technical reasons, not
merely "because policy says so".

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Sam Hartman@21:1/5 to All on Sat Jan 28 22:10:01 2023

"Santiago" == Santiago Vila <sanvila@debian.org> writes:

Santiago> El 28/1/23 a las 20:44, Sebastian Ramacher escribió:
>> On 2023-01-28 15:03:04 +0200, Adrian Bunk wrote:
>>> On Sat, Jan 28, 2023 at 12:24:47PM +0100, Santiago Vila wrote:
>>>> ... * Those bugs are RC by definition and have been for a long
>>>> time. ...
>>>
>>> Please provide a pointer where a release team member has said so
>>> explicitly in recent years.
>>>
>>> In my experience they are usually saying that FTBFS that do not
>>> happen on the buildds of release architectures are usually not
>>> RC.
>>
>> Indeed. We require that packages are buildable on the buildds. If
>> they don't and they built before, they are RC buggy. For all
>> other FTBFS bugs, please use severity important at most.

Santiago> So: What am I supposed to do when some maintainer rejects
Santiago> that this is a bug at all and closes the bug? (See
Santiago> #1027364 for an example).

Santiago> I believe Adam Borowski just does not understand the
Santiago> current build essential definition. Could somebody please
Santiago> explain it to him? I tried and failed.

Adam has argued that policy's definition of required implied that all
Debian systems need to include required packages including build
systems.
his argument is that the best reading of policy is that you take the
union of requiremnts:

A build system is a Debian system. So to be supported it needs to
include required packages

And it's a build system. So it needs to have build-essential installed.

So Adam is effectively arguing there are multiple requirements that
apply that come from different parts of policy.
That seems like a reasonable reading of policy to me.
I think Ansgar's proposed change to policy avoids ambiguity by making it
clear that build-essential needs to include required.
But Adam has convinced me he is reading policy correctly.

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQSj2jRwbAdKzGY/4uAsbEw8qDeGdAUCY9WNpgAKCRAsbEw8qDeG dEFRAP44MCP/dkaNltI/gr6fmHt1RUOYYTRnXMsIEnaX55VaBwEA1bfd216oyIZA h31Mpf5vi7aQ5vT9jpcQF8+nYsYEaQ4=h1cE
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adrian Bunk@21:1/5 to Santiago Vila on Sat Jan 28 22:40:01 2023

On Sat, Jan 28, 2023 at 09:45:14PM +0100, Santiago Vila wrote:

...
The other one: There are a bunch of packages whose unit tests rely on tzdata. The tzdata
package changes often during the lifetime of stable, and as a result, some package might
stop building from source. If we wanted to know in advance which packages might break after
a tzdata update, we could use the available information in the build-depends fields.
...

No, that won't work.

In your builds, how many percent of the packages that did have tzdata
installed during the build did not have a direct build dependency?

Looking at the dependency trees, I'd assume the vast majority of
packages where tzdata was installed during the build do not have
a direct build dependency.

This could easily become the nightmare situation where one changed
dependency somewhere makes 100 packages FTBFS that do need tzdata
during the build, but previously got it installed through other
build dependencies.

As you requested, I think the above two are technical reasons, not
merely "because policy says so".

Thanks, I do appreciate that.

Thanks.

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Sat Jan 28 22:30:02 2023

El 28/1/23 a las 22:18, Adrian Bunk escribió:

On Sat, Jan 28, 2023 at 09:45:14PM +0100, Santiago Vila wrote:

...
The other one: There are a bunch of packages whose unit tests rely on tzdata. The tzdata
package changes often during the lifetime of stable, and as a result, some package might
stop building from source. If we wanted to know in advance which packages might break after
a tzdata update, we could use the available information in the build-depends fields.
...

No, that won't work.

In your builds, how many percent of the packages that did have tzdata installed during the build did not have a direct build dependency?

Looking at the dependency trees, I'd assume the vast majority of
packages where tzdata was installed during the build do not have
a direct build dependency.

I think I see your point, but my idea was not to collect packages
with tzdata in build-depends only, but those whose build-depends
make tzdata to be installed (i.e. including transitive dependencies).

I don't know if there is already a tool for that, nor how much difficult
it would be to have such a tool.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Sebastian Ramacher@21:1/5 to Santiago Vila on Sat Jan 28 22:20:02 2023

On 2023-01-28 21:56:23 +0100, Santiago Vila wrote:

El 28/1/23 a las 20:44, Sebastian Ramacher escribió:

On 2023-01-28 15:03:04 +0200, Adrian Bunk wrote:

On Sat, Jan 28, 2023 at 12:24:47PM +0100, Santiago Vila wrote:

...
* Those bugs are RC by definition and have been for a long time.
...

Please provide a pointer where a release team member has said so explicitly in recent years.

In my experience they are usually saying that FTBFS that do not happen
on the buildds of release architectures are usually not RC.

Indeed. We require that packages are buildable on the buildds. If they don't and they built before, they are RC buggy. For all other FTBFS
bugs, please use severity important at most.

So: What am I supposed to do when some maintainer rejects that this is a bug at all and closes the bug? (See #1027364 for an example).

As with all mass bug filings, discuss the issue first on debian-devel.
See developer's reference 7.1.1. This discussion could have both
answered the questions whther RC severity is appropriate for this type
of bug and whether it's a bug at all.

I believe Adam Borowski just does not understand the current build essential definition. Could somebody please explain it to him? I tried and failed.

This is already covered in another subthread. But again, this could have
been avoided by following dev ref.

Also: What I am supposed to do when some maintainer marks the bugs as "unreproducible"?
I think that's completely missing the point on what's the meaning of unreproducible.

That's a completly different topic than RC severity.

Cheers
--
Sebastian Ramacher

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adrian Bunk@21:1/5 to Santiago Vila on Sat Jan 28 23:00:02 2023

On Sat, Jan 28, 2023 at 10:23:19PM +0100, Santiago Vila wrote:

El 28/1/23 a las 22:18, Adrian Bunk escribió:

On Sat, Jan 28, 2023 at 09:45:14PM +0100, Santiago Vila wrote:

...
The other one: There are a bunch of packages whose unit tests rely on tzdata. The tzdata
package changes often during the lifetime of stable, and as a result, some package might
stop building from source. If we wanted to know in advance which packages might break after
a tzdata update, we could use the available information in the build-depends fields.
...

No, that won't work.

In your builds, how many percent of the packages that did have tzdata installed during the build did not have a direct build dependency?

Looking at the dependency trees, I'd assume the vast majority of
packages where tzdata was installed during the build do not have
a direct build dependency.

I think I see your point, but my idea was not to collect packages
with tzdata in build-depends only, but those whose build-depends
make tzdata to be installed (i.e. including transitive dependencies).

I don't know if there is already a tool for that, nor how much difficult
it would be to have such a tool.

It shouldn't be hard to get this information from buildinfo files.

But tzdata is not unique here.

linux-libc-dev is also part of the build essential set and it is being
updated in every point release, and this has caused FTBFS in the past.

The proper solution for the problem you describe would be a test rebuild
of the full archive at the beginning of the week between the upload freeze
for a point release and the actual release.

Thanks.

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Russ Allbery@21:1/5 to Sebastian Ramacher on Sun Jan 29 01:00:01 2023

Sebastian Ramacher <sramacher@debian.org> writes:

As with all mass bug filings, discuss the issue first on debian-devel.
See developer's reference 7.1.1. This discussion could have both
answered the questions whther RC severity is appropriate for this type
of bug and whether it's a bug at all.

Historically, we have not treated FTBFS bugs as falling into the category
of mass bug filing or requiring this pre-discussion. Various folks have
been mass-filing FTBFS bugs near the release freeze for many years now and
they generally don't get a debian-devel discussion first.

Now that we've identified that there is a significant project disagreement
over the definition of build-essential, bugs specifically related to that disagreement may be worth some discussion (which is happening now). But I think that's new information for Santiago, not something that was obvious retroactively.

I think it's pretty clear from this discussion that the current Policy
wording is not sufficient, and we shouldn't have ambiguous language over something as central as what build dependencies packages need to declare.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Guillem Jover@21:1/5 to Adrian Bunk on Sun Jan 29 05:10:01 2023

On Sat, 2023-01-28 at 21:35:01 +0200, Adrian Bunk wrote:

I don't think such arguments are bringing us forward,
we should rather resolve the problem that these differ.

All/Most(?) packages where they do differ are packages that were until recently part of the essential set, and since debootstrap still installs
them they are in practice still part of the build essential set.

Sure.

Removing tzdata from the essential set made sense, and I do see your
point that tzdata does not fit the "totally broken" definition of
"required".

What we need are technical discussions like whether packages like tzdata should also be removed from the build essential set, or whether tzdata
being a part of the build essential set should be expressed by making
the build-essential package depend on tzdata.

I guess my question is, what makes tzdata build essential, besides
that it's currently kind-of implicitly there? To me it does not look
like it has the properties to be considered as such, besides that if
we lower its priority (as it deserves) it makes a bunch of packages
FTBFS. So, for one, this is getting in the way of making our minimal
(non build) systems smaller.

I have so far not seen any technical arguments why removing tzdata from
the build essential set would be better for Debian than keeping it there. Removing tzdata reduces the size of a chroot that has the build
dependencies for the hello package installed by ~ 0.5%, this size
decrease does not strike me as a sufficient reason for reducing the
build essential set.

I don't see how this can be a pure technical decision, TBH. To me this
looks more like either a matter of trade-offs, or IMO more importantly
of clean definition of a specification (which seems rather more
important than the other concerns). The work to spot these problems has
already been done, and the changes required are trivial and minimal (disregarding any severity consideration here).

Everyone can feel free to disagree with me on the previous paragraph,
but please argue technically and not based on wording in policy.

I can see the appeal, but the problem is that if we completely ignore
policy, then we are starting from nothing, which means deciding over
this is rather open-ended. And of course, policy is not set in stone
and can be fixed, amended, extended as needed, but I think it's our
base from where to start, so requesting to completely ignore it for
this discussion seems not ideal?

The current definition of what the build essential set is supposed to
mean, from policy, seems rather easily mappable to actual package
names (which was the intention, as to not hardcode those or their
organization in policy itself):

,---
It is not necessary to explicitly specify build-time relationships on
a minimal set of packages that are always needed to compile, link and
put in a Debian package a standard “Hello World!” program written in C
or C++. The required packages are called *build-essential*, and an
informational list can be found in "/usr/share/doc/build-
essential/list" (which is contained in the "build-essential" package).
`---

Which maps to a C and C++ compiler (including linker and C library),
make for debian/rules, and deb toolchain.

I appreciate the minimalism and simplicity of the definition. I've
also heard from time to time complains that we even require a C/C++
compiler as build-essential, when for many packages that's not even
needed (although a C compiler is currently needed by dpkg-dev to
determine the host arch).

Policy also has this to say:

,---
If build-time dependencies are specified, it must be possible to build
the package and produce working binaries on a system with only
essential and build-essential packages installed and also those
required to satisfy the build-time relationships (including any
implied relationships). […]
`---

Given that "tzdata" does not fit into the "required" definition anyway,
so the proposal to extend build-essential to include the "required"
priority does not make sense; having to slap in there, that “oh BTW, in addition we also need timezone data, which is not going to be needed at
all by that "Hello World!" program”, seems like a rather weird and
gratuitous requirement, and hackish definition wise, just to avoid
fixing those bug reports?

There are many things we could also include in build-essential to
avoid declaring them, which we still not do, so I'm not sure why we
need to special case timezone data here.

Regards,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Sebastian Ramacher@21:1/5 to Russ Allbery on Sun Jan 29 10:00:01 2023

On 2023-01-28 15:55:05 -0800, Russ Allbery wrote:

Sebastian Ramacher <sramacher@debian.org> writes:

As with all mass bug filings, discuss the issue first on debian-devel.
See developer's reference 7.1.1. This discussion could have both
answered the questions whther RC severity is appropriate for this type
of bug and whether it's a bug at all.

Historically, we have not treated FTBFS bugs as falling into the category
of mass bug filing or requiring this pre-discussion. Various folks have
been mass-filing FTBFS bugs near the release freeze for many years now and they generally don't get a debian-devel discussion first.

I don't think that those are comparable. Rebuilds with modified base
chroots have been discussed here before filing bugs. [1] is one of the
oldest examples I was able to find.

Cheers

[1] https://lists.debian.org/debian-devel/2008/01/msg00869.html
--
Sebastian Ramacher

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Adrian Bunk@21:1/5 to Guillem Jover on Sun Jan 29 11:50:01 2023

On Sun, Jan 29, 2023 at 05:00:56AM +0100, Guillem Jover wrote:

On Sat, 2023-01-28 at 21:35:01 +0200, Adrian Bunk wrote:

I don't think such arguments are bringing us forward,
we should rather resolve the problem that these differ.

All/Most(?) packages where they do differ are packages that were until recently part of the essential set, and since debootstrap still installs them they are in practice still part of the build essential set.

Sure.

Removing tzdata from the essential set made sense, and I do see your
point that tzdata does not fit the "totally broken" definition of "required".

What we need are technical discussions like whether packages like tzdata should also be removed from the build essential set, or whether tzdata being a part of the build essential set should be expressed by making
the build-essential package depend on tzdata.

I guess my question is, what makes tzdata build essential, besides
that it's currently kind-of implicitly there? To me it does not look
like it has the properties to be considered as such, besides that if
we lower its priority (as it deserves) it makes a bunch of packages
FTBFS.

It has historically been part of the build essential set.

It is used in the build of many packages.

There would be so many invisible undeclared build dependencies of
packages using it who have it pulled in by other packages that random
changes in the dependency tree might cause many packages to FTBFS at
any time if it does not stay build essential.

It is required to provide glibc functionality that is frequently
used during the build.

So, for one, this is getting in the way of making our minimal
(non build) systems smaller.

No, it is not.

There are 3 different topics:

1. making minimal (non build) systems smaller

Being able to exclude tzdata from a minimal system was achieved when it
was removed from the essential set in stretch.
debootstrap not installing it by default would make that easier.
Whether build-essential depends on tzdata does not make any difference.

2. normal systems

In a normal (non-minimal) installation not having tzdata installed
would be a bug harming many users, no matter what priority it will
have.

3. build essential

That's separate from 1. and 2.

I have so far not seen any technical arguments why removing tzdata from
the build essential set would be better for Debian than keeping it there. Removing tzdata reduces the size of a chroot that has the build dependencies for the hello package installed by ~ 0.5%, this size
decrease does not strike me as a sufficient reason for reducing the
build essential set.

I don't see how this can be a pure technical decision, TBH. To me this
looks more like either a matter of trade-offs,

It is a tradeoff between less work and saving ~ 0.5% space in build
chroots.

or IMO more importantly
of clean definition of a specification (which seems rather more
important than the other concerns). The work to spot these problems has already been done, and the changes required are trivial and minimal (disregarding any severity consideration here).

The work has been done for packages that do FTBFS today.

I would guess ~ 90% of the packages that did have tzdata installed
during Santiagos builds did not have or need a direct build dependency
because something else pulled it in.
It is unknown how many of these would have a latent FTBFS bug due to an undeclared direct build dependency.

Do we have any packages that build successfully but are broken without
tzdata installed during the build?

...
I appreciate the minimalism and simplicity of the definition. I've
also heard from time to time complains that we even require a C/C++
compiler as build-essential, when for many packages that's not even
needed (although a C compiler is currently needed by dpkg-dev to
determine the host arch).

I would also complain that dpkg-dev pulls the full perl into the build essential set.

The build essential set is so huge that I wouldn't even be surprised if
at some point in the future this discussion becomes moot because some
package in the build essential set gains a dependency on tzdata.

Perhaps some localtime related functionality could justify a dependency
of perl or perl-modules-5.36 on tzdata, which would keep it in the build essential set due to dpkg-dev being build essential?

Policy also has this to say:

,---
If build-time dependencies are specified, it must be possible to build
the package and produce working binaries on a system with only
essential and build-essential packages installed and also those
required to satisfy the build-time relationships (including any
implied relationships). […]
`---
...

I don't think this is helpful for the discussion whether packages that
were previously part of the essential set should stay part of the build essential set.

"Important: yes" e2fsprogs is an even bigger problem here:
It is rarely used during the build of a package and shouldn't stay part
of the build essential set for that reason, but as long as apt refuses
to remove it when it is already installed I don't think such
a nearly-essential package can be removed from the build essential
set because something like
Build-Conflicts: e2fsprogs
would then be both permitted and likely cause problems.

Regards,
Guillem

cu
Adrian

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Ansgar@21:1/5 to Santiago Vila on Sun Jan 29 14:00:01 2023

On Sun, 2023-01-29 at 13:43 +0100, Santiago Vila wrote:

What you call current practice is only current debootstrap behaviour.

Current practice is to use Build-Depends to specify build dependencies
in a way that the buildd network will successfully build packages. The
data might also be of (limited) use for other purposes.

We do *not* specify additional Build-Conflicts (that might make builds
fail / produce different results). Neither does the buildd network
require that packages already installed are listed additionally in Build-Depends to install those and build packages successfully.

The set of preinstalled packages in build environments is decided by
the debootstrap implementation, so yes, the debootstrap behavior is
current practice.

If you want Build-{Depends,Conflicts} to provide stronger promises,
that is a change from current practice. And could be extended to
forcing /usr/local to be empty and a sane, standard environment and
contents of $HOME and anything else that could affect build results.

Ansgar

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Sun Jan 29 13:50:01 2023

El 28/1/23 a las 14:41, Ansgar escribió:

Johannes Schauer Marin Rodrigues writes:

I think the much more interesting question is in what environment we want to >> build our packages in. Currently, on buildds, we build them in a chroot that >> has Priority:required and build-essential because of (what I think is) a bug in
debootstrap: #837060

I would rather say: The build-essential packages are those installed by debootstrap's buildd profile. At least that seems to be current practice
for a long time.

What you call current practice is only current debootstrap behaviour.

There are already packages in bullseye having build-depends
on tzdata, and afaik it was not me who reported them to have such build-dependency. If current practice was really not to consider
tzdata as build-essential, as you say, somebody would have reported
those build-dependencies as a bug, because we don't use build-depends
when the package is build-essential.

I would say, therefore, that current practice all this time has really
been to report those bugs and fix them, i.e. current practice is
that tzdata is not build-essential, despite debootstrap behaviour.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Sun Jan 29 16:20:01 2023

El 29/1/23 a las 9:56, Sebastian Ramacher escribió:

On 2023-01-28 15:55:05 -0800, Russ Allbery wrote:

Historically, we have not treated FTBFS bugs as falling into the category
of mass bug filing or requiring this pre-discussion. Various folks have
been mass-filing FTBFS bugs near the release freeze for many years now and >> they generally don't get a debian-devel discussion first.

I don't think that those are comparable. Rebuilds with modified base
chroots have been discussed here before filing bugs. [1] is one of the
oldest examples I was able to find.

Cheers

[1] https://lists.debian.org/debian-devel/2008/01/msg00869.html

There is a big difference between such experiment and what I do.

Policy 4.2 starts by saying this:

Source packages should specify which binary packages they require to be installed
or not to be installed in order to build correctly.

(I think it is because the "or not" part that Adrian thinks I'm trying to
open a can of worms. But that's not the case). Policy follows:

If build-time dependencies are specified, it must be possible to build the package and produce working binaries on a system with only essential and build-essential packages installed [...]

This is when we have a "must", in a clean chroot environment. So, there is a "must" to build
in a completely clean environment, but there is not a "must" to build in a dirty environment.

Therefore, I don't think it's fair at all to put both kind of environments in the same
bag by calling them both "modified build environments".

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Wouter Verhelst@21:1/5 to All on Mon Jan 30 11:10:01 2023

On Sat, Jan 28, 2023 at 01:30:42PM +0100, Timo R�hling wrote:

Hi Andreas,

* Andreas Henriksson <andreas@fatal.se> [2023-01-28 12:50]:

Policy is not a religion. Policy has many bugs. Policy is very outdated. [...]
Here's an example you could follow: https://lists.debian.org/debian-policy/2022/12/msg00023.html

Your argument cuts both ways. Right now, Policy says that
the bugs are RC, and if you believe that should be different, why
don't you propose such a change and seek consensus yourself?

What is "RC" is defined by the release team, not by policy.

The release team has clarified that these bugs are not RC.

--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Mon Jan 30 13:50:01 2023

El 27/1/23 a las 22:37, Adrian Bunk escribió:

Speaking as someone who is doing a lot of QA work, [...]

Note: I've downgraded the bugs in dispute to important,
so they are not RC anymore, per request of Sebastian Ramacher.

I just wanted to point out that the "it's more work for me"
argument goes both ways.

You are working on RC bugs, and that's great (I remember for example
a FTBFS bug in gettext for which you found a fix. It really helped).

I'm working on FTBFS bugs in general, including "FTBFS randomly" bugs,
which are (in general) considered important only.

So, for every FTBFS bug which is not fixed before the release because it's not RC,
there is double the work for me if I want to keep stable free of FTBFS bugs
in general, because the bug has to be fixed in unstable and then backported
to stable. Note that I'm talking in general, not about tzdata-related bugs.

I know that you sometimes work on backporting fixes from FTBFS bugs to stable, so I believe you know well what I'm talking about. Note also that I'm not trying
to use this as an argument to have "more RC bugs", I just wanted you to look
at the other side.

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Timo =?utf-8?Q?R=C3=B6hling?=@21:1/5 to All on Mon Jan 30 13:50:01 2023

* Wouter Verhelst <wouter@debian.org> [2023-01-30 12:07]:

What is "RC" is defined by the release team, not by policy.

The release team has clarified that these bugs are not RC.

My mistake, I conflated policy violation and RC.

Other than that, my original point stands: if you think Policy is
wrong, please help fix it, don't dismiss it as "outdated" and filled
with "many bugs".

Cheers
Timo

--
⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮
⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │
⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │
⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEJvtDgpxjkjCIVtam+C8H+466LVkFAmPXuooACgkQ+C8H+466 LVmt9wv8DUTkvS2LnQqAGg8xeLBo0iyVPbOj9Qt4xhB1sIbNFTvbt08eCTXJuaFW XYAX8VKKsHc0b7rbopBxd0sWgSZkQkYuPek+KnPJJBDrH3863gVFYUtnMP0t5cFN xBp5L5HZbpTSRdePsS5a8NBkRK7e7eP01nzv4uUHuk7yEKFaVPQrYu4cBa+MvC1x SvCH3kFwNZZHWdmLap8vNoJx0pLmIoZb3p36zHjmC4dFdwVTNwnvn4X0mWW5VpP5 9qB8BWUeuwMLHyYUpyGtPqHn4L1FWz5Ujjmo/0YKOzjFk962xADtQGC4Cp50rXNd 6x+SSdIW3K64gJg4Vm1JCchOVOWza1xkfKqBo9fLAaW

From Guillem Jover@21:1/5 to Adrian Bunk on Mon Jan 30 14:10:01 2023

On Sun, 2023-01-29 at 12:28:37 +0200, Adrian Bunk wrote:

On Sun, Jan 29, 2023 at 05:00:56AM +0100, Guillem Jover wrote:

On Sat, 2023-01-28 at 21:35:01 +0200, Adrian Bunk wrote:

Removing tzdata from the essential set made sense, and I do see your point that tzdata does not fit the "totally broken" definition of "required".

What we need are technical discussions like whether packages like tzdata should also be removed from the build essential set, or whether tzdata being a part of the build essential set should be expressed by making
the build-essential package depend on tzdata.

I guess my question is, what makes tzdata build essential, besides
that it's currently kind-of implicitly there? To me it does not look
like it has the properties to be considered as such, besides that if
we lower its priority (as it deserves) it makes a bunch of packages
FTBFS.

It has historically been part of the build essential set.

(So the "that it's currently kind-of implicitly there".)

It is used in the build of many packages.

Given the number of packages that currently declare a dependency on
tzdata (34~), the ones that seem to have the most potential to pull it
for others are language bindings such as python3-dateutil, python3-tz ruby-tzinfo, etc, which handle timezone stuff anyway and would keep
pulling it. So I find this assertion hard to believe. And the following
points seem to be based on this fundamental assumption.

I think though, we might be able to easily answer at least how many
builds ended up with tzdata installed (even if it ended up not being
used), if Santiago still has the build logs around, those would be
easily grep-able.

(Whether it was used at all could be checked after each build through
atime I guess. But this seems all like a lot of wasted effort TBH.)

And for reference, Santiago seems (I might be wrong) to have filed
around 46 reports about this, which seems like a very tiny speck in
the grand scheme of things.

There would be so many invisible undeclared build dependencies of
packages using it who have it pulled in by other packages that random
changes in the dependency tree might cause many packages to FTBFS at
any time if it does not stay build essential.

I fail to see how this is any different from any other transitive
dependency being pulled automatically due to some implementation
detail somewhere.

It is required to provide glibc functionality that is frequently
used during the build.

This seems like a reiteration of the above "it's used a lot". There
are other things that are used a lot during builds and yet they are
not build-essential (python3 for an obvious example).

So, for one, this is getting in the way of making our minimal
(non build) systems smaller.

No, it is not.

There are 3 different topics:

1. making minimal (non build) systems smaller

Being able to exclude tzdata from a minimal system was achieved when it
was removed from the essential set in stretch.
debootstrap not installing it by default would make that easier.
Whether build-essential depends on tzdata does not make any difference.

Sure, you can, but it's not the _default_, so it *is* getting in the way.
And some seem to be even trying to tie it into the build-essential set by proxy, wanting to bolt Priority:required into it… People keep bringing up
in this discussion the sanctity of these default installations, so it
again seems unfair to then disregard it when it's not convenient.

2. normal systems

In a normal (non-minimal) installation not having tzdata installed
would be a bug harming many users, no matter what priority it will
have.

Sure, this can easily be achieved by making it Priority:important,
so I don't see this being a concern.

3. build essential

That's separate from 1. and 2.

Sure again (as long as it is not kept as Priority:required "for
reasons").

I have so far not seen any technical arguments why removing tzdata from the build essential set would be better for Debian than keeping it there. Removing tzdata reduces the size of a chroot that has the build dependencies for the hello package installed by ~ 0.5%, this size decrease does not strike me as a sufficient reason for reducing the
build essential set.

I don't see how this can be a pure technical decision, TBH. To me this looks more like either a matter of trade-offs,

It is a tradeoff between less work and saving ~ 0.5% space in build
chroots.

That would be the trade-off you see, yes. :)

or IMO more importantly
of clean definition of a specification (which seems rather more
important than the other concerns). The work to spot these problems has already been done, and the changes required are trivial and minimal (disregarding any severity consideration here).

The work has been done for packages that do FTBFS today.

I would guess ~ 90% of the packages that did have tzdata installed
during Santiagos builds did not have or need a direct build dependency because something else pulled it in.
It is unknown how many of these would have a latent FTBFS bug due to an undeclared direct build dependency.

This is again usual business when it comes to any transitive dependency
that is an implementation detail, for any existing package. I still
fail to see how tzdata is some kind of special case here.

Do we have any packages that build successfully but are broken without
tzdata installed during the build?

Do we perform or require similar checks whenever we change or remove
transitive dependencies elsewhere? I guess this could easily be caught
up by the reproducible builds though.

...
I appreciate the minimalism and simplicity of the definition. I've
also heard from time to time complains that we even require a C/C++ compiler as build-essential, when for many packages that's not even
needed (although a C compiler is currently needed by dpkg-dev to
determine the host arch).

I would also complain that dpkg-dev pulls the full perl into the build essential set.

(If the idea of rewriting dpkg-dev in some other language was ever _entertained_, I don't see why we would not also at the same time
consider removing perl from the build-essential set, yes. If the
complaint is though about perl-base vs perl, I'm happy to evaluate how
much effort that would involve. :)

The build essential set is so huge that I wouldn't even be surprised if
at some point in the future this discussion becomes moot because some
package in the build essential set gains a dependency on tzdata.

Perhaps some localtime related functionality could justify a dependency
of perl or perl-modules-5.36 on tzdata, which would keep it in the build essential set due to dpkg-dev being build essential?

This again seems like a gratuitous dependency just to keep this around, affecting every other installation.

Policy also has this to say:

,---
If build-time dependencies are specified, it must be possible to build
the package and produce working binaries on a system with only
essential and build-essential packages installed and also those
required to satisfy the build-time relationships (including any
implied relationships). […]
`---
...

I don't think this is helpful for the discussion whether packages that
were previously part of the essential set should stay part of the build essential set.

Why? This has happened in the past and will keep happening. An example
that immediately comes to mind is the perl CGI modules, which got split
out from perl and that was not a big social issue at all (as should be expected!). I also easily recall this even happening within the essential
set, when dpkg switched from xz-utils to liblzma and packages had started
to assume the former would be present. The build-essential set has always
been way more dynamic than the essential one.

So I'm having a very hard time understanding what has people riled up
about tzdata, as this very special thing that needs to be preserved
there at all costs, while there's been this much time, effort, emotion
and words spent on these threads compared to the amount of time required
to add the trivial dependency to all current failing packages and
probably any potential future ones.

I'm also finding the notion that some seem to be trying to push here
(even if not in an explicit or intended way) that the whole
build-essential set should have such a strict and monolithic composition (including apparently all of its transitive dependencies) in a similar
way how we supposedly handle the essential set, to be worrisome, and
given the energy spent here, wasteful.

"Important: yes" e2fsprogs is an even bigger problem here:
It is rarely used during the build of a package and shouldn't stay part
of the build essential set for that reason, but as long as apt refuses
to remove it when it is already installed I don't think such
a nearly-essential package can be removed from the build essential
set because something like
Build-Conflicts: e2fsprogs
would then be both permitted and likely cause problems.

In the abstract I think this theoretical problem is important to
support from the tooling, so I've filed #1030020 against apt, so that
we can control a way to allow automatic removal from discardable
systems. After that I might file reports against build-drivers such as
sbuild or pbuild to make use of that possibility when they know they
are building on such discardable system.

But for the particular case you bring up, there has never been the
need, and I think I'd find it rather upsetting if any package declared
a Build-Conflicts against a Protected/Important:yes package, because
in essence that means you cannot safely build them anymore on your main
system, and I'd be hard pressed to question why any package would ever
need such Build-Conflicts to the point I think this should be considered
a bug on those packages.

So this seems like a non-issue to me.

Regards,
Guillem

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Santiago Vila@21:1/5 to All on Mon Jan 30 14:40:01 2023

El 30/1/23 a las 14:05, Guillem Jover escribió:

Given the number of packages that currently declare a dependency on
tzdata (34~), the ones that seem to have the most potential to pull it
for others are language bindings such as python3-dateutil, python3-tz ruby-tzinfo, etc, which handle timezone stuff anyway and would keep
pulling it. So I find this assertion hard to believe. And the following points seem to be based on this fundamental assumption.

More to the point and fun fact: The dependency of ruby-tzinfo on tzdata was *missing*
in unstable:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026178

It was added after I reported that 21 different ruby packages failed to build in a completely clean build environment. (Special thanks to Antonio Terceiro).

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	300
Nodes:	16 (2 / 14)
Uptime:	33:04:06
Calls:	6,707
Files:	12,239
Messages:	5,353,260

Please, minimize your build chroots

Who's Online

System Info