[pkg-php-pear] Bug#1100492: Bug#1100492: php-doctrine-persistence run against wrong version

[David Prévot]

Hi Sven,

Thank you for your report.

On 14/03/2025 13:57, Sven Mueller wrote:
> Source: php-doctrine-persistence
[…]
> The below analysis shows that tests are running not against the newest
> version (the one just built but against the system installation of the
> indirect build dependency on itself).
I’m well aware of this annoying behavior, that currently forces me to 
upload a locally built binary package followed by a source only upload 
(spoiler alert, this is not the only package affected). Basically, all 
the phpunit dependency chain is likely affected.

Currently, the dependency classes are loaded by using their full path to 
avoid a CVE-2024-24821 like exposure, so it is not possible to load the 
new classes (since the system ones have already been loaded). I don’t 
think it’s possible to overwrite this behavior, so we’re kind of stuck here.

It would be nice to be allowed to upload staged build packages to the 
archive, building it first without tests (DEB_BUILD_OPTIONS=nocheck), 
and then building the package again with the previously built one 
installed, but that doesn’t seem like something we’ll be able to do, at 
least on a short-time scale.

One option could be to totally ignore the testsuite at build time and 
simply rely on the autopkgtest to spot regressions, but we’ll miss the 
input from the “rebuild all the archive” efforts, and also the obvious 
homemade build. On the other hand, it would make my (and probably your) 
life a lot easier…

I’m not tagging this bug as wontfix (because it’s a pain I’d very much 
like to get fixed), but I don’t know the best way forward. Hopefully, 
other team members may shim in and even point at a silver bullet that I 
missed.

Regards,

taffit,