Bug#992662: cfengine3: stores wrong path to chpasswd, etc. if built on merged-/usr system
Simon McVittie
smcv at debian.org
Sat Aug 21 23:48:08 BST 2021
Source: cfengine3
Version: 3.15.2-3
Severity: important
Tags: patch bookworm sid
User: reproducible-builds at lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org, Fabio Tranchitella <kobold at debian.org>
If cfengine3 is built on a merged-/usr system (as created by new
installations of Debian >= 10, debootstrap --merged-usr, or installing
the usrmerge package into an existing installation), the paths to
chpasswd, useradd etc. are recorded in the binary as /sbin/chpasswd,
/sbin/useradd, etc.
This can be seen on the reproducible-builds.org infra:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/cfengine3.html
(search for "/sbin/chpasswd" to see the differences I'm concerned about).
If you have sbuild available, an easy way to reproduce this is to build
twice, once with --add-depends-arch=usrmerge and once without.
The problematic situation is if the package is *built* on a merged-/usr
system, but *used* on a non-merged-/usr system. In this situation,
/sbin/chpasswd etc. exist on the build system but not on the system
where cfengine3 will be used, resulting in the features that use these
executables not being available.
Technical Committee resolution #978636 mandates heading towards a
transition to merged-/usr, and this will become a non-issue at the end of
that transition; but variation between merged-/usr and non-merged-/usr
builds is a problem while that transition is taking place, because it
can lead to partial upgrades behaving incorrectly. It is likely that
this class of bugs will become release-critical later in the bookworm
development cycle.
The attached patch resolves this: with it applied, the package builds
identically with and without --add-depends-arch=usrmerge.
A side benefit of fixing this is that this change seems likely to be
sufficient to make the package reproducible (as recommended by Policy
§4.15).
smcv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Specify-canonical-paths-to-chpasswd-etc.patch
Type: text/x-diff
Size: 3888 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-bugs/attachments/20210821/7164daa5/attachment.patch>
More information about the Reproducible-bugs
mailing list