Bug#1001223: dx: stores wrong path to sh if /usr/bin/sh or /usr/local/bin/sh exists
Simon McVittie
smcv at debian.org
Mon Dec 6 15:50:32 GMT 2021
Source: dx
Version: 1:4.4.4-14
Severity: important
Tags: patch bookworm sid
User: reproducible-builds at lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: reproducible-bugs at lists.alioth.debian.org
If dx is built on a merged-/usr system (as created by new
installations of Debian >= 10, debootstrap --merged-usr, or installing
the usrmerge package into an existing installation), the path to sh
is recorded in the binary package as /usr/bin/sh, rather than the
canonical /bin/sh. A previous solution to this appears to have not been
completely successful: it edited the path found in header files, but
not the path hard-coded into executable files.
This can be seen on the reproducible-builds.org infra:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/diffoscope-results/dx.html
If you have sbuild available, an easy way to reproduce this is to build
twice, once with --add-depends=usrmerge and once without.
The problematic situation is if the package is *built* on a unified-/usr
system, but *used* on a non-unified-/usr system. In this situation,
/usr/bin/sh exists on the build system but not on the system where the
package will be used, resulting in the features that use this executable
not working correctly.
Similarly, if there is a /usr/local/bin/sh visible at build-time,
then that path would likely end up hard-coded into the binary,
causing the relevant feature to fail on all systems that do not have
/usr/local/bin/sh.
Technical Committee resolution #978636 mandates heading towards a
transition to merged-/usr, and variation between merged-/usr and
non-merged-/usr builds is a problem while that transition is taking
place, because it can lead to partial upgrades behaving incorrectly. It
is likely that this class of bugs will become release-critical later in
the bookworm development cycle.
A common way to resolve this sort of thing is to pass a configure option
or a variable name to ./configure, and this package appears to provide a
--with-bsh option for this purpose, so I'd recommend using it. The attached
patch builds successfully with or without usrmerge, with the same content
(although I have not otherwise tested the resulting packages).
Thanks,
smcv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Pass-interoperable-path-for-bin-sh-to-configure.patch
Type: text/x-diff
Size: 1174 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-bugs/attachments/20211206/a6e5579a/attachment.patch>
More information about the Reproducible-bugs
mailing list