XPost: linux.debian.bugs.dist
From: [email protected]

Source: dpkg
Version: 1.22.13
Severity: serious
Justification: Policy §5.6.31
X-Debbugs-Cc: [email protected]

dpkg 1.22.13 implemented a backwards-incompatible change,
violating Policy (which states the default value is most
certainly *not* “no”) and breaking builds of packages.

dpkg (1.22.13) unstable; urgency=medium
- Dpkg::BuildDriver::DebianRules: Change default R³ value to «no».

I’ve confirmed that an explicit “Rules-Requires-Root: binary-targets” ceteris paribus fixes the build, so the breakage was indeed introduced
by this dpkg change. Please revert it.

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist, linux.debian.policy
From: [email protected]

Control: severity -1 normal

Hi!

On Wed, 2025-02-12 at 04:16:29 +0100, Thorsten Glaser wrote:

Source: dpkg
Version: 1.22.13
Severity: serious
Justification: Policy §5.6.31
X-Debbugs-Cc: [email protected]

dpkg 1.22.13 implemented a backwards-incompatible change,
violating Policy (which states the default value is most
certainly *not* “no”) and breaking builds of packages.

This was proposed, coordinated in debian-devel and debian-release,
and a MBF done, and then the changed was deployed:

https://lists.debian.org/debian-devel/2024/11/msg00535.html
https://lists.debian.org/debian-devel/2024/12/msg00029.html
https://lists.debian.org/debian-devel/2024/12/msg00358.html
https://lists.debian.org/debian-devel/2025/01/msg00022.html

https://lists.debian.org/debian-release/2024/12/msg00435.html
https://lists.debian.org/debian-release/2025/01/msg00028.html
https://lists.debian.org/debian-release/2025/01/msg00203.html

While the work to make packages build w/o root has been going on
for years now, with the conditions where this applies having been
tightened increasingly over time, culminating in this change.

In this case policy is just lagging, #1092193 (in general policy is
not prescriptive, it follows practice).

dpkg (1.22.13) unstable; urgency=medium
- Dpkg::BuildDriver::DebianRules: Change default R³ value to «no».

I’ve confirmed that an explicit “Rules-Requires-Root: binary-targets” ceteris paribus fixes the build, so the breakage was indeed introduced
by this dpkg change. Please revert it.

Is this with an out of archive package? If so dpkg-deb should have
warned about the problem, otherwise this was then probably missed in
one of the mass rebuilds, but I'd be happy to try make this change
more smooth. I was pondering about perhaps adding a NEWS entry in the
dpkg-dev package, although that still does not help with CI systems and similar. (That's why I'm not closing this right away.)

There is also #1092193, which I need to come back to, but in my mind
this would be more in the direction as mentioned above, of trying to
give better notice or similar.

On Thu, 2025-02-13 at 10:01:39 +0100, Gioele Barabucci wrote:

shouldn't this bug be filed instead against debian-policy for not having recorded the (silent) consensus [1] reached between November 2024 and
January 2025?

[1] https://linux.debian.devel.narkive.com/7bK6YbqZ/mbf-proposing-rules-requires-root-no-being-the-new-default

This was already filed, ah, and the change is already in the «next» debian-policy branch, commit 7ef35446b3e7ec8fcb823924d160fa2b168a77c9.

Thanks,
Guillem

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist, linux.debian.policy
From: [email protected]

Hi Guillem,

On Thu, Feb 13, 2025 at 10:50:39AM +0100, Guillem Jover wrote:

On Wed, 2025-02-12 at 04:16:29 +0100, Thorsten Glaser wrote:

dpkg 1.22.13 implemented a backwards-incompatible change,
violating Policy (which states the default value is most
certainly *not* “no”) and breaking builds of packages.

[..]

Is this with an out of archive package? If so dpkg-deb should have
warned about the problem, otherwise this was then probably missed in
one of the mass rebuilds, but I'd be happy to try make this change
more smooth. I was pondering about perhaps adding a NEWS entry in the dpkg-dev package, although that still does not help with CI systems and similar. (That's why I'm not closing this right away.)

From what I can tell from other mails, I believe the package in
question is openjdk-8 (unstable only); see bug #1095746.

BR,
Chris
(driving by)

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist, linux.debian.policy
From: [email protected]

Hi!

On Thu, 2025-02-13 at 12:34:52 +0100, Chris Hofstaedtler wrote:

On Thu, Feb 13, 2025 at 10:50:39AM +0100, Guillem Jover wrote:

On Wed, 2025-02-12 at 04:16:29 +0100, Thorsten Glaser wrote:

dpkg 1.22.13 implemented a backwards-incompatible change,
violating Policy (which states the default value is most
certainly *not* “no”) and breaking builds of packages.

[..]

Is this with an out of archive package? If so dpkg-deb should have
warned about the problem, otherwise this was then probably missed in
one of the mass rebuilds, but I'd be happy to try make this change
more smooth. I was pondering about perhaps adding a NEWS entry in the dpkg-dev package, although that still does not help with CI systems and similar. (That's why I'm not closing this right away.)

From what I can tell from other mails, I believe the package in

question is openjdk-8 (unstable only); see bug #1095746.

Ah, thanks for the context. In that case, going by that bug report, it
looks like openjdk-8 was most probably already buggy, and this seems
like another instance of what was reported in:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093766#10

Thanks,
Guillem

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist, linux.debian.policy
From: [email protected]

severity 1095791 serious
thanks

On Thu, 13 Feb 2025, Guillem Jover wrote:

From what I can tell from other mails, I believe the package in

question is openjdk-8 (unstable only); see bug #1095746.

Ah, thanks for the context. In that case, going by that bug report, it
looks like openjdk-8 was most probably already buggy, and this seems
like another instance of what was reported in:

Yes, it’s one of doko’s originally, and it’s mostly on life support
due to many active users. I was unaware of the change due to not
having been included in the MBF I only learnt about after reporting
the bug on the Fediverse; who knows what other packages are excluded?

This also cost me *quite* some debugging, which could have been avoided.

It’s still an RC bug in dpkg because Policy specifically says that
the default value isn’t “no”, though.

Furthermore, this WILL break numerous third-party and downstream distro packages. I consider this a bad change, not only deliberately backwards‐ incompatible, but also SILENTLY changing. If you wanted to have gotten
rid of packages not declaring R³ and force package maintainers into even
more (usual culprit is lintian) useless churn, go make that an error,
but do NOT *ever* change the default value in a backwards-incompatible
way leading to silent failures.

Plus, you have invented this whole dpkg-build-api thing. Go make that
change THERE instead.

So, due to the Policy violation, raising severity again. If you want to
not have this treated as RC bug, ensure a changed Policy is released
first. But I ask you to move the default change to the dpkg-build-api
thingy instead.

bye,
//mirabilos
--
Yes, I hate users and I want them to suffer.
-- Marco d'Itri on gmane.linux.debian.devel.general

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist, linux.debian.policy
From: [email protected]

On Fri, 14 Feb 2025, Guillem Jover wrote:

This bug does not count as RC just because Debian upload bureaucracy
hasn't been performed yet.

If packagers cannot rely on Policy to give correct information, what
*can* they rely on?

This is not how Debian Policy has ever worked. By that measure
packages could not rely on multiarch or triggers to name a coupled
of examples. And Policy changes in general tend to be done after the
changes have been implemented and deployed in the archive.

That’s for things which Policy didn’t describe yet because they
were new. But if Policy states a definite value, I *expect* the
tooling to adhere to that value.

Or, if you absolutely must cause more useless churn on package
maintainers, at least forbid not setting R³. But don’t silently
change the default to an incompatible value.

The problem that triggered this report was only surfaced by the R³
change, but it is not really directly affected by it. The real problem
is that the R³ change made it possible to skip calling the
«debian/rules build» targets, where the affected package was already

Yes, I know. I’m sorry for having a life in which I needed a quick
workaround for this dpkg RC bug in the package first, since that
affects actual users, and that it takes time fully analysing what
the packaging I only inherited in the first place does wrong, where,
and how to best fix it, plus openjdk-8 takes a full day to build on
my hardware. (Less with nocheck, sure.)

Policy buggy, but the breakage was not visible. If the R³ default
would get reverted, but the change to call
«fakeroot debian/rules binary-arch» kept, the openjdk-8 package would
still misbuild.

I know. Doesn’t change the fact that dpkg’s change breaks packages.

Would you *please* at least read and consider the alternative
solutions I pointed out above? Thanks.

bye,
//mirabilos
--
<igli> exceptions: a truly awful implementation of quite a nice idea.
<igli> just about the worst way you could do something like that, afaic.
<igli> it's like anti-design. <mirabilos> that too… may I quote you on that? <igli> sure, tho i doubt anyone will listen ;)

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist, linux.debian.policy
From: [email protected]

On Mon, Mar 03, 2025 at 08:55:38PM +0100, Niels Thykier wrote:

Control: severity -1 normal

When Guillem and I analyzed the numbers in November, we concluded we could remove fakeroot from 10 000 packages while only having to fix about 250 packages. That is, only 2.5% of the packages would need a change.

What about packages that are not in unstable or testing ?

Cheers,
--
Bill. <[email protected]>

Imagine a large red swirl here.

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist
From: [email protected]

On Tue, Mar 04, 2025 at 07:57:28PM +0100, Niels Thykier wrote:

Bill Allombert:

On Mon, Mar 03, 2025 at 08:55:38PM +0100, Niels Thykier wrote:

Control: severity -1 normal

When Guillem and I analyzed the numbers in November, we concluded we could
remove fakeroot from 10 000 packages while only having to fix about 250 packages. That is, only 2.5% of the packages would need a change.

What about packages that are not in unstable or testing ?

It is not clear to me what you are asking here. Could you please clarify
your question?

Users are using dpkg to build packages that are not part of unstable and testing,
and so have not beed considered by the November tests.

What will happen to them ? Will they simply FTBFS ?

Cheers,
Bill.

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist
From: [email protected]

On Wed, Mar 05, 2025 at 04:14:50PM +0100, Niels Thykier wrote:

Bill Allombert:

[...]

Users are using dpkg to build packages that are not part of unstable and testing,
and so have not beed considered by the November tests.

What will happen to them ? Will they simply FTBFS ?

Cheers,
Bill.

There is no "Yes/No" answer to this question.

The outcome depends on the package in question. Guillem and I identified the failure modes in the preparation for the MBF (see https://lists.debian.org/debian-devel/2024/11/msg00535.html for details). As an example, a `dh` package will generally successfully rebuild without any changes. However, the most common failure more is a FTBFS. It was rare for in-archive packages (2.5%) and I have no reason to believe it would be notably different for out of archive packages.

Sorry, I ma bit confused: Is the manpage dpkg-buildpackage(1) up-to-date ? Does dpkg-buildpackage -rfakeroot still work as expected ?
Is there a command-line flag to dpkg-buildpackage to revert to the bookworm behaviour ?
At the very least the way to work-around this should be documented in the release note.

Cheers,
Bill.

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

XPost: linux.debian.bugs.dist, linux.debian.policy
From: [email protected]

Hello,

On Mon 03 Mar 2025 at 08:55pm +01, Niels Thykier wrote:

As for the RC'ness of this bug, I have downgraded the bug to normal as you
saw above. I am doing that since the Release Team are the final arbiter of
which bugs are release critical (and not Debian Policy).

It's a little more subtle than this -- Policy is the final arbiter of
which packages have Severity:serious in the BTS, and the Release Team is
the final arbiter of which of the bugs with Severity:serious count as release-critical for a given release, via their -ignore tags.

(Thanks for a helpful reply to this bug, btw.)

--
Sean Whitton

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmfHq/AZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQLDfD/47m9Ap5JsEifJ0W7SS3DRa PBFLJTiejVZlf7x8rNAszuFA5EFpaiIK9tQY77eC7GW0iqt2lMCoSlie93m6mECG vgLqyNT9zTXH1qhdAaWkhvRJxS7RaLWBY6oVqTKcRfJA08fV3aNFE+5Pbq0jAB/M pRqBd9hkM3BuwpfG7eqrEOSAVbpu+fNPXbrWBs249KCTVEC0z+EvRthEHop6ekvN rI0yMacB5yJX8S7ikjWN4tTbK8wLVmZ2omaxKJciIJIOHfkP837i/rw2wePZHLos jsun0yXj5tJoF01Fi0suQHelnILccpSZ5mHSDXA7aMWJr4TdA+Zx9vOf2jwyJqMC oX9h7aNSNjN/tDL112A+JY1kJ2OQUcmD5LsbV4aa7cXbpoLbTIgRWN4jnl2K4HLd HJplgfmio7oDnhWtVrEkSAGRZdy3gwVgBdzvynKQQ6u6kPmGEhLk+cB0iPoidohP rGvwuJ6g8S0mkhCS9KjZfv5ejs0VW0XRguOxRP/3I06IX2OMLx/sDRRAzA6jyvsM XtvwyuwxsSLe8zI8Ws+9pJlVC6vPbEKYNxnKwMYz5SuWYL8m5SknrXABsfL10h9b oS7Msd73ZM6w0TxWLNhR35PWXKXu6zIQC877UaH8pcvM/FV7raE5Qriliu0SXX6r sCwrE4di+HVAdS5ylAEusQ==+fnz
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: you canno