Ubuntu
cdbs package

never call debian/control rule and build this file during the build

Bug #25905 reported by Debian Bug Importer
8
Affects Status Importance Assigned to Milestone
cdbs
Fix Released
Undecided
Jeff Bailey
cdbs (Debian)
Fix Released
Unknown
cdbs (Ubuntu)
Fix Released
High
Jeff Bailey

Bug Description

Automatically imported from Debian bug report #339720 http://bugs.debian.org/339720

See original description
Revision history for this message
Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #339720 http://bugs.debian.org/339720

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Fri, 18 Nov 2005 11:15:01 +0100
From: Steffen Joeris <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: never call debian/control rule and build this file during the build

Package: cdbs
Version: 0.4.32
Severity: serious

Hi

It should never be possible to call a target named debian/control ,
which will build a control file during the build. But this is possible
with cdbs, because the target has the name of a file which exists and then
the rules will call this target.

You have a cdbs package and for whatever reason turned on the play with
my debian/control in a bad way option. See #311724 for a long text on
that matter.
 Small overview: The DEB_AUTO_UPDATE_DEBIAN_CONTROL option turned on
 modifies Build-Depends, which doesn't affect the build that's running.
 But it affects all following builds, which can be NMU, buildd builds
 and worst case: security builds. You DO NOT want to have such a build
 getting a different result (except for the small changes intended with
 the build) just because there is now another thing in the
 build-depends.
  Two solutions for this:
  Think about it and set the Build-Depends yourself. That's easy and you
  can check them in pbuilder.
  Do this only in a special target in debian/rules that is NEVER called
  automagically. So you can check what it did before you start the real
  build.

This is the text from the ftpteam which you can also find here:

http://ftp-master.debian.org/REJECT-FAQ.html

Greetings
Steffen

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

cdbs depends on no packages.

Versions of packages cdbs recommends:
ii autotools-dev 20050803.1 Update infrastructure for config.{
ii debhelper 5.0.7 helper programs for debian/rules

-- no debconf information

Revision history for this message
In , Steve Langasek (vorlon) wrote :

severity 339720 normal
thanks

Ironically enough, because this is CDBS itself doing this, which means there
is no build-dependency on an external tool that results in altering the
contents of debian/control, the regeneration of the control file is
absolutely idempotent; and because the regeneration is done as part of the
clean target, it's guaranteed that the file included in the source package
is the one used for building. So there is no release-critical bug here.

Possibly no bug at all, but I'll leave it to the maintainers to decide
whether to close.

Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 18 Nov 2005 07:14:44 -0800
From: Steve Langasek <email address hidden>
To: <email address hidden>
Subject: Re: never call debian/control rule and build this file during the build

--BzCohdixPhurzSK4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

severity 339720 normal
thanks

Ironically enough, because this is CDBS itself doing this, which means there
is no build-dependency on an external tool that results in altering the
contents of debian/control, the regeneration of the control file is
absolutely idempotent; and because the regeneration is done as part of the
clean target, it's guaranteed that the file included in the source package
is the one used for building. So there is no release-critical bug here.

Possibly no bug at all, but I'll leave it to the maintainers to decide
whether to close.

Cheers,
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

--BzCohdixPhurzSK4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDfe/kKN6ufymYLloRAneGAJ44XzkPca0qh/xgh1UwlcACaUs5nQCdGiBQ
n9vH8JnXH3o/3d2aZ8kzHdQ=
=L307
-----END PGP SIGNATURE-----

--BzCohdixPhurzSK4--

Revision history for this message
Jeff Bailey (jbailey) wrote :

CDBS should handle this case gracefully. Specifically,

1) debian/rules debian/control should fail hard unless an environment variable is set.

2) The rule should be called automatically.

This will cause an FTBFS on the buildd where the debian/control file is out of date while still preserving the autogenerate function for maintainers who like this feature.

Changed in cdbs:
assignee: nobody → jbailey
Revision history for this message
In , Peter Eisentraut (petere) wrote : tagging 322401, tagging 339720

# Automatically generated email from bts, devscripts version 2.9.15
tags 322401 - pending
tags 339720 + pending

Revision history for this message
In , Peter Eisentraut (petere) wrote : Bug#339720: fixed in cdbs 0.4.37
Download full text (3.3 KiB)

Source: cdbs
Source-Version: 0.4.37

We believe that the bug you reported is fixed in the latest version of
cdbs, which is due to be installed in the Debian FTP archive:

cdbs_0.4.37.dsc
  to pool/main/c/cdbs/cdbs_0.4.37.dsc
cdbs_0.4.37.tar.gz
  to pool/main/c/cdbs/cdbs_0.4.37.tar.gz
cdbs_0.4.37_all.deb
  to pool/main/c/cdbs/cdbs_0.4.37_all.deb

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Peter Eisentraut <email address hidden> (supplier of updated cdbs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 25 Mar 2006 00:27:15 +0100
Source: cdbs
Binary: cdbs
Architecture: source all
Version: 0.4.37
Distribution: unstable
Urgency: low
Maintainer: CDBS Hackers <email address hidden>
Changed-By: Peter Eisentraut <email address hidden>
Description:
 cdbs - common build system for Debian packages
Closes: 228044 262757 273835 337487 339720 345615 353820
Changes:
 cdbs (0.4.37) unstable; urgency=low
 .
   * Merged all existing documentation, readmes, and examples into one
     coherent document
   * Dropped more-or-less redundant text and PostScript formatted
     documentation
   * Rewrote gen-dotty in Perl; ocaml dependency is gone
   * Process depgraph.dot using graphviz instead of springgraph for better
     looks and speed
   * Removed autogen.sh; it was nonfunctional (use autoreconf instead)
   * Document that rules that add commands should come after including
     CDBS makefiles (closes: #273835)
   * Added buildcore.mk dependency to hbuild.mk and python-distutils.mk
   * Use debhelper level 5 by default (debhelper.mk) (closes: #353820);
     test cases in debhelper-{4,5}.sh
   * Generate properly versioned build dependency on debhelper depending
     on level used (debhelper.mk) (closes: #345615)
   * Automatically add --dbg-package to dh_strip if one debug package is
     defined and debhelper level 5 is used (buildvars.mk, debhelper.mk)
     (closes: #228044); test case in debhelper-2.sh
   * Added call to dh_installcatalogs (debhelper.mk)
   * Call make as $(MAKE) (autotools.mk, makefile-vars.mk,
     perlmodule-vars.mk)
   * Added + to rules calling $(MAKE) indirectly, for correct interaction
     with parallel make (makefile.mk)
   * Automatically use --disable-dependency-tracking (autotools-vars.mk)
     (closes: #337487)
   * Added DEB_DH_SHLIBDEPS_ARGS_$(cdbs_curpkg) (debhelper.mk)
     (closes: #262757)
   * Don't use auto-update debian/control feature (closes: #339720)
Files:
 825f5eb58a14972668ae4aa3fc5e2532 949 devel optional cdbs_0.4.37.dsc
 ec016546e3c2e397338db292827635b2 188844 devel optional cdbs_0.4.37.tar.gz
 f5403eab080b4cb3497b32d9bddda89f 289480 devel optional cdbs_0.4.37_all.deb

-----BEGIN PGP SIGNATURE----...

Read more...

Revision history for this message
Barry deFreese (bddebian) wrote :

This is fixed in 0.4.37 from Debian unstable.

Changed in cdbs:
status: Unconfirmed → Confirmed
Revision history for this message
Jeff Bailey (jbailey) wrote :

Fixed with merge from Debian, thanks.

Changed in cdbs:
status: Unconfirmed → Fix Released
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.