Building packages without (fake)root

Turns out that it is surprisingly easy to build most packages without (fake)root.  You just need to basic changes:

  1. A way to set ownership to “root:root” of paths when dpkg-deb –build constructs the binary.
  2. A way to have debhelper not do a bunch of (now) pointless chowns to “root:root”.

The above is sufficient for dpkg, debhelper, lintian, apt-file, mscgen, pbuilder and a long list of other packages that only provide paths owned by “root:root”. Obviously, packages differ and yours might need more tweaks than this (e.g. dh_usrlocal had to change behaviour to support this).

But for me, the best part is that the above is not just some random prototype stuck in two git repos on alioth:

Unfortunately, if you are working with games or core packages like shadow with need for static ownership different from “root:root” (usually with a setuid or setgid bit), then our first implementation does not support your needs at the moment[1].  We are working on a separate way to solve static ownership in a declarative way.


[1] Note regarding “/usr/local”: If your package needs to provide directories there owned by “root:staff” with mode 02775, then dh_usrlocal can handle that. The non-“root:root” ownership here works because the directories are created in a maintainer script run as root during installation.  Unfortunately, it cannot provide different ownership or modes with “R³ != binary-targets” at the moment.


This entry was posted in Debhelper, Debian. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.