diff options
Diffstat (limited to 'dh_testroot')
| -rwxr-xr-x | dh_testroot | 78 |
1 files changed, 72 insertions, 6 deletions
diff --git a/dh_testroot b/dh_testroot index c010dd50..5dcadc51 100755 --- a/dh_testroot +++ b/dh_testroot @@ -1,8 +1,10 @@ -#!/usr/bin/perl -w +#!/usr/bin/perl + +=encoding UTF-8 =head1 NAME -dh_testroot - ensure that a package is built as root +dh_testroot - ensure that a package is built with necessary level of root permissions =head1 SYNOPSIS @@ -10,18 +12,82 @@ B<dh_testroot> [S<I<debhelper options>>] =head1 DESCRIPTION -B<dh_testroot> simply checks to see if you are root. If not, it exits with an -error. Debian packages must be built as root, though you can use -L<fakeroot(1)> +B<dh_testroot> is used to determine if the target is being run with +suffient access to root(-like) features. + +The definition of sufficient access depends on whether the builder +(the tool invoking the F<debian/rules> target) supports the +I<Rules-Requires-Root> (R³) field. If the builder supports R³, then +it will set the environment variable I<DEB_RULES_REQUIRES_ROOT> and +B<dh_testroot> will validate that the builder followed the minimum +requirements for the given value of I<DEB_RULES_REQUIRES_ROOT>. + +If the builder does not support I<Rules-Requires-Root>, then it will +not set the I<DEB_RULES_REQUIRES_ROOT> environment variable. This +will in turn make B<dh_testroot> (and the rest of debhelper) fall back +to assuming that (fake)root is implied. + +The following is a summary of how B<dh_testroot> behaves based on the +I<DEB_RULES_REQUIRES_ROOT> environment variable (leading and trailing +whitespace in the variable is ignored). + +=over 4 + +=item - + +If unset, or set to C<binary-targets>, then B<dh_testroot> asserts +that it is run as root or under L<fakeroot(1)>. + +=item - + +If set to C<no>, then B<dh_testroot> returns successfully (without +performing any additional checks). + +=item - + +If set to any other value than the above, then B<dh_testroot> asserts +that it is either run as root (or under L<fakeroot(1)>) or the builder +has provided the B<DEB_GAIN_ROOT_CMD> environment variable (e.g. via +dpkg-buildpackage -r). + +=back + +Please note that B<dh_testroot> does I<not> read the +I<Rules-Requires-Root> field. Which implies that B<dh_testroot> may +produce incorrect result if the builder lies in +I<DEB_RULES_REQUIRES_ROOT>. On the flip side, it also enables things +like testing for what will happen when I<DEB_RULES_REQUIRES_ROOT> is +set to a given value. =cut use strict; +use warnings; use Debian::Debhelper::Dh_Lib; + +our $VERSION = DH_BUILTIN_VERSION; + inhibit_log(); -if ($< != 0) { +my $requirements = Debian::Debhelper::Dh_Lib::root_requirements(); + +if (! -f 'debian/control') { + warning('dh_testroot must be called from the source root'); +} + +# PROMISE: DH NOOP WITHOUT internal(rrr) + +# By declaration; nothing requires root and this command must be a no-op in that case. +exit 0 if $requirements eq 'none'; +# The builder /can/ choose to ignore the requirements and just call us as root. +# If so, we do not bother checking the requirements any further. +exit 0 if $< == 0; +if ($requirements eq 'legacy-root') { error("You must run this as root (or use fakeroot)."); +} else { + my $env = $ENV{DEB_GAIN_ROOT_CMD}; + error("Package needs targeted root but builder has not provided a gain-root command via \${DEB_GAIN_ROOT_CMD}") + if not $env; } =head1 SEE ALSO |