Differences between revisions 95 and 96
Revision 95 as of 2015-08-18 14:40:58
Size: 18630
Editor: ?HelmutGrohne
Comment: noudeb profile?
Revision 96 as of 2015-08-27 06:08:09
Size: 18787
Editor: josch
Comment: clarify the applicability of the restriction formula
Deletions are marked like this. Additions are marked like this.
Line 78: Line 78:
and `>` as the closing bracket) to be used after the architecture qualification and `>` as the closing bracket) to be used after the optional architecture restriction
Line 84: Line 84:
Just as the version specification and the architecture restriction list, the
restriction formula is optional and attached to a single package name.

Document status

Preliminary support of this spec was implemented in.

program

version

bug

vcs commit

dpkg

1.17.14

760158

git:8329c09b

sbuild

0.65.0-1

731798

apt

1.0.9.3

763721

git:2e5afeb5

python-apt (dep on libapt)

0.9.3.6

744243

git:419ac4d0, git:921a75d9

debhelper

9.20141010

763766

cdbs

772788

pbuilder

0.215+nmu4

740577

git:19152b3f

lintian

2.5.29

763773

dose3

3.3~beta1-1

wanna-build

dak

744246

devscripts (mk-build-deps)

python-debian

0.1.23

git:718fa762, git:118fa762

libconfig-model-dpkg-perl

2.057

763772

augeas

haskell-debian

dh-exec

0.15

793736

autopkgtest

787093

git:fd343efd, git:fd343efd5

Problem description

For some compilation scenarios it is required to build-depend on a different set of binary packages than specified in the Build-Depends line. The two most important scenarios are:

  • Bootstrapping (for breaking build dependency cycles) and

  • Cross building (for source packages having different build dependencies during cross building than during native building)

This specification describes an extension of the Build-Depends field syntax. The extensions allow the marking of build dependencies as being needed or not needed when one or more build profiles are activated. It also defines a new field called "Build-Profiles" which, depending on the context marks binary packages as being built or not built with a certain set of build profiles activated or marks binary packages as having been built with a certain set of build profiles activated.

Build profiles can be activated by setting the environment variable DEB_BUILD_PROFILES or by using the -P option with dpkg-buildpackage (or -o Apt::Build-Profiles for apt, or --profiles in sbuild). More than one build profile can be activated at a time. Multiple profiles are specified by separating them with commas in commandline arguments and by separating them with spaces in the DEB_BUILD_PROFILES environment variable. Some common profile names are "stage1", "stage2", "nocheck", "nodoc", "nobiarch" and "cross".

Build-Depends syntax extension (restriction formulas)

An example demonstrating the restriction formula syntax for build profiles:

Build-Depends: foo (>= 1.0) [i386 arm] <!stage1> <!cross>, bar

This specification introduces a new pair of brackets (using < as the opening and > as the closing bracket) to be used after the optional architecture restriction list. The < and > brackets enclose a whitespace separated list of terms called a restriction list. But in contrast to architecture qualification there can be multiple < and > enclosed restriction lists. The list of restriction lists is called a restriction formula and individual restriction lists are separated by whitespace. Just as the version specification and the architecture restriction list, the restriction formula is optional and attached to a single package name.

Every term in a restriction list refers to the name of a build profile (see above for a list). Terms can be negated by using an exclamation mark as a prefix just as architectures in the architecture qualification list. In contrast to the architecture qualification list, positive and negative terms are allowed to be mixed.

The terms arranged as a restriction formula form a disjunctive normal form expression. This is, each term within a restriction list is AND-ed together while the restriction lists in a restriction formula are OR-ed together. This also means that the order of terms within restriction lists and the order of restriction lists within a restriction formula does not matter. A term evaluates to "true" if the profile with the same name was set for the build. It defaults to false if the profile was not set. In the example above, the package would depend on foo for i386 or arm and if neither the profile stage1 nor the profile cross are active.

Second example:

Build-Depends: foo <stage1 cross>

In this case, the source package would build depend on foo only if both, the profile stage1 and cross are active.

Third example:

Build-Depends: foo <stage1 cross> <stage1>

In this case, the source package would build depend on foo if either both, stage1 and cross are active or if the profile stage1 is active. This means that the dependency is not applied if the profile cross alone is active.

In other words, if a build dependency is annotated with a restriction formula, then that build dependency is included if and only if the condition expressed by the conjunctive normal form expression evaluates to true.

The Build-Profiles field

In debian/control binary package stanzas, the content of the Build-Profiles field specifies the condition for which that binary package does or does not build. To express that condition, the same restriction formula syntax from the Build-Depends field is used.

Build-Profiles: <!cross> <!stage1>

If a binary package stanza in a debian/control file does not contain a Build-Profiles field, then it implicitly means that it builds with all build profiles (including none at all).

In other words, if a binary package stanza in debian/control is annotated with a non-empty Build-Profiles field, then that binary package is generated if and only if the condition expressed by the conjunctive normal form expression evaluates to true.

The Built-For-Profiles field

In *.changes and Packages files, the content of the Built-For-Profiles field specifies the white space separated list of build profiles with which that binary or source package was built.

The DEB_BUILD_PROFILES environment variable

The DEB_BUILD_PROFILES environment variable contains a space separated unordered list of activated profiles. The content of this variable must be honored by all tools involved in package compilation. Here an example for debian/rules (enabling sql for any build except stage1 profile - notice the negated test):

ifneq ($(filter stage1,$(DEB_BUILD_PROFILES)),)
    DH_OPTIONS += -Nlibdb5.1-sql # not needed with debhelper (>= 9.20140227)
    CONFIGURE_SWITCHES += --disable-sql
else
    CONFIGURE_SWITCHES += --enable-sql
endif

Profile built binary packages

A binary package must contain the exact same content for all profiles with which it builds including no activated profile at all (if it builds in that case). Otherwise a package depending on that binary package might not find the functionality or data it expects it to provide. This means that if necessary binary packages have to be split or that a source package has to be built in two stages. This requirement can not technically be checked before ReproducibleBuilds happen.

This requirement does not apply if the "stage1" or "nodoc" profile is active. In this case, only the parts of the package that expose a functional interface (scripts, programs, libraries, headers) must not be different. Non-functional interfaces like documentation can be different or missing in the produced binary packages.

Example

Imagine src:foo depends on bar which is needed to build a plugin that is shipped together with other plugins in the package foo-plugins. When bar is made optional as a build dependency of src:foo in a stage1 build, then the resulting stage1 binary package foo-plugins would differ from the foo-plugins package that is created during a full build. Thus the creation of the foo-plugins binary package must be disabled by using the Build-Profiles field in the foo-plugins binary package stanza and by adding the necessary bits to debian/rules for packages without debhelper or when build depending on debhelper (>> 9.20140227) is not desired.

If foo-plugins has reverse dependencies which are part of a cycle with src:foo itself, then not building foo-plugins would not solve the bootstrap problem. In that case it is necessary to either:

  • split the foo-plugins package into foo-plugins-nobar and foo-plugins-bar and adjust *all* reverse dependencies of foo-plugins to correctly depend on foo-plugins-nobar and foo-plugins-bar

  • or create a package foo-plugins-nobar during a stage1 build and modify only the reverse dependencies that are in a cycle with src:foo to build depend on foo-plugins-nobar in their own stage1 build. When src:foo is built fully, it will not produce foo-plugins-nobar anymore but the full foo-plugins package instead.

Rationale

The final goal is to allow a fully automated bootstrap where a buildd is able to bootstrap the whole archive for a specific architecture without any manual intervention. This is only possible if reverse dependencies of any binary package continue to be able to rely on its content being the one they expect no matter how the binary package was created. If this cannot be guaranteed, then a dependency solver will choose an installation set which does not satisfy the actual dependencies of a package and the bootstrap will fail. Just as it is necessary for multiarch, this often means the addition of more binary packages. In the case of bootstrapping, those binary packages might even only be useful during the bootstrap process itself. For example, the dependency cycle between src:gamin and src:glib2.0 can be solved by letting src:glib2.0 build an additional package libglib2.0-stage1-dev which does not include gamin on which src:gamin can then build depend upon during a stage1 build. While the temporary package libglib2.0-stage1-dev is very short lived, there can be situations where the stage1 package needs to be around for a long time. One example are the binary packages built by glibc stage2. While these can be built very early, the full glibc can only be built once audit and systemtap are available which come much later. Without those temporary, differently named, stage1 packages, another package might accidentally use a not fully built binary package to satisfy its dependencies. This is especially likely to happen for long lived stage1 binary packages. The only alternative to introducing temporary stage1 binary packages, would be to change the dependency system to include the information for which build profiles a binary package is built. But this is unlikely to happen due to the intrusiveness of such a change.

Registered profile names

The profile names used is a distribution specific policy. Ideally Debian derivatives should use the same profile names registered in Debian so that there's consistency, but otherwise most of the tools do not care about the names or its semantics, only the packages making use of them.

The current prospective list of registered profile names in Debian is:

Name

C

S

Description

stage1

F1

Y

Used when bootstrapping an architecture, stage 1. Must reduce Build-Depends.

stage2

F1

Y

Used when bootstrapping an architecture, stage 2. Should not be necessary for packages other than glibc or gcc.

nocheck

N

N

No test suite should be run, and build dependencies used only for that purpose should be ignored. Builds that set this profile must also add nocheck to DEB_BUILD_OPTIONS

nodoc

F

Y

No documentation should be included or built into packages.

nobiarch

N

Y

No multilib packages should be built.

cross

N

N

Can be used to add extra dependencies for cross-compilation. Usually used when a package would build depend on it self. If the set of binary packages built changes, then it should be combined with a profile like stage1.

C

Whether the content of individual binary packages may change when activating this profile. Values: N (not at all), F (no functional changes, e.g. changes to /usr/share/doc/, /usr/share/locale/ or /usr/share/man/), Y (package contents may change)

S
Whether the set of binary packages built may change when activating this profile. I.e.: whether this profile name can occur by itself in the Build-Profile field in binary stanzas in debian/control. Values: N (no), Y (yes)

Possible future additions include:

Name

Description

nonls or nointl or noi18n

No i18n support should be built into the package.

noudeb

Inhibit building udebs (used by systemd)

Other uses for the restriction syntax

Mark build dependencies that need to be translated when cross building

See CrossTranslatableBuildDeps#A3._Use_restriction_syntax_with_new_namespace

Replace Build-Depends-Indep and Build-Depends-Arch

Instead of moving build dependencies needed to build arch:all or arch:any packages into Build-Depends-Indep and Build-Depends-Arch, respectively, mark them directly in the Build-Depends field using <debbuildopt.archindep> and <debbuildopt.archdep>, respectively.

Map DEB_BUILD_OPTIONS to namespaces

Some DEB_BUILD_OPTIONS like nocheck or noopt could be mapped to <debbuildopt.nocheck> or <debbuildopt.noopt>. This would allow not needing to install certain dependencies if certain DEB_BUILD_OPTIONS are active.

Backports

A backports profile could adjust build dependencies depending on the Debian release for which the backport is done. A backports profile name would thus have to contain the targetted release. With support from debhelper, even the binary versions could automatically adapted to contain the bpo postfix once a build is done with a backport profile active. This would allow to do backports without forking the packaging.

Discussion

Interaction with ReproducibleBuilds

As it stands, build profiles and reproducible builds are inherently incompatible, because at least the Built-For-Profiles field will be added to the generated binary packages. A possible solution to this could be to stop adding those fields, and instead record the active set of build profiles in the *.buildinfo file. This has the inconvenience that the information is not tied to the actual binary package and as such might get lost, and that it's not as easily accessible from the archive Packages indices.

This might also get in the way of possibly setting the build profiles automatically by dpkg-buildpackage on certain DEB_BUILD_OPTION values or other criteria, like when cross-building.

  1. Ideally N (1 2)