Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• Teams/Dpkg/RootlessBuilds

Rootless Builds

Rootless builds are package builds that require no root privileges (be those real or through a layer like fakeroot). These are problematic because they require either elevated privileges, or LD_PRELOAD hacks that are hard to maintain and incur performance penalties. Newer dpkg and debhelper versions support performing builds with no root privileges. This is explained in more detail in the rootless-builds.txt file contained in the dpkg-dev package.

Historically dpkg-buildpackage defaulted to build packages using root privileges (by default via fakeroot), but after a long transition during the span of years, the default was changed to do rootless builds.

For most packages using a helper like debhelper, rootless builds should work transparently. In some rare cases the build could either fail or generate unexpected artifacts. The former is typically due to trying to perform privileged operations such as chown root:adm filename (either in the packaging or in the upstream build system), the latter might be due to ignoring error codes from these privileged operations, or in case the packaging was already making incorrect assumptions and expected to be called twice with build then binary targets. For third party packages that build packages directly with dpkg-deb, they should now get a warning and a hint to use --root-owner-group, which should work as long as the package only needs root:root ownership of files.

If trying to make the packaging support rootless builds is currently too much effort or not possible right now (because it requires non-root:root ownership), the previous behavior can be requested by adding an explicit Rules-Requires-Root: binary-targets field into the source stanza in debian/control. Alternatively packages can be built using the dpkg-buildpackage option --rules-requires-root option.

• See dpkg-build-api(7).

CategoryPermalink