[Bug 48878] New: Debian packaging: set cap_net_raw to allow sendings pings, do out-of-tree builds
https://bugs.winehq.org/show_bug.cgi?id=48878 Bug ID: 48878 Summary: Debian packaging: set cap_net_raw to allow sendings pings, do out-of-tree builds Product: Packaging Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: wine-packages Assignee: wine-bugs(a)winehq.org Reporter: luca.boccassi(a)gmail.com CC: dimesio(a)earthlink.net, michael(a)fds-team.de, sebastian(a)fds-team.de Distribution: --- Hi, I am attaching two patches for the Debian packaging that is published on OBS at https://build.opensuse.org/package/show/Emulators:Wine:Debian/wine-staging The first one adds postints and a dependency on libcap-bin, so that wineserver, wine-loader and wine64-loader can get cap_net_raw added on installation. Some games need to be able to send ICMP packets for anti-cheat reasons - see https://appdb.winehq.org/objectManager.php?sClass=version&iId=31145 Adding cap_net_raw means they don't need to be ran as root to do that, which is obviously bad. The second patch improves debian/rules so that it does out-of-tree automake builds in debian/build-$ARCH. This is the first step to allow multi-arch builds to work more smoothly. I had sent this as a PR on OBS but I was told to open a bug instead: https://build.opensuse.org/request/show/789262 I cannot find a git repository to create patches against, so I've done that manually. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Luca Boccassi <luca.boccassi(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Distribution|--- |Debian -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Luca Boccassi <luca.boccassi(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |luca.boccassi(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #1 from Luca Boccassi <luca.boccassi(a)gmail.com> --- Created attachment 66815 --> https://bugs.winehq.org/attachment.cgi?id=66815 Patch to add postinst to set cap_net_raw on installation -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #2 from Luca Boccassi <luca.boccassi(a)gmail.com> --- Created attachment 66816 --> https://bugs.winehq.org/attachment.cgi?id=66816 Patch to build out of tree -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #3 from Luca Boccassi <luca.boccassi(a)gmail.com> --- Created attachment 66821 --> https://bugs.winehq.org/attachment.cgi?id=66821 Patch to remove gcc from build-dep (already default) and set perl and prelink to :any The prelink:any change requires a fix for the following bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955742 which I will upload to Debian shortly. I have pre-built it on OBS: https://build.opensuse.org/package/show/home:bluca:branches:Emulators:Wine:D... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #4 from Luca Boccassi <luca.boccassi(a)gmail.com> --- Created attachment 66822 --> https://bugs.winehq.org/attachment.cgi?id=66822 Patch to use DEB_HOST_ARCH instead of DEB_BUILD_ARCH DEB_BUILD_ARCH references the architecture of the machine where the build is happening, not the architecture the packages are being built for. This allows dpkg-buildpackage -ai386 to run (it still requires a solution for wine-tools to complete successfully in a self-contained manner). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Luca Boccassi <luca.boccassi(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #66816|0 |1 is obsolete| | Attachment #66821|0 |1 is obsolete| | Attachment #66822|0 |1 is obsolete| | --- Comment #5 from Luca Boccassi <luca.boccassi(a)gmail.com> --- Created attachment 66826 --> https://bugs.winehq.org/attachment.cgi?id=66826 Patch to fully enable multi-arch cross build of i386 from amd64 This patch refactores the autoconf flags settings in rules, removes the explicit dependency on gcc (it's part of build-essential), moves all manpages to wine-staging (tools are not build on cross-build so dh_install fails), uses ln -sf (to allow building with -nc). With these patches, a rebuilt prelink and execstack with Multi-Arch: allowed, I can successfully build amd64 and i386 packages from the same source directory with the following one-time steps: dpkg --add-architecture i386 apt update apt build-dep . apt buil-dep -ai386 . dpkg-buildpckage dpkg-buildpackage -ai386 Building amd64 first is necessary to get winetools built. It's possible to make the i386 build on amd64 completely self contained by building only the tools directory first. If I have time I'll send another patch to do that. But usually one wants both amd64 and i386 packages, so this is good enough for me right now. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Luca Boccassi <luca.boccassi(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Debian packaging: set |Debian packaging: set |cap_net_raw to allow |cap_net_raw to allow |sendings pings, do |sendings pings, do |out-of-tree builds |out-of-tree builds and | |enable multi-arch builds | |from same machine -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Rosanne DiMesio <dimesio(a)earthlink.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |leslie_alistair(a)hotmail.com | |, z.figura12(a)gmail.com --- Comment #6 from Rosanne DiMesio <dimesio(a)earthlink.net> --- (In reply to Luca Boccassi from comment #0)
The first one adds postints and a dependency on libcap-bin, so that wineserver, wine-loader and wine64-loader can get cap_net_raw added on installation.
I've asked the wine-staging maintainers to weigh in on that.
The second patch improves debian/rules so that it does out-of-tree automake builds in debian/build-$ARCH. This is the first step to allow multi-arch builds to work more smoothly.
"More smoothly" is rather vague; exactly what problem with the WineHQ packages does this solve? i586 and x86_64 builds are done separately on the OBS, and I've seen no evidence this causes a problem for users of our packages. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #7 from Luca Boccassi <luca.boccassi(a)gmail.com> --- (In reply to Rosanne DiMesio from comment #6)
(In reply to Luca Boccassi from comment #0)
The first one adds postints and a dependency on libcap-bin, so that wineserver, wine-loader and wine64-loader can get cap_net_raw added on installation.
I've asked the wine-staging maintainers to weigh in on that.
Thanks - note that this applies to all 3 flavours, not just -staging. I just don't know where the "true source" lives, so I don't have a base to generate patches from. I've picked staging because it's what I use. Is there a repository?
The second patch improves debian/rules so that it does out-of-tree automake builds in debian/build-$ARCH. This is the first step to allow multi-arch builds to work more smoothly.
"More smoothly" is rather vague; exactly what problem with the WineHQ packages does this solve? i586 and x86_64 builds are done separately on the OBS, and I've seen no evidence this causes a problem for users of our packages.
A user/developer can do apt source -b winehq-<foo> and, without having to use any i386-specific host/chroot of any form, can build both sets of packages. I've used this extensively while bisecting issues, for example. By building and installing the packages I can be 100% sure that there's no differences due to prefixes, and that everything that is installed is then tracked and removed by dpkg. No leftovers lying around. Note that it's no longer just more smoothly, but it now fully works with the second patch. Also it's about quality: using DEB_BUILD_ARCH to do checks for the target architecture is just wrong - this is because of the very confusing GNU nomenclature of course, but it's still good to fix. Using ln without -f is also not great - it makes incremental builds not possible. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Luca Boccassi <luca.boccassi(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #66826|0 |1 is obsolete| | --- Comment #8 from Luca Boccassi <luca.boccassi(a)gmail.com> --- Created attachment 66829 --> https://bugs.winehq.org/attachment.cgi?id=66829 Patch to fully enable multi-arch cross build of i386 from amd64 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #9 from Zebediah Figura <z.figura12(a)gmail.com> --- In theory, I think this affects everything except staging—since staging falls back to spawning ping(8)—but I don't know the details. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #10 from Luca Boccassi <luca.boccassi(a)gmail.com> --- (In reply to Zebediah Figura from comment #9)
In theory, I think this affects everything except staging—since staging falls back to spawning ping(8)—but I don't know the details.
I use staging, and I constantly have problems in BF4 when I forget to add cap_net_raw to the wine binaries. Servers can't see my latency, so I get kicked out until I add cap_net_raw and restart. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #11 from Zebediah Figura <z.figura12(a)gmail.com> --- Not commenting on other changes, but: (In reply to Luca Boccassi from comment #8)
+# gcc 10 uses -fno-common +export DEB_CFLAGS_MAINT_APPEND+=-fcommon
We shouldn't need this, not after ea032bb7f8.
+CONFLAGS=--prefix=/opt/wine-staging \
Is this a typo? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #12 from Luca Boccassi <luca.boccassi(a)gmail.com> --- (In reply to Zebediah Figura from comment #11)
Not commenting on other changes, but:
(In reply to Luca Boccassi from comment #8)
+# gcc 10 uses -fno-common +export DEB_CFLAGS_MAINT_APPEND+=-fcommon
We shouldn't need this, not after ea032bb7f8.
Ok thanks, can be dropped then.
+CONFLAGS=--prefix=/opt/wine-staging \
Is this a typo?
You mean CONFLAGS vs CONFFLAGS? Sure probably a typo - doesn't really matter as long as it's consistent -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Luca Boccassi <luca.boccassi(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #66829|0 |1 is obsolete| | --- Comment #13 from Luca Boccassi <luca.boccassi(a)gmail.com> --- Created attachment 66832 --> https://bugs.winehq.org/attachment.cgi?id=66832 Patch to fully enable multi-arch cross build of i386 from amd64 (In reply to Luca Boccassi from comment #12)
(In reply to Zebediah Figura from comment #11)
Not commenting on other changes, but:
(In reply to Luca Boccassi from comment #8)
+# gcc 10 uses -fno-common +export DEB_CFLAGS_MAINT_APPEND+=-fcommon
We shouldn't need this, not after ea032bb7f8.
Ok thanks, can be dropped then.
+CONFLAGS=--prefix=/opt/wine-staging \
Is this a typo?
You mean CONFLAGS vs CONFFLAGS? Sure probably a typo - doesn't really matter as long as it's consistent
Fixed both. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #14 from Rosanne DiMesio <dimesio(a)earthlink.net> --- Luca, You opened this bug for two unrelated issues, and the basic rule in bugzilla is one problem per bug. Most of the comments here have been about multi-arch cross builds, so I'm going to ask to you open a separate bug for the cap_net_raw issue and attach only the patches for that there. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #15 from Luca Boccassi <luca.boccassi(a)gmail.com> --- (In reply to Rosanne DiMesio from comment #14)
Luca,
You opened this bug for two unrelated issues, and the basic rule in bugzilla is one problem per bug. Most of the comments here have been about multi-arch cross builds, so I'm going to ask to you open a separate bug for the cap_net_raw issue and attach only the patches for that there.
Sure no problem, done: https://bugs.winehq.org/show_bug.cgi?id=48889 -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 Luca Boccassi <luca.boccassi(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Debian packaging: set |Debian packaging: do |cap_net_raw to allow |out-of-tree builds and |sendings pings, do |enable multi-arch builds |out-of-tree builds and |from same machine |enable multi-arch builds | |from same machine | -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=48878 --- Comment #16 from Luca Boccassi <luca.boccassi(a)gmail.com> --- (In reply to Luca Boccassi from comment #5)
With these patches, a rebuilt prelink and execstack with Multi-Arch: allowed, I can successfully build amd64 and i386 packages from the same source directory with the following one-time steps:
The fixed version of prelink is now in Debian unstable: https://tracker.debian.org/pkg/prelink -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
WineHQ Bugzilla