Dear наб,

Thank you for reporting this problem. There is technically no problem with running LedgerSMB under root. Nor is there technically any reason to prohibit running the tests under root. However, running LedgerSMB (or any other server process) under root *is* a security risk.

As such, it's strongly recommended *not* to run LedgerSMB as root and *not* to run the test suite under root.

This is the error you're seeing.

I kindly disagree the package fails to build from source: it fails to run its tests under root, but if you run the tests under *any* other user, the tests will succeed. The failure to run under root also is not a technical one, but a deliberate choice or policy if you will.

Regards,

Erik.

On Thu, Sep 26, 2024 at 5:45 PM наб nabijaczleweli@nabijaczleweli.xyz wrote:

Source: ledgersmb Version: 1.6.33+ds-2.2 Severity: serious Tags: ftbfs Justification: fails to build from source

Dear Maintainer,

During a ratt run for src:ossp-uuid I got 2024/09/26 17:23:23 Building package 71 of 123: ledgersmb 2024/09/26 17:26:55 building ledgersmb failed: exit status 2

Full log attached, but the interesting bit is make[1]: Leaving directory '/<<PKGBUILDDIR>>' dh_auto_test make -j24 test make[1]: Entering directory '/<<PKGBUILDDIR>>' make[1]: git: No such file or directory /bin/sh: 1: lsb_release: not found prove t/

# Failed test 'use LedgerSMB::PSGI;' # at t/01-load.t line 231. # Tried to use 'LedgerSMB::PSGI'. # Error: Running a Web Service as root is a security problem. # If you are starting LedgerSMB as a system service, # please make sure that you drop privileges as per README.md # and the example files in conf/. # The method of passing a --user argument to starman cannot # be used as starman drops privileges too late, starting us as root. at /<<PKGBUILDDIR>>/lib/LedgerSMB/PSGI.pm line 42. # Compilation failed in require at t/01-load.t line 231. # BEGIN failed--compilation aborted at t/01-load.t line 231. # Looks like you failed 1 test of 209. t/01-load.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/209 subtests (less 5 skipped subtests: 203 okay) Name "Config::IniFiles::ledgersmb.conf" used only once: possible typo at /usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm line 60. t/02-number-handling.t .......... ok

Per my reading of the policy, each d/rules target may be run as root?

Best,

-- System Information: Debian Release: 12.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386

Kernel: Linux 6.1.0-12-amd64 (SMP w/24 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled _______________________________________________ devel mailing list -- devel@lists.ledgersmb.org To unsubscribe send an email to devel-leave@lists.ledgersmb.org

Processing control commands:

severity -1 wishlist

Bug #1082804 [src:ledgersmb] ledgersmb: FTBFS (test failure) if building as root Severity set to 'wishlist' from 'serious'