Package: pbuilder Version: 0.230.1 Severity: normal pbuilder currently creates a merged- or non-merged-/usr chroot according to debootstrap's defaults. This can result in packages being built in a way that means they will only work on merged-/usr systems (for example hard-coding paths like /usr/bin/sh or /bin/apt). I think that's a bug in those packages, but as a pragmatic mitigation for that class of bug, I think build tools like pbuilder should use an unmerged-/usr chroot for the build. I've already had patches accepted into sbuild-createchroot[1] (#913228) and the Debian sysadmin team's setup-dchroot script[2] (#913229) to make them use debootstrap --no-merged-usr; please do something similar in pbuilder.
[1] https://salsa.debian.org/debian/sbuild/commit/8d01b33d6010a5480a5d7340078df1b5f83e78fb [2] https://salsa.debian.org/dsa-team/mirror/dsa-puppet/commit/b54f52d2899c5785923c804fdfbba0782c147da4 pbuilder currently creates a default debootstrap and then installs build-essential into it afterwards. Given its purpose, it might be better to use debootstrap --variant=buildd, which is what sbuild-createchroot and the official buildds use? The difference is that --variant=buildd includes apt and build-essential, but does not include Priority: important packages like adduser, iptables, kmod and logrotate (which I don't think a minimal pbuilder root should really have anyway). The reason I mention --variant=buildd on this bug report is that I've also had a patch[3] accepted for the next debootstrap release that changes the defaults so that --variant=buildd defaults to unmerged /usr, even in suites like stretch that would normally default to merged /usr. However, pbuilder won't benefit from this if it doesn't use --variant=buildd. [3] https://salsa.debian.org/installer-team/debootstrap/commit/01aeb652c71c83848eed896e486aebb0db4a6ffe smcv
