Package: libdvd-pkg Version: 1.4.0-1-2 Severity: normal Tags: patch Dear Maintainer,
After installing libdvd-pkg without the recommended libcap2-bin package also installed, dpkg-reconfigure libdvd-pkg failed as follows: libvd-pkg: Checking orig.tar integrity... /usr/src/libdvd-pkg/libdvdcss_1.4.0.orig.tar.bz2: OK libdvd-pkg: Unpacking and configuring... libdvd-pkg: Building the package... (it may take a while) libdvd-pkg: Build log will be saved to /usr/src/libdvd-pkg/libdvdcss2_1.4.0-1~local_amd64.build dpkg-buildpackage: error: unknown option or argument >/usr/src/libdvd-pkg/libdvdcss2_1.4.0-1~local_amd64.build Use --help for program usage information. Tracked this down to the following lines inside /usr/lib/libdvd-pkg/b-i_libdvdcss.sh: BUILDCMD="dpkg-buildpackage -b -uc >${BUILDLOG} 2>&1" CAPSH=$(which capsh) \ && ${CAPSH} --secbits=0x14 --drop=cap_dac_read_search,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog-ep --print \ -- -c "${BUILDCMD}" \ || ${BUILDCMD} The issue is that when CAPSH doesn't get defined because $(which capsh) fails, the fallback is for ${BUILDCMD} to be expanded as a command. But redirects are processed before parameter expansions, so the redirects inside BUILDCMD end up passed to dpkg-buildpackage as arguments instead of doing what they're supposed to. Replacing the CAPSH= command line with the following fixes the issue: CAPSH="$(which capsh) --secbits=0x14 --drop=cap_dac_read_search,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog-ep --print --" || CAPSH=/bin/bash ${CAPSH} -c "${BUILDCMD}" That way, BUILDCMD always gets passed to /bin/bash as a complete command line so its embedded redirects will work whether capsh exists or not. Having CAPSH fall back to /bin/sh also works, but the docs for capsh explicitly specify /bin/bash as the shell its -- option invokes, so using it for the fallback seems like the Right Thing. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libdvd-pkg depends on: pn build-essential <none> ii debconf [debconf-2.0] 1.5.60 pn debhelper <none> pn dh-autoreconf <none> ii wget 1.18-5 Versions of packages libdvd-pkg recommends: ii libcap2-bin 1:2.25-1 libdvd-pkg suggests no packages. -- debconf information: libdvd-pkg/upgrade: * libdvd-pkg/build: true * libdvd-pkg/post-invoke_hook-remove: false * libdvd-pkg/post-invoke_hook-install: true libdvd-pkg/title_b-i: libdvd-pkg/title_u: * libdvd-pkg/first-install: _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers