From dd406dc36649bacf646c51735214b9b21a82b5ae Mon Sep 17 00:00:00 2001
From: Guillem Jover <guillem@debian.org>
Date: Sun, 2 Dec 2018 03:35:49 +0100
Subject: Dpkg::Vendor::Debian: Add support for merged-usr-via-symlinks tainted
 tag

This will detect whether the system we are building on contains the
problematic /usr merged via symlinks deployment method.

Suggested-by: Alexander E. Patrakov <patrakov@gmail.com>
---
 debian/changelog              |  3 +++
 man/deb-buildinfo.man         | 11 +++++++++++
 scripts/Dpkg/Vendor/Debian.pm | 10 ++++++++++
 3 files changed, 24 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 58a306652..a57bd3438 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,6 +25,9 @@ dpkg (1.19.5) UNRELEASED; urgency=medium
     -maxdepth 1. Thanks to Ralf Treinen <treinen@free.fr>. Closes: #922799
   * dpkg-genbuildinfo: Add support for a new Build-Tainted-By field in
     .buildinfo files. Suggested by Alexander E. Patrakov <patrakov@gmail.com>.
+  * Perl modules:
+    - Dpkg::Vendor::Debian: Add support for merged-usr-via-symlinks tainted
+      tag. Suggested by Alexander E. Patrakov <patrakov@gmail.com>.
   * Documentation:
     - start-stop-daemon(1): Document behavior of --pidfile security checks.
       Closes: #921557
diff --git a/man/deb-buildinfo.man b/man/deb-buildinfo.man
index 1a1ddc7d1..fe276bef2 100644
--- a/man/deb-buildinfo.man
+++ b/man/deb-buildinfo.man
@@ -158,6 +158,17 @@ current build has been tainted (since dpkg 1.19.5).
 .IP
 On Debian and derivatives the following reason tags can be emitted:
 .RS
+.TP
+.B merged\-usr\-via\-symlinks
+The system has a merged \fI/usr\fP via symlinks.
+This will confuse \fBdpkg\-query\fP, \fBdpkg\-statoverride\fP,
+\fBdpkg\-trigger\fP, \fBupdate\-alternatives\fP and any other tool using
+pathnames as keys into their databases, as it creates filesystem aliasing
+problems, and messes with the understanding of the filesystem that
+\fBdpkg\fP has recorded in its database.
+For build systems that hardcode pathnames to specific binaries or libraries
+on the resulting artifacts, it can also produce packages that will be
+incompatible with non-/usr-merged filesystems.
 .RE
 .TP
 .BR Installed\-Build\-Depends: " (required)"
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 7b5244042..6948bdc16 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -445,6 +445,16 @@ sub _build_tainted_by {
     my $self = shift;
     my %tainted;
 
+    foreach my $pathname (qw(/bin /sbin /lib /lib32 /libo32 /libx32 /lib64)) {
+        next unless -l $pathname;
+
+        my $linkname = readlink $pathname;
+        if ($linkname eq "usr$pathname") {
+            $tainted{'merged-usr-via-symlinks'} = 1;
+            last;
+        }
+    }
+
     my @tainted = sort keys %tainted;
     return @tainted;
 }
-- 
cgit v1.2.3