#1137071 sbuild: UNSHARE_MMDEBSTRAP_EXTRA_ARGS default value wrongly match kali-experimental

Package:
sbuild
Source:
sbuild
Submitter:
Arnaud Rebillout
Date:
2026-06-27 10:21:02 UTC
Severity:
normal
Tags:
#1137071#5
Date:
2026-05-19 05:52:57 UTC
From:
To:
Dear Maintainer,

trying to build a package for Kali Linux, for the kali-experimental
suite, in unshare mode with automatic chroot creation.

Since version 0.91.8, sbuild matches on '-experimental' (before it would
march 'experimental' only), so it matches kali-experimental, and as a
result:

```
I: (?^:^(.*)-(experimental|rc-buggy|backports|backports-sloppy|proposed-updates|updates|unreleased)$) matched kali-experimental -- adding extra arguments: --setup-hook=echo "deb http://deb.debian.org/debian kali-experimental main" > "$1"/etc/apt/sources.list.d/kali-experimental.list
```

So it seems that commit bbbd19427db901faeedb4cafacb93e3d8c3a4950 needs
to be reworked, maybe split the regex in two regexes like it was before?

Thanks,

Arnaud

#1137071#10
Date:
2026-05-25 04:07:23 UTC
From:
To:
Actually bbbd19427db901faeedb4cafacb93e3d8c3a4950 also broke proper
handling of Debian experimental, given that now the regex matches
-experimental.

Easy to see, I try to build a Debian package with `experimental` in the
d/changelog:

```
E: Chroot for distribution experimental, architecture amd64 not found
I: Applied base distribution name mangle rule
s/(?^:^(experimental|rc-buggy|unreleased|UNRELEASED.*)$)/unstable/
turning "experimental" into "unstable"
I: Creating new chroot tarball:
mmdebstrap --variant=buildd --arch=amd64 --skip=output/mknod
--format=tar unstable /home/arno/.cache/sbuild/experimental-amd64.tar
--aptopt=Acquire::HTTP::Proxy "http://localhost:9999";
I: automatically chosen mode: unshare
[...]
```

The name mangle rule matched, however the regex for
UNSHARE_MMDEBSTRAP_EXTRA_ARGS didn't.

Now if I inspect the chroot that was created, I see that there's only
"unstable" in the APT sources:

```
$ cat experimental-amd64/etc/apt/*.list
experimental-amd64/etc/apt/sources.list.d/*
deb http://deb.debian.org/debian unstable main
cat: 'experimental-amd64/etc/apt/sources.list.d/*': No such file or
directory
```

#1137071#15
Date:
2026-06-25 08:58:54 UTC
From:
To:
Hello Arnaud,

I had a quick chat with Jochen on IRC. https://bugs.debian.org/1133265 is
the bug that lead to the problematic change:
https://salsa.debian.org/debian/sbuild/-/merge_requests/231

And it's on your request :-)

Jochen would appreciate a MR to fix the issue if you have time for it.

It looks like the correct fix is to revert the merge of both entries
in DEFAULT for UNSHARE_MMDEBSTRAP_EXTRA_ARGS.

Have one for
qr/^(.*)-(backports|backports-sloppy|proposed-updates|updates|unreleased)$/
and one for
qr/^(experimental|rc-buggy)$/

I wonder whether we should also drop "unreleased" in the first regex.
Because I don't know of any "CODENAME-unreleased" repository that is
available on deb.debian.org (maybe it's available on ports.debian.org?).

Cheers,

#1137071#20
Date:
2026-06-25 10:34:57 UTC
From:
To:
Hello Raphael,

Thanks for the suggestion, I opened a MR at
https://salsa.debian.org/debian/sbuild/-/merge_requests/240

I dropped unreleased from the first regex, in the absence of any
explanation I assume it was a mistake.

Cheers,

Arnaud

#1137071#23
Date:
2026-06-26 04:02:55 UTC
From:
To:
Hello,

Bug #1137071 in sbuild reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/sbuild/-/commit/47d98aa4c627c911e0fbfda92721e02a37006d87
------------------------------------------------------------------------
Fix default value for UNSHARE_MMDEBSTRAP_EXTRA_ARGS

Partially revert commit bbbd194:
- revert the merge of to regex into one, that lead to #1137071
- retain the fix, which was to drop security from the regex

Additionally, (try to) handle the 'unreleased' properly, ie. proper
match (^unreleased$) and proper mirror url (debian-ports).

This suite is documented at https://www.ports.debian.org/archive, and it
seems that it should be present in the build environment, for packages
that target unreleased in their d/changelog. It's also seems to be setup
that way in the build infrastructure, if I'm reading correctly this one:
https://salsa.debian.org/debian-ports-team/dsa-puppet

I tested a build with d/changelog set to experimental, and I can confirm
that it fixes #1137071.

Closes: #1137071
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1137071

#1137071#30
Date:
2026-06-27 10:19:24 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
sbuild, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1137071@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jochen Sprickerhof <jspricke@debian.org> (supplier of updated sbuild package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 27 Jun 2026 12:06:03 +0200
Source: sbuild
Architecture: source
Version: 0.91.10
Distribution: unstable
Urgency: medium
Maintainer: sbuild maintainers <sbuild@packages.debian.org>
Changed-By: Jochen Sprickerhof <jspricke@debian.org>
Closes: 1135581 1137071
Changes:
 sbuild (0.91.10) unstable; urgency=medium
 .
   [ Luca Boccassi ]
   * Install and use sysusers.d/tmpfiles.d config files
 .
   [ Arnaud Rebillout ]
   * Fix default value for UNSHARE_MMDEBSTRAP_EXTRA_ARGS (Closes: #1137071)
 .
   [ Tianyu Chen ]
   * Add ; for examples in sbuild.conf
 .
   [ Benjamin Drung ]
   * Map *-proposed pocket to base suite
   * Mark autopkgtests needing Internet access
   * Support chroot in /usr/bin (LP: #2133900)
 .
   [ Philippe SWARTVAGHER ]
   * Fix running autopkgtest with --extra-package=/dir/
 .
   [ Jochen Sprickerhof ]
   * Add --apt-distclean commandline option (Closes: #1135581)
   * Drop duplicated build dependency
   * Fix some groff warnings
   * Add d/clean
   * Deprecate the buildd package
   * Drop optional priority
   * Drop R³
   * Bump policy version (no changes)
 .
   [ Johannes Schauer Marin Rodrigues ]
   * man/sbuild.1.in: move the unshare backend docs to the top
Checksums-Sha1:
 d7fcffa20dac861bb691e8f12f6cdbc9bfc4dd56 2784 sbuild_0.91.10.dsc
 ea7975656031e2872b7d230076e99f3e2981f93b 265004 sbuild_0.91.10.tar.xz
Checksums-Sha256:
 76d465d831f3ea546675880d6ee0987b1e94362973370f0ed2912a3a7d77791c 2784 sbuild_0.91.10.dsc
 5568f5a87ece0669dfe3910e907ef63f0b75a3d7cab82e904e7ec97761ad8fb4 265004 sbuild_0.91.10.tar.xz
Files:
 8467f5143b9901d52e32bda1eaca1559 2784 devel optional sbuild_0.91.10.dsc
 6f60bf3c7ee4465fd9ce40f6b69d6797 265004 devel optional sbuild_0.91.10.tar.xz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEc7KZy9TurdzAF+h6W//cwljmlDMFAmo/oLQACgkQW//cwljm
lDMGcQ//SpXMX00pxzFkXi4mYgZO3u0308L5e5GTDDTN5RISyabGW8zy6jcKaLXL
39hZMjrg5LvD9wHQtN4cZxVDEbQ8ojawIWeTzXoYL9A5ubJGG3Zfz67/D1PKDq4L
PdGsRcmY5b40mKNwaaRT2xhE8pSt1OZAx1tSbjupJ7M3y3vMIMtxKIGWWR5dENha
Mt1utWUPlY0KqPBOs4kilBQOBqCTUsGcKXPKxiaBWFcZWb92c5QRygv48VbULblS
gL9YMRB8RjE5cbSkaxxK2V9bTGdwmEFRWCJJ8IcIIpZRJ0PD6wj/EAB9v7cQz3ot
bAdE+mLleBLnzwcyaOpwsa+mYzphGgKm5bK3yUboFFPnWpCwXz2mIqowsrMQJqyc
HJGgCHmQ0fD7lkLase+8vUwvkjP4KcxAX2GwMOH54J+R5ZisfXe/bNSbOPYh8P/F
jLh4d3ay5kIy5Oug5SOaT1tv+CnCxP406d0VQKA3/eesFOO1Cvffz/XMbIYAeh2I
wxIujtseUz5a89cBxBfrzfcqHpkcOA/9WTqVFkerNS4gWH+e9ijOFabez4rXU/h5
vQf8nZ5R0hDJ40Da4dq693f1ipcbHWVUxJuY5xMb0N1U/YnJRjReENXF80GnbLPg
9boxmuzkGVhALPiLeCI1pZLkyjuj9Kqe9yFhMeu5O5lWePVyMXI=
=N/rJ
-----END PGP SIGNATURE-----