RFE: support isolation between %prep/%build/%install/%check

[pmatilai]

Ideally, the build scriptlet playgrounds would be isolated from each other:

• %prep unpacks the source, and %build takes place in a separate directory against a read-only source. Obviously not all software can be built outside the source tree, but this would be a nice addon to vpath builds (RFE: native support for vpath builds  #2985)
• %install wipes buildroot on start, so %build cannot accidentally install stuff. But ideally %install should run with a read-only build directory - install should install, not build. This would've caught %build -a and %install -a overwrite build/installation instructions from %buildsystem_*_* #3024.
• %check should run with read-only buildroot to prevent tests from affecting packaged content. It probably does need writable build-dir because those tests do need to write someplace.

Except maybe for %check, all of these need to be overridable because different buildsystems work in different ways, and there are imperfections like bugs in the software we package.

[keszybz]

%install should run with a read-only build directory

I don't think this is going to work. E.g. autotoolz-based systems (something in the autotools, automake, libconf stack) do final preparation steps in the install target. I think this is inelegant, but not really "wrong". Old meson versions had a buglet in the i18n module where the po file would be generated not during build but during installation. But more widely, tools write installation logs into the build directory. Meson does, I think various Python tools do (pip?), etc. Anything that gives an "uninstall" command needs to put the information somewhere.

%check should run with read-only buildroot to prevent tests from affecting packaged content.

People were asking about this a lot in #3010. My motivation for this: build hygiene and reproducibility. The %check section is optional and can be skipped with --nocheck or --without tests. The result of a build that skipped checks should be identical, which would break if anything in %check touches %{buildroot}. If %{buildroot} is made readonly, we know that we can skip checks safely and save time. For example, when doing build reproducibility checks, I'd skip tests, because we're not interested in their result at all, but we can do that safely only if we are sure that they don't influence package contents.

It probably does need writable build-dir because those tests do need to write someplace

And same with install: I have seen various sources generate stuff needed for tests in check targets, not build. In summary, I think that in practice all phases must be given write access to the build directory.

[pmatilai]

Yup. Note "ideally" in there - this is stuff to explore with, and indeed for packaging hygiene reasons rather than any "security" thing.

Hmm, seems I omitted a paragraph from the description I wrote in my head, I'll update that a bit...