Re: calling maintainer scripts with a clean environment?

To: debian-devel@lists.debian.org
Subject: Re: calling maintainer scripts with a clean environment?
From: Evgeni Golov <evgeni@debian.org>
Date: Wed, 03 Sep 2014 17:17:45 +0200
Message-id: <[🔎] 54073119.9020805@debian.org>
In-reply-to: <[🔎] 20140902144014494929807.NoCcsPlease@bob.proulx.com>
References: <[🔎] 20140902190951.GH27112@dorei.kerker.die-welt.net> <[🔎] 20140902144014494929807.NoCcsPlease@bob.proulx.com>

Hi,

On 09/02/2014 11:06 PM, Bob Proulx wrote:
> Evgeni Golov wrote:
>> after reading #759590, I think it is time to consider calling maintainer 
>> scripts in a (slightly) cleaned environment.
> 
> Since I submitted Bug#759590 (however not the apt interaction aspect
> of it) let me say that I consider the ability of inheriting the
> environment for PATH and LD_PRELOAD to be a feature.  I would find it
> a tragedy if the bug under discussion caused this feature to be
> removed.

I can understand PATH, and I can understand LANG/LC_* at some degree.
But what would you need LD_PRELOAD in the maint-scripts?

> There is a long chain of unintended consequences in this problem that
> created a need for eatmydata.  I fear mentioning the chain because it
> will reopen old wounds.  So I won't.

For me it's either speeding up dpkg or an (throw-away) build.
My actual fear is not eatmydata, this will be fixed soon.
My fear is when you debug stuff, have some unclean environment, and then
decide to run apt, and some service gets restarted and suddenly runs
with OPENSSL_DEBUG=1 or somesuch... Or a DB server gets started with
eatmydata preloaded...

> But I vote not to continue the chain of unintended consequences by
> further modifying apt or dpkg.  The logical progression would be that
> dpkg would get an environment file where these settings would be set
> in order to accomplish the same result.  Because there is a need for
> the capability.  If it ends up being prevented one way then it will
> need to be enabled in another way.  In the end nothing would change
> except that it would be more painful, more rigid, more fragile.

And more "you explicitly said you want to shoot yourself in the foot".
(I'd totaly like a whitelist, like sudo's env_keep is).

> Therefore I think if an admin sets up a custom environment that this
> environment should be used.  Or at least not actively prevented from
> being used.

Unless he is using it by accident, which is what I fear of.

Greets and thanks for the feedback
Evgeni

Reply to:

References:
- calling maintainer scripts with a clean environment?
  - From: Evgeni Golov <evgeni@debian.org>
- Re: calling maintainer scripts with a clean environment?
  - From: bob@proulx.com (Bob Proulx)

Prev by Date: Re: Jessie without systemd as PID 1?
Next by Date: Re: Jessie without systemd as PID 1?
Previous by thread: Re: calling maintainer scripts with a clean environment?
Next by thread: Re: calling maintainer scripts with a clean environment?
Index(es):
- Date
- Thread