calling maintainer scripts with a clean environment?

To: debian-devel@lists.debian.org
Subject: calling maintainer scripts with a clean environment?
From: Evgeni Golov <evgeni@debian.org>
Date: Tue, 2 Sep 2014 21:09:51 +0200
Message-id: <[🔎] 20140902190951.GH27112@dorei.kerker.die-welt.net>

Hi,

after reading #759590, I think it is time to consider calling maintainer 
scripts in a (slightly) cleaned environment.

Short background: there is a bug in eatmydata (#702711) which currently 
breaks gnutls28 using apps in sid (the mentioned #759590).

That wouldn't be too bad (noone runs their production servers with 
eatmydata), if the eatmydata LD_PRELOAD would not leak into running 
services because they are (re)started from maintainer-scripts which get 
the environment from the running apt.

There is an old, wont-fix bug in dpkg about this: #18567, the 
corresponding discussion on -devel [1] agreed, that overriding $PATH is 
an useful argument against just cleaning the whole environment and 
hardcoding $PATH to something general. Yet I think there are vars I'd 
like not to have inside my running services and also not during other 
tasks inside of maintainer-scripts. I think systemd already does this, 
but I'd love a more generic solution for the "problem".

Thoughts, solutions, pitchforks?
Evgeni

[1] https://lists.debian.org/debian-devel/2002/10/msg00941.html

-- 
Bruce Schneier can read and understand Perl programs.

Reply to:

Follow-Ups:
- Re: calling maintainer scripts with a clean environment?
  - From: bob@proulx.com (Bob Proulx)
- Re: calling maintainer scripts with a clean environment?
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: Re: Possible abuse of dpkg-deb -z9 for xz compressed binary packages
Next by Date: Bug#760314: RFH: zoneminder
Previous by thread: Re: Request for help: #757168 gamera: FTBFS on several architectures
Next by thread: Re: calling maintainer scripts with a clean environment?
Index(es):
- Date
- Thread