Re: environment for maintainer scripts

To: Brian Murray <brian@ubuntu.com>
Cc: debian-dpkg@lists.debian.org, debian-policy@lists.debian.org
Subject: Re: environment for maintainer scripts
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 5 Dec 2017 17:33:08 +0000
Message-id: <[🔎] 23078.55380.318381.933092@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20171205160328.GA3109@murraytwins.com>
References: <[🔎] 20171205160328.GA3109@murraytwins.com>

Brian Murray writes ("environment for maintainer scripts"):
> In Ubuntu we have recently had reports[1] where users were unable to
> upgrade python packages because they had installed a version of
> python in /usr/local/bin which did not provide the expected
> functions. While we worked around this by using the complete path to
> python in its postinst scripts this is not an ideal solution because
> this issue certainly does not just affect python. Additionally, the
> python maintainer in Ubuntu is concerned that this workaround is a
> violation of the Debian Policy[2] regarding maintainer scripts -
> "Programs called from maintainer scripts should not normally have a
> path prepended to them".

That workaround is indeed such a violation (if you consider Debian
Policy to be applicable to Ubuntu).

IMO the correct workaround is to automatically close bug reports of
this form with a polite message indicating that the user is in error.

> This issue of having a clean environment for maintainer scripts was
> previously raised[3] in 2002 and on debian-devel mailing list[4], at
> that time there was an argument that "the system adminstrator may
> prefer using a 3rd party version of adduser".

And I am such an administrator.

> While that is true I
> think the technical savvy of users of dpkg has changed since then
> and peferring a 3rd party version of a utility is now the less
> likely case. Subsequently, we could prevent users a lot of pain by
> providing a clean environment for maintainer scripts.
> 
> Would it be possible to remove /usr/local/bin from $PATH when package
> operations are being performed by dpkg?

I think this proposal should be discussed in (or in conjunction with)
debian-policy (CC'd).  Personally I think such a change to set a fixed
the environment could be beneficial but we need to think carefully
about the right layer to do it.

Perhaps it should be done by apt, or a GUI package manager, rather
than dpkg.  And there has to be a way to disable it.

Thanks,
Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to:

References:
- environment for maintainer scripts
  - From: Brian Murray <brian@ubuntu.com>

Prev by Date: environment for maintainer scripts
Next by Date: Re: environment for maintainer scripts
Previous by thread: environment for maintainer scripts
Next by thread: Re: environment for maintainer scripts
Index(es):
- Date
- Thread