Bug#640263: debian-policy: Clarify policy section 9.9 - Environment variables

To: Jonathan Nieder <jrnieder@gmail.com>
Cc: 640263@bugs.debian.org, Colin Watson <cjwatson@debian.org>, Carl Fürstenberg <azatoth@gmail.com>
Subject: Bug#640263: debian-policy: Clarify policy section 9.9 - Environment variables
From: Russ Allbery <rra@debian.org>
Date: Sat, 24 Dec 2011 10:15:42 -0800
Message-id: <[🔎] 87obux4z01.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 640263@bugs.debian.org
In-reply-to: <20110915210951.GA31820@elie> (Jonathan Nieder's message of "Thu, 15 Sep 2011 16:09:51 -0500")
References: <20110903172416.3842.93725.reportbug@azaboxen.carl> <20110903180842.GB24034@elie> <20110903232012.GA12370@riva.dynamic.greenend.org.uk> <20110915210951.GA31820@elie>

Jonathan Nieder <jrnieder@gmail.com> writes:
> Colin Watson wrote:

>> --- a/policy.sgml
>> +++ b/policy.sgml
>> @@ -7449,8 +7449,8 @@ Reloading <var>description</var> configuration...done.
>>  	<heading>Environment variables</heading>
>>  
>>  	<p>
>> -	  A program must not depend on environment variables to get
>> -	  reasonable defaults.  (That's because these environment
>> +	  A program must not depend on its own custom environment variables
>> +	  to get reasonable defaults.  (That's because these environment
>>  	  variables would have to be set in a system-wide
>>  	  configuration file like <file>/etc/profile</file>, which is not
>>  	  supported by all shells.)

> Thanks!  With s/environment variables/environment variable settings/ to
> make it clearer that this includes cases like
> PATH=/opt/myprog/bin:$PATH, sounds good to me, for what its worth.

[...]

> Maybe dropping "its own" would take care of it.  That would make:

> 	A program must not depend on custom environment variable settings
> 	to get reasonable defaults.  (That's because ...

Looking at this section, there are several issues.  One is the issue
addressed above, and I like Jonathan's wording for that.  Another is the
one Colin mentioned earlier: this only applies to programs installed in
the system path.  (I considered saying programs intended to be directly
invoked by users, but I can imagine pointless arguments about /usr/sbin
programs, so let's just go with that.)  A third issue is that parts of
that section are now out of date, since /etc/profile.d exists (but still
shouldn't be used for this purpose).

I propose the attached patch to address all of those issues.  Seconds or
further discussion?

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

>From a99c511daaa8fa165af8a64cc4dc4618258aad24 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra@debian.org>
Date: Sat, 24 Dec 2011 10:10:56 -0800
Subject: [PATCH] Improve environment variable restrictions for programs

The restrictions on not using environment variables refers to custom
environment variables (not, say, PATH), and only applies to programs
installed on the system PATH.

Also update the wording to reflect that /etc/profile.d is now
available, but still cannot be used for this purpose.  Remove the
paragraph explaining that /etc/profile is a base-files configuration
file, since /etc/profile.d solves that problem and it's not the point.
---
 policy.sgml |   24 ++++++++++--------------
 1 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/policy.sgml b/policy.sgml
index 4aeae36..39378f9 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -7450,11 +7450,14 @@ Reloading <var>description</var> configuration...done.
 	<heading>Environment variables</heading>
 
 	<p>
-	  A program must not depend on environment variables to get
-	  reasonable defaults.  (That's because these environment
-	  variables would have to be set in a system-wide
-	  configuration file like <file>/etc/profile</file>, which is not
-	  supported by all shells.)
+	  Programs installed on the system PATH
+	  (<file>/bin</file>, <file>/usr/bin</file>, <file>/sbin</file>,
+	  <file>/usr/sbin</file>, or similar directories) must not depend
+	  on custom environment variable settings to get reasonable
+	  defaults.  This is because such environment variables would have
+	  to be set in a system-wide configuration file such as a file
+	  in <file>/etc/profile.d</file>, which is not supported by all
+	  shells.
 	</p>
 
 	<p>
@@ -7464,8 +7467,8 @@ Reloading <var>description</var> configuration...done.
 	  variables are not present. If this cannot be done easily
 	  (e.g., if the source code of a non-free program is not
 	  available), the program must be replaced by a small
-	  "wrapper" shell script which sets the environment variables
-	  if they are not already defined, and calls the original program.
+	  "wrapper" shell script that sets the environment variables
+	  if they are not already defined and calls the original program.
 	</p>
 
 	<p>
@@ -7478,13 +7481,6 @@ export BAR
 exec /usr/lib/foo/foo "$@"
 	  </example>
 	</p>
-
-	<p>
-	  Furthermore, as <file>/etc/profile</file> is a configuration
-	  file of the <prgn>base-files</prgn> package, other packages must
-	  not put any environment variables or other commands into that
-	  file.
-	</p>
       </sect>
 
       <sect id="doc-base">
-- 
1.7.7.3

Reply to:

Follow-Ups:
- Bug#640263: debian-policy: Clarify policy section 9.9 - Environment variables
  - From: Jonathan Nieder <jrnieder@gmail.com>

Prev by Date: Processed: user debian-policy@packages.debian.org, limit package to debian-policy, tagging 617315 ...
Next by Date: Processed: user debian-policy@packages.debian.org, limit package to debian-policy, tagging 640263 ...
Previous by thread: Processed: user debian-policy@packages.debian.org, limit package to debian-policy, tagging 617315 ...
Next by thread: Bug#640263: debian-policy: Clarify policy section 9.9 - Environment variables
Index(es):
- Date
- Thread