[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#671726: apt: should be able to provide hook information through a named pipe

Package: apt
Version: 0.8.15.10
Severity: wishlist

Dear APT deity team,
I am one of the co-maintainers of the apt-listbugs package.

Currently, apt-listbugs is automatically invoked by apt-get and aptitude
(and other compatible package managers) thanks to the following
Pre-Install-Pkgs hook:

  $ cat /etc/apt/apt.conf.d/10apt-listbugs 
  // Check all packages whether they has critical bugs before they are installed.
  // If you don't like it, comment it out.
  DPkg::Pre-Install-Pkgs {"/usr/sbin/apt-listbugs apt || exit 10";};
  DPkg::Tools::Options::/usr/sbin/apt-listbugs "";
  DPkg::Tools::Options::/usr/sbin/apt-listbugs::Version "2";
  // AptListbugs::IgnoreRegexp "FTBFS";

apt-listbugs reads the input provided by apt(itude) through
the Pre-Install-Pkgs hook info protocol version 2; this input is
provided to apt-listbugs on its stdin, as through a pipe.

This has recently become problematic, due to a security fix in package
login, version 1:4.1.5-1 .
See bug #662983 for more details on this issue.
I have implemented a temporary work around for bug #662983,
but it's rather unsatisfactory, frankly speaking...

In order to implement a more radical fix for this issue,
I would need a new feature in apt(itude): the hook protocol version 2
information should be sent through a dedicated named pipe, rather
than to the stdin of the invoked command.

This named pipe should be created in a safe way (as done by mktemp,
for instance), fed with the hook information which will be read by
the command invoked by the hook, and then (after the command exited),
destroyed properly. It would be ideal, if the name of the FIFO were
made available on the commandline as a variable $HOOKPIPE .
This behavior should be enabled by an appropriate option.

That way, I could modify apt-listbugs so that it could read the hook
information from a file the name of which would be passed as a commandline
argument:

  $ cat /etc/apt/apt.conf.d/10apt-listbugs 
  // Check all packages whether they has critical bugs before they are installed.
  // If you don't like it, comment it out.
  DPkg::Pre-Install-Pkgs {"/usr/sbin/apt-listbugs apt $HOOKPIPE || exit 10";};
  DPkg::Tools::Options::/usr/sbin/apt-listbugs "";
  DPkg::Tools::Options::/usr/sbin/apt-listbugs::Version "2";
  DPkg::Tools::Options::/usr/sbin/apt-listbugs::Hookpipe "yes";
  // AptListbugs::IgnoreRegexp "FTBFS";


I hope this may be implemented soon.
Thanks for your time and for maintaining one of the most crucial packages
in Debian!



-- Package-specific info:

-- (/etc/apt/preferences present, but not submitted) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (800, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages apt depends on:
ii  debian-archive-keyring  2010.08.28
ii  gnupg                   1.4.12-4
ii  libc6                   2.13-32
ii  libgcc1                 1:4.7.0-3
ii  libstdc++6              4.7.0-3
ii  zlib1g                  1:1.2.6.dfsg-2

apt recommends no packages.

Versions of packages apt suggests:
ii  apt-doc     <none>
ii  aptitude    0.6.6-1
ii  bzip2       1.0.6-1
ii  dpkg-dev    1.16.2
ii  lzma        9.22-2
ii  python-apt  0.8.3+nmu1

-- no debconf information
Reply to: