Debian Bug report logs - #18567
dpkg: clean environment (PATH, etc) for maintainer scripts

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: vojta@math.berkeley.edu (Paul Vojta)

To: submit@bugs.debian.org

Subject: dpkg doesn't set PATH for running scripts

Date: Tue, 24 Feb 1998 12:32:10 -0800 (PST)

Package: dpkg
Version: 1.4.0.19

The dpkg program does not set the PATH variable before running installation
scripts.

The way it affected me is as follows:

I installed version 0.9 beta of teTeX from its source (not the Debian package),
and put its binary directory early in my search path.  A little while later
I tried to install sharutils:

	dpkg --install sharutils-*.deb

It could not install, because the install script for sharutils invoked
install-info, and got the teTeX version of this command instead of the
system version.

IMHO, failure to initialize the environment correctly is a bug waiting
to happen, whether from my situation or from any number of other causes.

Sincerely,


Paul Vojta
vojta@math.berkeley.edu

Message #10 received at 18567@bugs.debian.org (full text, mbox, reply):

From: Thomas Hood <jdthood@yahoo.co.uk>

To: 18567@bugs.debian.org, 18567-submitter@bugs.debian.org

Subject: 18567 -- bug or feature?

Date: 09 Oct 2002 10:25:02 +0200

Being able to set the PATH for dpkg might be considered
a feature, not a bug.

--
Thomas Hood

Message #18 received at 18567@bugs.debian.org (full text, mbox, reply):

From: Paul Vojta <vojta@Math.Berkeley.EDU>

To: 18567-quiet@bugs.debian.org, 18567@bugs.debian.org, jdthood@yahoo.co.uk

Subject: Re: Bug#18567: 18567 -- bug or feature?

Date: Wed, 9 Oct 2002 11:17:42 -0700 (PDT)

> Being able to set the PATH for dpkg might be considered
> a feature, not a bug.

Only if it's done intentionally.

E.g.:

	bash% DPKG_PATH=... dpkg -i foobar.deb

--Paul Vojta, vojta@math.berkeley.edu

Message #28 received at 18567@bugs.debian.org (full text, mbox, reply):

From: Thomas Hood <jdthood@yahoo.co.uk>

To: Paul Vojta <vojta@Math.Berkeley.EDU>

Cc: 18567@bugs.debian.org

Subject: Re: Bug#18567: 18567 -- bug or feature?

Date: 10 Oct 2002 09:54:58 +0200

On Wed, 2002-10-09 at 20:17, Paul Vojta wrote:
> > Being able to set the PATH for dpkg might be considered
> > a feature, not a bug.
> 
> Only if it's done intentionally.
> E.g.:   bash% DPKG_PATH=... dpkg -i foobar.deb

dpkg can't know how the path was set.

Still, I think you are right that the packaging system
should be able to find its own components when the 
user sets the PATH. 

Message #33 received at 18567@bugs.debian.org (full text, mbox, reply):

From: Paul Vojta <vojta@Math.Berkeley.EDU>

To: jdthood@yahoo.co.uk

Cc: 18567@bugs.debian.org

Subject: Re: Bug#18567: 18567 -- bug or feature?

Date: Thu, 10 Oct 2002 23:05:03 -0700 (PDT)

> Subject: Re: Bug#18567: 18567 -- bug or feature?
> From: Thomas Hood <jdthood@yahoo.co.uk>
> To: Paul Vojta <vojta@Math.Berkeley.EDU>
> Cc: 18567@bugs.debian.org
> Date: 10 Oct 2002 09:54:58 +0200
> 
> On Wed, 2002-10-09 at 20:17, Paul Vojta wrote:
> > > Being able to set the PATH for dpkg might be considered
> > > a feature, not a bug.
> > 
> > Only if it's done intentionally.
> > E.g.:   bash% DPKG_PATH=... dpkg -i foobar.deb
> 
> dpkg can't know how the path was set.

Please look at my example again.  Of course, dpkg can't know how the
environment variable DPKG_PATH was set, either, but it's more forgivable
for dpkg to act on environment variables if they begin with the characters
DPKG_.

IMHO, it would be better for dpkg to set its own path.  If people want
to set the path for dpkg to use (e.g., for testing), then dpkg should
provide a way to do this, such as:
(1) a command-line option,
(2) an environment variable *specific to dpkg*, or
(3) a configuration file.

> Still, I think you are right that the packaging system
> should be able to find its own components when the 
> user sets the PATH. 

--Paul Vojta, vojta@math.berkeley.edu

Message #38 received at 18567@bugs.debian.org (full text, mbox, reply):

From: Graham Wilson <bob@decoy.wox.org>

To: Thomas Hood <jdthood@yahoo.co.uk>, 18567@bugs.debian.org

Cc: Paul Vojta <vojta@Math.Berkeley.EDU>

Subject: Re: Bug#18567: 18567 -- bug or feature?

Date: Fri, 11 Oct 2002 07:35:56 -0500

On Thu, Oct 10, 2002 at 09:54:58AM +0200, Thomas Hood wrote:
> On Wed, 2002-10-09 at 20:17, Paul Vojta wrote:
> > > Being able to set the PATH for dpkg might be considered
> > > a feature, not a bug.
> > 
> > Only if it's done intentionally.
> > E.g.:   bash% DPKG_PATH=... dpkg -i foobar.deb
> 
> dpkg can't know how the path was set.
> 
> Still, I think you are right that the packaging system
> should be able to find its own components when the 
> user sets the PATH. 

why does dpkg not use absolute pathnames?

--
gram

Message #43 received at 18567@bugs.debian.org (full text, mbox, reply):

From: Adam Heath <doogie@debian.org>

To: Graham Wilson <bob@decoy.wox.org>, <18567@bugs.debian.org>

Subject: Re: Bug#18567: 18567 -- bug or feature?

Date: Fri, 11 Oct 2002 15:18:27 -0500 (CDT)

On Fri, 11 Oct 2002, Graham Wilson wrote:

> On Thu, Oct 10, 2002 at 09:54:58AM +0200, Thomas Hood wrote:
> > On Wed, 2002-10-09 at 20:17, Paul Vojta wrote:
> > > > Being able to set the PATH for dpkg might be considered
> > > > a feature, not a bug.
> > >
> > > Only if it's done intentionally.
> > > E.g.:   bash% DPKG_PATH=... dpkg -i foobar.deb
> >
> > dpkg can't know how the path was set.
> >
> > Still, I think you are right that the packaging system
> > should be able to find its own components when the
> > user sets the PATH.
>
> why does dpkg not use absolute pathnames?

So the admin can control what dpkg calls.  Also, maintainer scripts don't
hard-code paths.

Message #48 received at 18567-quiet@bugs.debian.org (full text, mbox, reply):

From: Thomas Hood <jdthood@yahoo.co.uk>

To: debian-devel@lists.debian.org

Cc: 18567-quiet@bugs.debian.org

Subject: Re: PATH setting used by dpkg to run postinstall scripts?

Date: 16 Oct 2002 15:50:07 +0200

Walter Tautz <wtautz@math.uwaterloo.ca> wrote on debian-devel:
> on our systems we sometime have local software that may have commands
> with the same name as debian commands....i.e. I have noticed that
> certain packages fail to install if they rely on the external
> PATH settings...granted on most pure debian systems this is not
> a problem but....shouldn't the post install scripts set the PATH or
> better yet dpkg?

This issue was raised in bug report #18567 (4 years and 238 days old).

--
Thomas Hood

Message #55 received at 18567-quiet@bugs.debian.org (full text, mbox, reply):

From: Thomas Hood <jdthood@yahoo.co.uk>

To: 18567-quiet@bugs.debian.org

Subject: tags 18567 wontfix

Date: 18 Oct 2002 13:15:00 +0200

tags 18567 wontfix
thanks

Brian May wrote on debian-devel:
> I am not about to provide any solutions here

The most recent discussion starts at 
http://marc.theaimsgroup.com/?l=debian-devel&m=103470858629390&w=2
or
http://lists.debian.org/debian-devel/2002/debian-devel-200210/msg00941.html

Message #64 received at 18567@bugs.debian.org (full text, mbox, reply):

From: MK <phyre@rogers.com>

To: 18567@bugs.debian.org

Subject: Shouldn’t be wontfix

Date: Sat, 6 Apr 2019 04:56:43 +0000 (UTC)

[Message part 1 (text/plain, inline)]

I know this is a wontfix, but maybe this should be reconsidered in light of buster’s changes?
With the switch of su as referenced here: https://sources.debian.org/src/util-linux/2.33.1-0.1/debian/util-linux.NEWS , there is no reason why dpkg shouldn’t add /sbin and /usr/sbin to the back of the path, after any other user-defined path entries which would override it. 
Supposedly “dpkg ensures that the PATH is set to a reasonable value” but it’s certainly failing in this case. No harm is done- only benefit. With the new ‘su’ as people get used to it, we’re going to see lots of failures. Failures that could incorrectly configure packages and lead to more bugs due to configuration issues. Bugs like this one ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926449 )

> Upgrading from 3.4.4 to 3.4.5-1, I see the following messages after a 'su'
> to root Preconfiguring packages ...
>     Can't exec "postconf": No such file or directory at
> /tmp/postfix.config.swGX60 line 220, <STDIN> line 14. Can't exec
> "postconf": No such file or directory at /tmp/postfix.config.swGX60 line
> 284, <STDIN> line 16. Can't exec "postconf": No such file or directory at
> /tmp/postfix.config.swGX60 line 386, <STDIN> line 21.



Scott Kitterman’s comment when this bug was reported I think accurately points to this bug (thank you Scott)
“If there is a bug here, it's probably in dpkg.  I think that the postfix  package is aligned to policy and Debian best practices.  See below.  Please  review and consider if this should be reassigned.

Here's an extract from policy 6.1:

Programs called from maintainer scripts should not normally have a path prepended to them. Before installation is started, the package management system checks to see if the programs ldconfig, start-stop-daemon, and update-rc.d can be found via the PATH environment variable. Those programs, and any other program that one would expect to be in the PATH, should thus be invoked 
without an absolute pathname. Maintainer scripts should also not reset the 
PATH, though they might choose to modify it by prepending or appending 
package-specific directories. These considerations really apply to all shell 
scripts.

There is a related lintian [1] check which says, in part:

Programs called from maintainer scripts normally should not have a path 
prepended. dpkg ensures that the PATH is set to a reasonable value, and 
prepending a path may prevent the local administrator from using a replacement 
version of a command for some local reason.

[1] https://lintian.debian.org/tags/command-with-path-in-maintainer-script.html

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.