From 806e94dcd8dbdf7bf1909657fd4331cfe17b4ab0 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 10 Dec 2018 16:52:59 +0100 Subject: Set PATH=/usr/sbin:/usr/bin:/sbin:/bin when running dpkg This avoids a lot of problems from local installations of scripting languages and other stuff in /usr/local for which maintainer scripts are not prepared. [v3: Inherit PATH during tests, check overrides work] [v2: Add testing] --- apt-pkg/deb/debsystem.cc | 4 ++++ apt-pkg/deb/dpkgpm.cc | 3 +++ apt-pkg/init.cc | 3 +++ debian/NEWS | 8 ++++++++ doc/apt.conf.5.xml | 7 +++++++ doc/examples/configure-index | 4 ++++ test/integration/framework | 3 +++ test/integration/test-dpkg-path | 35 +++++++++++++++++++++++++++++++++++ 8 files changed, 67 insertions(+) create mode 100755 test/integration/test-dpkg-path diff --git a/apt-pkg/deb/debsystem.cc b/apt-pkg/deb/debsystem.cc index 0a9e98d6d..5df6c58a1 100644 --- a/apt-pkg/deb/debsystem.cc +++ b/apt-pkg/deb/debsystem.cc @@ -398,6 +398,10 @@ pid_t debSystem::ExecDpkg(std::vector const &sArgs, int * const inp { setenv("DPKG_FRONTEND_LOCKED", "true", 1); } + + if (_config->Find("DPkg::Path", "").empty() == false) + setenv("PATH", _config->Find("DPkg::Path", "").c_str(), 1); + execvp(Args[0], (char**) &Args[0]); _error->WarningE("dpkg", "Can't execute dpkg!"); _exit(100); diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc index 074e52b3f..3c707e220 100644 --- a/apt-pkg/deb/dpkgpm.cc +++ b/apt-pkg/deb/dpkgpm.cc @@ -2017,6 +2017,9 @@ bool pkgDPkgPM::Go(APT::Progress::PackageManager *progress) && dynamic_cast(_system)->IsLocked() == true) { setenv("DPKG_FRONTEND_LOCKED", "true", 1); } + if (_config->Find("DPkg::Path", "").empty() == false) + setenv("PATH", _config->Find("DPkg::Path", "").c_str(), 1); + execvp(Args[0], (char**) &Args[0]); cerr << "Could not exec dpkg!" << endl; _exit(100); diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index 3502e7ddc..cf69f40d0 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -208,6 +208,9 @@ bool pkgInitConfig(Configuration &Cnf) Cnf.CndSet("Acquire::Changelogs::URI::Origin::Ubuntu", "https://changelogs.ubuntu.com/changelogs/pool/@CHANGEPATH@/changelog"); Cnf.CndSet("Acquire::Changelogs::AlwaysOnline::Origin::Ubuntu", true); + + Cnf.CndSet("DPkg::Path", "/usr/sbin:/usr/bin:/sbin:/bin"); + // Read an alternate config file _error->PushToStack(); const char *Cfg = getenv("APT_CONFIG"); diff --git a/debian/NEWS b/debian/NEWS index 95c2d27fd..95725b261 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,11 @@ +apt (1.8.0~alpha3) UNRELEASED; urgency=medium + + The PATH for running dpkg is now configured by the option DPkg::Path, + and defaults to "/usr/sbin:/usr/bin:/sbin/:bin". Previous behavior of + not changing PATH may be restored by setting the option to an empty string. + + -- Julian Andres Klode Mon, 10 Dec 2018 16:51:36 +0100 + apt (1.6~rc1) unstable; urgency=medium Seccomp sandboxing has been turned off by default for now. If it works diff --git a/doc/apt.conf.5.xml b/doc/apt.conf.5.xml index 64a26bc4a..ffbcba5a4 100644 --- a/doc/apt.conf.5.xml +++ b/doc/apt.conf.5.xml @@ -776,6 +776,13 @@ APT::Compressor::rev { using the list notation and each list item is passed as a single argument to &dpkg;. + + + This is a string that defines the PATH + environment variable used when running dpkg. It may be set to any + valid value of that environment variable; or the empty string, in + which case the variable is not changed. + This is a list of shell commands to run before/after invoking &dpkg;. diff --git a/doc/examples/configure-index b/doc/examples/configure-index index 99aedfd19..d7bd3daba 100644 --- a/doc/examples/configure-index +++ b/doc/examples/configure-index @@ -461,6 +461,10 @@ DPkg // Probably don't want to use force-downgrade.. Options {"--force-overwrite";"--force-downgrade";} + // Defaults to /usr/sbin:/usr/bin:/sbin:/bin, might be set to empty + // string to inherit from environment + Path ""; + // Auto re-mounting of a readonly /usr Pre-Invoke {"mount -o remount,rw /usr";}; Post-Invoke {"mount -o remount,ro /usr";}; diff --git a/test/integration/framework b/test/integration/framework index 8ec2e80cf..e7b82c273 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -482,6 +482,9 @@ EOF unset GREP_OPTIONS POSIXLY_CORRECT unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy + # Make dpkg inherit testing path + echo 'DPkg::Path "";\n' >> aptconfig.conf + # Make gcov shut up export GCOV_ERROR_FILE=/dev/null diff --git a/test/integration/test-dpkg-path b/test/integration/test-dpkg-path new file mode 100755 index 000000000..b17b59421 --- /dev/null +++ b/test/integration/test-dpkg-path @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'native' +configdpkgnoopchroot + +# create a bunch of test pkgs +createtestpkg() { + setupsimplenativepackage "testpkg-$1" 'native' '1.0' 'unstable' + BUILDDIR="incoming/testpkg-$1-1.0" + echo '#!/bin/sh +echo PATH=$PATH' > "${BUILDDIR}/debian/preinst" + buildpackage "$BUILDDIR" 'unstable' 'main' 'native' + rm -rf "$BUILDDIR" +} + +createtestpkg 'one' +createtestpkg 'two' + +setupaptarchive + + +# Inherit from environment +testsuccess aptget install testpkg-one -y -o DPkg::Path="" +cp rootdir/tmp/testsuccess.output apt.log +testsuccess grep "PATH=$PATH" apt.log + +# Set a custom value +testsuccess aptget install testpkg-two -y -o DPkg::Path="foobar:$PATH" +cp rootdir/tmp/testsuccess.output apt.log +testsuccess grep "PATH=foobar:$PATH" apt.log -- cgit v1.2.3