著者: Ken Dibble 日付: To: dng 題目: Re: [DNG] OpenVPN 2.5.1-3+devuan1 packaging vs best practices
On 7/25/22 09:29, Ken Dibble wrote: >
> This is the first time I have seen this with any package.
>
> I have no idea whether it has happened with packages not installed on
> my systems.
>
> It is my understanding that best practice is noexec on /tmp and that
> this is a Debian recommendation.
>
> Here is the relevant line from /etc/fstab.
>
> tmpfs /tmp tmpfs defaults,noatime,mode=1777,nosuid,noexec,nodev 0 0
>
>
> Here is the error message.
>
> sudo apt-get dist-upgrade
>
> .
>
> .
>
> Preconfiguring packages ...
> Can't exec "/tmp/openvpn.config.NDxHMl": Permission denied at
> /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178.
> open2: exec of /tmp/openvpn.config.NDxHMl configure 2.5.1-3+devuan1
> failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm
> line 59.
> .
>
> .
>
> The (apparent) recommendation from bug report 129289 in 2002 is to set
>
> APT::ExtractTemplates::TempDir
> in apt.conf to some directory which is mounted with exec
>
> and
> As of version 0.5.8, apt supports TMPDIR for determining where
> apt-extracttemplates puts its temporary files. If you have a noexec
> /tmp, use this or other documented means to make apt-extracttemplates
> use a directory that does accept executables
>
> As of 2018 Bug #887099, merged with sundry other bug reports of the same type
> Control: reassign -1 debconf 1.5.61
> Control: forcemerge 566247 -1
> This appears to be a generic issue in debconf, so I'm reassigning it to
> debconf and merging it with the existing bugs tracking the same issue.
>
> There doesn't seem to be any activity after that.
>
> Is there a best practice for the method of selecting and setting this
> directory?
>
> Thanks,
>
> Ken
>
Replying to my own message:
It appears that this problem with debconf has been around for 2 decades and
the maintainers are at odds with the debian position about "/tmp" and
noexec.