:: Re: [DNG] OpenVPN 2.5.1-3+devuan1 p…
Góra strony
Delete this message
Reply to this message
Autor: Ken Dibble
Data:  
Dla: dng
Temat: Re: [DNG] OpenVPN 2.5.1-3+devuan1 packaging vs best practices
On 7/25/22 09:29, Ken Dibble wrote:
>
> This is the first time I have seen this with any package.
>
> I have no idea whether it has happened with packages not installed on
> my systems.
>
> It is my understanding that best practice is noexec on /tmp and that
> this is a Debian recommendation.
>
> Here is the relevant line from /etc/fstab.
>
> tmpfs   /tmp    tmpfs defaults,noatime,mode=1777,nosuid,noexec,nodev  0  0
>
>
> Here is the error message.
>
> sudo apt-get dist-upgrade
>
> .
>
> .
>
> Preconfiguring packages ...
> Can't exec "/tmp/openvpn.config.NDxHMl": Permission denied at
> /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178.
> open2: exec of /tmp/openvpn.config.NDxHMl configure 2.5.1-3+devuan1
> failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm
> line 59.
> .
>
> .
>
> The (apparent) recommendation from bug report 129289 in 2002 is to set
>
> APT::ExtractTemplates::TempDir
> in apt.conf to some directory which is mounted with exec
>
> and
> As of version 0.5.8, apt supports TMPDIR for determining where
> apt-extracttemplates puts its temporary files. If you have a noexec
> /tmp, use this or other documented means to make apt-extracttemplates
> use a directory that does accept executables
>
> As of 2018 Bug #887099, merged with sundry other bug reports of the same type
> Control: reassign -1 debconf 1.5.61
> Control: forcemerge 566247 -1
> This appears to be a generic issue in debconf, so I'm reassigning it to
> debconf and merging it with the existing bugs tracking the same issue.
>
> There doesn't seem to be any activity after that.
>
> Is there a best practice for the method of selecting and setting this
> directory?
>
> Thanks,
>
> Ken
>


Replying to my own message:

It appears that this problem with debconf has been around for 2 decades and

the maintainers are at odds with the debian position about "/tmp" and
noexec.


That being said I am going with

echo "APT::ExtractTemplates::TempDir \"/var/tmp\";"
>/etc/apt/apt.conf.d/50extracttemplates


unless someone has a better idea or a reason not to.

I am aware that Debian does not by default clean up /var/tmp and it will
be my responsibility to

check it for things left around.

Thanks,

Ken