[Aptitude-devel] Bug#662983: Bug#662983: When called by aptitude, apt-listbugs crash and precludes the package upgrade

Francesco Poli invernomuto at paranoici.org
Thu Mar 8 17:59:14 UTC 2012

On Thu, 8 Mar 2012 10:50:44 +0800 Daniel Hartwig wrote:

> On 8 March 2012 10:49, Daniel Hartwig <mandyke at gmail.com> wrote:
> >
> > Apt-listbugs could try harder to avoid directly reading from /dev/tty
> >
> Of course, here I am refering to reading from stdin instead.

I wonder whether this is at all possible...

I am not 100 % sure, since I was not involved in apt-listbugs
development at the time when these parts of the code were initially
laid out, but I think that one of the main reasons why apt-listbugs
needs to explicitly open "/dev/tty" is that it needs to perform the
following steps (when run in "apt" mode):

  * first it reads the input provided by apt-get or aptitude or other
compatible package manager through the Pre-Install-Pkgs hook info
protocol version 2 (see /etc/apt/apt.conf.d/10apt-listbugs , I am sure
the Aptitude Development Team members are more knowledgeable than me
about this protocol); this input is provided to apt-listbugs on its
STDIN, as through a pipe

  * when this input ends (EOF), apt-listbugs needs to be able to become
interactive and ask questions to the user, and get answers from STDIN,
and possibly also run a web browser (that could be a textual browser,
depending on the user preferences) and let the user interact with the
browser, until it exits and comes back to the apt-listbugs interactive

Currently, apt-listbugs does all this by opening "/dev/tty", after the
input provided by apt(itude) ends.
I don't know whether there's a better way to achieve this result,
without being limited by the security fix for CVE-2005-4890...

Any idea?
I haven't found much documentation about these tricks in Ruby...  :-(

 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/aptitude-devel/attachments/20120308/eef54644/attachment.pgp>

More information about the Aptitude-devel mailing list