[Debconf-devel] Bug#1091442: dpkg-preconfigure calling apt-extracttemplates breaks DPKG_ROOT support

Thu Dec 26 11:41:42 GMT 2024

Package: debconf
Version: 1.5.88
Severity: normal
X-Debbugs-Cc: deity at lists.debian.org, debian-cross at lists.debian.org

Hi,

since the upload of debconf 1.5.88 a few days ago, building chrootless Debian
chroot tarballs is broken if not using fakeroot. Specifically, since that
upload, /var/cache/debconf/ and /var/cache/debconf/tmp.ci/ outside the chroot
will get modified or created, respectively. I tried to come up with a patch but
am left with more questions than answers and am thus reaching out to the
debconf maintainers as well as the readers of the deity list. There is a bit to
unpack, lets start with a patch that works around the issue in our CI [1]:

--- a/dpkg-preconfigure
+++ b/dpkg-preconfigure
@@ -140,7 +140,10 @@ elsif (! @debs) {
 }
 
 my $apt_extracttemplates;
-if (-x '/usr/lib/apt/apt-extracttemplates') {
+if (($ENV{USER} // '') ne 'user') {
+	warn gettext("delaying package configuration, since apt-extracttemplates does not support DPKG_ROOT");
+	exit;
+} elsif (-x '/usr/lib/apt/apt-extracttemplates') {
 	$apt_extracttemplates = '/usr/lib/apt/apt-extracttemplates';
 } elsif (Debconf::Path::find('apt-extracttemplates')) {
 	$apt_extracttemplates = 'apt-extracttemplates';
EOF

Before debconf 1.5.88, dpkg-preconfigure did not find apt-extracttemplates
(because apt-utils was not installed) and thus bailed out early. But since apt
2.9.11, apt-extracttemplates is part of the "apt" package and thus always
available. Thus, dpkg-preconfigure does not bail out and ends up touching files
that it should not.  Notably, this only happens when running mmdebstrap in
chrootless mode *without* fakeroot around it. With fakeroot we are lacking
privileges and we get:

debconf: DbDriver "passwords" warning: could not open /var/cache/debconf/passwords.dat: Permission denied

Which means once again, dpkg-preconfigure bails out early (but for a different
reason this time) and nothing outside of the chroot gets modified. This is also
part of the reason why we check the USER environment variable in the workaround
patch above. It ensures that when fakeroot is *not* used, that is, if it is not
the CI user named "user" that is running dpkg-preconfigure, we bail out early.

But why this clunky check? Other patches to enable chrootless support just
check for the DPKG_ROOT environment variable. But that variable is not set for
the dpkg-preconfigure script. The DPKG_ROOT environment variable is set for
maintainer scripts when apt is started by mmdebstrap with these options:

    -oDPkg::Chroot-Directory=
    -oDPkg::Options::=--force-not-root
    -oDPkg::Options::=--force-script-chrootless
    -oDPkg::Options::=--root=...

But dpkg-preconfigure is called by /etc/apt/apt.conf.d/70debconf via
DPkg::Pre-Install-Pkgs and thus does *not* have the DPKG_ROOT variable set as
it is not executed by dpkg but by apt itself. We are thus not able to figure
out that this is supposed to be a chroot installation.

I'm am looking for ideas of how to fix this.

Since chroot installation worked well before apt-extracttemplates moved to
"apt" I'm tending to look for a solution which just exits dpkg-preconfigure
early for chrootless installations. But on what condition should this happen?

This is made worse by the fact, that apt is not being told that this is a
chrootless installation -- dpkg is being told via apt options.

Should apt gain support for being told that it's doing a chrootless
installation and then pass the right options or environment variables to the
DPkg::Pre-Install-Pkgs scripts it calls?

Should the caller of apt set an environment variable or touch a special file to
indicate to dpkg-preconfigure that it should please exit early?

Dear debconf & apt developers, do you have ideas?

Thanks!

cheers, josch

[1] https://salsa.debian.org/helmutg/dpkg-root-demo/-/merge_requests/2

