[Debconf-devel] Bug#1091442: dpkg-preconfigure calling apt-extracttemplates breaks DPKG_ROOT support

Thu Dec 26 13:51:15 GMT 2024

On Thu, Dec 26, 2024 at 12:41:42PM +0100, Johannes Schauer Marin Rodrigues wrote:
> since the upload of debconf 1.5.88 a few days ago, building chrootless Debian
> chroot tarballs is broken if not using fakeroot. Specifically, since that
> upload, /var/cache/debconf/ and /var/cache/debconf/tmp.ci/ outside the chroot
> will get modified or created, respectively. I tried to come up with a patch but
> am left with more questions than answers and am thus reaching out to the
> debconf maintainers as well as the readers of the deity list. There is a bit to
> unpack, lets start with a patch that works around the issue in our CI [1]:

Eww.  What a mess.

> But dpkg-preconfigure is called by /etc/apt/apt.conf.d/70debconf via
> DPkg::Pre-Install-Pkgs and thus does *not* have the DPKG_ROOT variable set as
> it is not executed by dpkg but by apt itself. We are thus not able to figure
> out that this is supposed to be a chroot installation.
> 
> I'm am looking for ideas of how to fix this.
> 
> Since chroot installation worked well before apt-extracttemplates moved to
> "apt" I'm tending to look for a solution which just exits dpkg-preconfigure
> early for chrootless installations. But on what condition should this happen?
> 
> This is made worse by the fact, that apt is not being told that this is a
> chrootless installation -- dpkg is being told via apt options.
> 
> Should apt gain support for being told that it's doing a chrootless
> installation and then pass the right options or environment variables to the
> DPkg::Pre-Install-Pkgs scripts it calls?
> 
> Should the caller of apt set an environment variable or touch a special file to
> indicate to dpkg-preconfigure that it should please exit early?

dpkg-preconfigure arguably shouldn't need to bail out; since debconf
supports DPKG_ROOT, it would be sufficient if DPKG_ROOT were set when
dpkg-preconfigure is called, since that would mean it would use a
debconf database in the right place.  (Well, nearly.  dpkg-preconfigure
currently hardcodes /var/cache/debconf/tmp.ci, but that's easily fixed.)
In general it seems better to me if chrootless installations take more
similar code paths to normal ones.

How viable/evil would it be for something outside dpkg to set DPKG_ROOT?
Perhaps the caller of apt could just set DPKG_ROOT, since it knows the
intended installation path and that the installation is going to be
chrootless?  Then hopefully all we need is something like:

diff --git a/dpkg-preconfigure b/dpkg-preconfigure
index 6239603a..a5f9d37d 100755
--- a/dpkg-preconfigure
+++ b/dpkg-preconfigure
@@ -156,7 +156,8 @@ if (! $have_tty && $frontend->need_tty) {
 	exit 0;
 }
 
-my $tempdir='/var/cache/debconf/tmp.ci';
+my $root=$ENV{DPKG_ROOT} // '';
+my $tempdir="$root/var/cache/debconf/tmp.ci";
 remove_tree($tempdir, { safe => 1, keep_root => 1 });
 make_path($tempdir);
 

-- 
Colin Watson (he/him)                              [cjwatson at debian.org]

