[Piuparts-devel] Bug#990212: piuparts: Accesses internal dpkg database
Guillem Jover
guillem at debian.org
Wed Jun 23 01:26:30 BST 2021
Source: piuparts
Source-Version: 1.1.3
Severity: important
User: debian-dpkg at lists.debian.org
Usertags: dpkg-db-access-blocker dpkg-db-access-ctrl
Hi!
The piuparts package contains various scripts directly accessing the
internal dpkg database, instead of using publicly supported
interfaces. I think the pathnames used as part of its ignore list are
fine and can be ignored here.
* custom-scripts/scripts/pre_remove_40_find_missing_md5sums
Checks whether packages have an md5sums file present. This should
be switched to use «dpkg-query --control-list $pkg».
* custom-scripts/scripts/post_remove_exceptions
Modifies a postrm script for a package. This should be switched to
use «dpkg-query --control-path asclassic postrm».
Although this is not ideal. But then the package got removed from
the archive in 2009, perhaps this could be removed instead?
* custom-scripts/scripts-debug-purge/post_remove_postrm_set-x
Modifies postrm scripts for packages. This should be switched to
use «dpkg-query --control-path $pkg:$arch postrm», which always
works (by unconditionally arch-qualifiying).
This is not ideal either, but I've added a TODO item to make it
possible to execute maintscripts via a wrapper or similar so that
one could enable debugging by passing say
«--maintscript-map-interp /bin/bash "/bin/bash -x"» or something
similar.
* custom-scripts/scripts-debug-remove/pre_remove_prerm_postrm_set-x
Same as above, but for prerm and postrm.
This is a problem for several reasons, because even though the layout and
format of the dpkg database is administrator friendly, and it is expected
that those might need to mess with it, in case of emergency, this
“interface” does not extend to other programs besides the dpkg suite of
tools. The admindir can also be configured differently at dpkg build or
run-time. And finally, the contents and its format, will be changing in
the near future.
Thanks,
Guillem
More information about the Piuparts-devel
mailing list