On Sun, 18 Aug 2019 at 17:48:54 +0200, Mattia Rizzolo wrote:
> Nowadays (well, did it ever?) it doesn't make sense to install a package
> without even trying to satisfy its dependencies.
> It might make sense to add a --without-depends to help keeping the
> current situation, and then switch the defaults to --with-depends.
I think I might have worked out why --with-depends was not the default:
debi uses debpkg, which is designed to be made setuid root and only
executable by some privileged group using dpkg-statoverride, like this:
-rwsr-x--- ... root yourgroup ... /usr/bin/debpkg
^
removing o+x is non-obvious but very important!
But apt needs to run as root, and the --with-depends code path doesn't
have a similar setuid wrapper.
Where is setuid debpkg on a scale from recommended to discredited?
If it's an important use case, then the recent apt changes will break it
(at least in the code paths where apt is used).
I've never used the setuid debpkg myself, and I'm not sure how sensible
it ever was for debpkg to be invokable by some user or group, without
authentication or any other speed-bump, to run arbitrary maintainer
scripts as root. Perhaps sudo wasn't ubiquitous in 1997/1998 when
debpkg was new, but two decades on, putting suitable configuration in
/etc/sudoers seems like a more general solution to the same requirement
(for example "%sudo ALL=(ALL) NOPASSWD: ALL" is appropriate on expendable
test VMs).
smcv
