Re: [DNG] OpenVPN 2.5.1-3+devuan1 packaging vs best practices

Tue, 26 Jul 2022 08:00:45 -0700 

On 7/25/22 09:29, Ken Dibble wrote:


This is the first time I have seen this with any package.


I have no idea whether it has happened with packages not installed on 
my systems.



It is my understanding that best practice is noexec on /tmp and that 
this is a Debian recommendation.


Here is the relevant line from /etc/fstab.

tmpfs   /tmp    tmpfs defaults,noatime,mode=1777,nosuid,noexec,nodev  0  0


Here is the error message.

sudo apt-get dist-upgrade

.

.

Preconfiguring packages ...

Can't exec "/tmp/openvpn.config.NDxHMl": Permission denied at 
/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178.
open2: exec of /tmp/openvpn.config.NDxHMl configure 2.5.1-3+devuan1 
failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm 
line 59.

.

.

The (apparent) recommendation from bug report 129289 in 2002 is to set

APT::ExtractTemplates::TempDir
in apt.conf to some directory which is mounted with exec

and
As of version 0.5.8, apt supports TMPDIR for determining where
apt-extracttemplates puts its temporary files. If you have a noexec
/tmp, use this or other documented means to make apt-extracttemplates
use a directory that does accept executables

As of 2018 Bug #887099, merged with sundry other bug reports of the same type
Control: reassign -1 debconf 1.5.61
Control: forcemerge 566247 -1
This appears to be a generic issue in debconf, so I'm reassigning it to
debconf and merging it with the existing bugs tracking the same issue.

There doesn't seem to be any activity after that.


Is there a best practice for the method of selecting and setting this 
directory?


Thanks,

Ken



Replying to my own message:

It appears that this problem with debconf has been around for 2 decades and


the maintainers are at odds with the debian position about "/tmp" and 
noexec.



That being said I am going with


echo "APT::ExtractTemplates::TempDir \"/var/tmp\";" 
>/etc/apt/apt.conf.d/50extracttemplates


unless someone has a better idea or a reason not to.


I am aware that Debian does not by default clean up /var/tmp and it will 
be my responsibility to


check it for things left around.

Thanks,

Ken

_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng






















					Reply via email to