Bug#890418: [PATCH] Don't let host PATH leak into the target commands

2018-02-24 Thread Hideki Yamane 
On Wed, 14 Feb 2018 15:48:46 +0100 Lubomir Rintel  wrote:
> Package: debootstrap
> Severity: normal
> 
> This fixes debootstrap on Fedora host, with unified /usr and PATH
> lacking /bin and /sbin.

 Looks good to me, I've tested it on Fedora and ArchLinux and works
 fine. It also fixes Bug#718632 and Bug#770658 (merged).
 

On Sun, 23 Nov 2014 16:00:48 + Ben Hutchings  wrote:
> But does it make sense to use the outer system's $PATH at all?  Why
> shouldn't debootstrap reset it to the Debian default whenever it runs a
> command in chroot?

 This fix suits to Ben's suggestion, except /usr/local/{,s}bin.
 We don't need to consider /usr/local/* for PATH on debootstrap, IMO.


-- 
Regards,

 Hideki Yamane henrich @ debian.org/iijmio-mail.jp

Bug#890418: [PATCH] Don't let host PATH leak into the target commands

2018-02-14 Thread Lubomir Rintel 
Package: debootstrap
Severity: normal

This fixes debootstrap on Fedora host, with unified /usr and PATH
lacking /bin and /sbin.
---
 functions | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)From 03f508d24fd5f582c0fda420f9698174ab9128c0 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel 
Date: Sat, 27 Jan 2018 11:04:11 +0100
Subject: [PATCH] Don't let host PATH leak into the target commands

This fixes debootstrap on Fedora host, with unified /usr and PATH
lacking /bin and /sbin.
---
 functions | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions b/functions
index 3cfa0d4..e30687c 100644
--- a/functions
+++ b/functions
@@ -976,7 +976,7 @@ extract () { (
 ); }
 
 in_target_nofail () {
-	if ! $CHROOT_CMD "$@" 2>/dev/null; then
+	if ! PATH=/sbin:/usr/sbin:/bin:/usr/bin $CHROOT_CMD "$@" 2>/dev/null; then
 		true
 	fi
 	return 0
@@ -987,7 +987,7 @@ in_target_failmsg () {
 	local msg="$2"
 	local arg="$3"
 	shift; shift; shift
-	if ! $CHROOT_CMD "$@"; then
+	if ! PATH=/sbin:/usr/sbin:/bin:/usr/bin $CHROOT_CMD "$@"; then
 		warning "$code" "$msg" "$arg"
 		# Try to point user at actual failing package.
 		msg="See %s for details"
-- 
2.14.3