DevHeads.net

Changing $PATH for apt installs

Hi folks,

I'm planning to have apt set PATH to a sane value for running
dpkg, so that maintainer scripts are executed in a sanitized
environment. That value will be:

PATH=/usr/sbin:/usr/bin:/sbin:/bin

The effect:

(1) There is no /usr/local, which prevents breakage from custom perl
or python installation

(2) /snap/bin is not included either. This means that packages migrating
to snaps will have to provide compatibility links (scripts?) in /usr
- IIRC, lxd already does so, I'm not sure about other libraries.

Together, this ensures that deb packages only talk to deb packages.

Thanks,
Julian

Comments

Re: Changing $PATH for apt installs

By Jamie Strandboge at 12/04/2018 - 16:26

That said, debs should always declare their dependencies and atm, debs can't
declare a dependency on a snap. Therefore, including /snap/bin in the PATH is
wrong since its possible that a deb is missing a dependency and sometimes finds
it in /snap/bin. As such, +1 on the change. There might be things to reconsider
depending on how we want to handle deb to snap migrations and especially deb
dependencies on snaps (if that every becomes a thing), but that can wait until
later.