• Bug#679751: Patch to close out this bug

    From Sean Whitton@21:1/5 to All on Sun Aug 27 00:00:02 2017
    XPost: linux.debian.bugs.dist

    control: tag -1 +patch

    Hello,

    During DebConf, Russ and I reviewed this bug and believe that the only remaining issue is to document /nonexistent. So I am seeking seconds
    for the following patch.

    diff --git a/policy/ch-opersys.rst b/policy/ch-opersys.rst
    index e4ed008..7d9e20a 100644
    --- a/policy/ch-opersys.rst
    +++ b/policy/ch-opersys.rst
    @@ -296,6 +296,18 @@ The UID and GID numbers are divided into classes as follows:
    ``(uid_t)(-1) == (gid_t)(-1)`` *must not* be used, because it is the
    error return sentinel value.

    +.. _s-nonexistent:
    +
    +Non-existent home directories
    +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    +
    +The canonical non-existent home directory is ``/nonexistent``. Users
    +who should not have a home directory should have their home directory
    +set to this value.
    +
    +The Debian autobuilders set HOME to ``/nonexistent`` so that packages
    +which try to write to a home directory will fail to build.
    +
    .. _s-sysvinit:

    System run levels and ``init.d`` scripts


    --
    Sean Whitton

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAlmh4GAACgkQaVt65L8G YkADHA/+IaXnm74mEVPPFh6AoMdtnAgl1hIHnSySyQJieQaru8AxUtVm/7//tAya NfBpkHmqP/lmR5s4a46PXQC+OyAgZVt1qwA6xnzjfApmwY6elx
  • From Russ Allbery@21:1/5 to Sean Whitton on Sun Aug 27 01:50:01 2017
    XPost: linux.debian.bugs.dist

    Sean Whitton <spwhitton@spwhitton.name> writes:

    During DebConf, Russ and I reviewed this bug and believe that the only remaining issue is to document /nonexistent. So I am seeking seconds
    for the following patch.

    diff --git a/policy/ch-opersys.rst b/policy/ch-opersys.rst
    index e4ed008..7d9e20a 100644
    --- a/policy/ch-opersys.rst
    +++ b/policy/ch-opersys.rst
    @@ -296,6 +296,18 @@ The UID and GID numbers are divided into classes as follows:
    ``(uid_t)(-1) == (gid_t)(-1)`` *must not* be used, because it is the
    error return sentinel value.

    +.. _s-nonexistent:
    +
    +Non-existent home directories
    +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    +
    +The canonical non-existent home directory is ``/nonexistent``. Users
    +who should not have a home directory should have their home directory
    +set to this value.
    +
    +The Debian autobuilders set HOME to ``/nonexistent`` so that packages
    +which try to write to a home directory will fail to build.
    +
    .. _s-sysvinit:

    System run levels and ``init.d`` scripts

    Seconded.

    --
    Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From David Bremner@21:1/5 to Sean Whitton on Sun Aug 27 02:30:01 2017
    XPost: linux.debian.bugs.dist

    Sean Whitton <spwhitton@spwhitton.name> writes:

    +.. _s-nonexistent:
    +
    +Non-existent home directories
    +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    +
    +The canonical non-existent home directory is ``/nonexistent``. Users
    +who should not have a home directory should have their home directory
    +set to this value.
    +
    +The Debian autobuilders set HOME to ``/nonexistent`` so that packages
    +which try to write to a home directory will fail to build.
    +
    .. _s-sysvinit:

    System run levels and ``init.d`` scripts


    --
    Sean Whitton

    Seconded.

    d

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQGzBAEBCAAdFiEE3VS2dnyDRXKVCQCp8gKXHaSnniwFAlmh/p4ACgkQ8gKXHaSn niwSkAv9Gb3LJ5Mi3HS+i2E27fO5gvgkGRwoKFH+i111ySYCQwwh/k4LOtRCEuRa ZtuO0A+sHLNY/lS4gH1GHRGiK/TyKDc/uczIKehuRHQA9xhlyBcXie9neItucTtL L19rgqju3LQrN/4/r9g199aMr7MULfB8BDJo9WBTTCYZ/8dRN3HNC9OnbsGcFcIc QgTFQNpQLuqqeRpTW5zFypwlHp4fukhg91T534dAz+v+2M2VW33Iq8KWqQleoXfR RofeMbbc2gu/73BiobBQ2EXiqdy1t+gIr7T7xVVQuAl7lgp1UKrBm2WDvxwsNJd+ fEbnK/VwrvFpPH2fH80O9Af4ajeNUfb6BwrULaG4ayW2qm3N7VjVoZ88y5xUimos 5ahY7DN33KdL3EkTbQxAJXX/3chURdZkuGHNw2wWDurty0HVZ6aJ8nETTswtLJgZ VGtqLY+OAB7NRXakl/gIYv2yQEgfBu+RJiYP5lQk1Go/BINpm0ng24DzFHp6TmoL
    x9CWMSlR
    =fSEB
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ansgar Burchardt@21:1/5 to Sean Whitton on Thu Sep 21 20:30:02 2017
    XPost: linux.debian.bugs.dist

    Sean Whitton wrote:
    +.. _s-nonexistent:
    +
    +Non-existent home directories
    +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    +
    +The canonical non-existent home directory is ``/nonexistent``. Users
    +who should not have a home directory should have their home directory
    +set to this value.

    This is fine.

    +
    +The Debian autobuilders set HOME to ``/nonexistent`` so that packages
    +which try to write to a home directory will fail to build.
    +

    I don't think Policy should state bits about the environment variables
    Debian autobuilders set (or only mention that in a footnote).

    If we go that way, I believe we should require the build environment to
    have specific variables set (and recommend that the environment has no additional random variables set unless requested for the build). That
    could mean setting

    HOME=/nonexistant
    XDG_RUNTIME_DIR=/nonexistant
    PATH=${standard-path} (so $HOME/bin is not in $PATH)
    LC_ALL=C.UTF-8
    unsetting other LC_* variables

    and so on. It would also imply that just running `make -f debian/rules
    binary` is not enough.

    Ansgar

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Simon McVittie@21:1/5 to Ansgar Burchardt on Thu Sep 21 22:30:02 2017
    XPost: linux.debian.bugs.dist

    On Thu, 21 Sep 2017 at 19:06:31 +0200, Ansgar Burchardt wrote:
    XDG_RUNTIME_DIR=/nonexistant

    Unset, please, if you go this route. Unlike HOME, general-purpose
    software (that doesn't specifically depend on systemd-logind or the
    older pam_xdg) is expected to cope with XDG_RUNTIME_DIR not being set,
    as would happen on older or more minimal systems.

    Unsetting an optional variable seems more reasonable than setting it to
    a nonsensical value, which would break software that takes the approach
    of "the user is always right".

    Regards,
    smcv

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sean Whitton@21:1/5 to Ansgar Burchardt on Fri Sep 22 02:10:01 2017
    XPost: linux.debian.bugs.dist

    Hello Ansgar,

    On Thu, Sep 21 2017, Ansgar Burchardt wrote:

    I don't think Policy should state bits about the environment variables
    Debian autobuilders set (or only mention that in a footnote).

    We are trying to reduce the number of footnotes, moving informative
    statements (of which there are plenty in Policy) into the body text.

    I don't see what is wrong with this one. Perhaps you could expand.

    --
    Sean Whitton

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAlnERFEACgkQaVt65L8G YkAy9A//UvdwolFeN3x4dcm5Pn55niw3faCJlFVDBaPcYx1VSSwaW+E1byO0bzwH 3EREuDlHk0NIpsTJ3dDxqI4v5FKKQXhpYMyBtdE/jkvGYs9xAkJaLIn+buB/1R0c q334jOw0WIK62tCRlAd+dj0Qk96A8JwkKzID903wIGVrfOqbNVo9bvXhCWKgkADb WEKtwhaZ5/NzjQv5ilMEEl0EDp4aa8h5K6TxF2i8TK9v5u1qleYRLfbRTKG6MlTe KWqfcutx1/axjco1FRwRa6gW820xAizX8bK+4yF0ies5i3tQQr6wsdfpuPZfuQV+ GZ4zniesjN/TzRR0yFMvDpJQ7movzbk4iSssiFwVLIEDpU0Dn5KeFjJe98n5q408 ZnC46FL9LrgMVz2eKMOZVB8O2V4CcJqqkhN5kT8Gfh+83Si3uVySX2A19O2QDx3o V60BgexIK9MjWsCKCPttVp1YpEBR7yqSClT4dohYq+MeQCOb5SflNMlelE0xWRT3 GxmRlELjwJuz/jtP8/Gdu8XZFMfTJfmz0aJUlms5HJG/iaYO9EMARVZlVfaDENqY codLC5T+AuyAyBdpronEiqZuqaQ5mgQxOz4VyHWwdneXuCUw9iDzrHIAGF8A9ur8 OcxpWVOu/GqkRMMQbaMQvHvTm/ZISgO3Av3+agBQZEUoctrFypU=X9rp
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)