[Apt-listbugs-commits] [SCM] apt-listbugs development tree branch, master, updated. apt-listbugs/0.1.6-6-g4e77151
Francesco Poli (wintermute)
invernomuto at paranoici.org
Sat May 5 16:58:48 UTC 2012
The following commit has been merged in the master branch:
commit 4e77151495e67094b17bf2b11ebc4d2337c691ea
Author: Francesco Poli (wintermute) <invernomuto at paranoici.org>
Date: Sat May 5 18:42:26 2012 +0200
work around the crash in su -c (Closes: #662983)
Until a more radical fix can be implemented (probably by having
apt-get, aptitude and other compatible package managers to change
the way hook information is sent to invoked commands), this
bug is worked around by preventing apt-listbugs from crashing, when
it cannot open /dev/tty: it now detects this situation, warns the
user, and switches to non-interactive failure mode.
The reason why is explained in an appropriate README.Debian section.
diff --git a/apt-listbugs b/apt-listbugs
index 58d67cb..f48e878 100755
--- a/apt-listbugs
+++ b/apt-listbugs
@@ -4,7 +4,7 @@
#
# Copyright (C) 2002 Masato Taruishi <taru at debian.org>
# Copyright (C) 2006-2008 Junichi Uekawa <dancer at debian.org>
-# Copyright (C) 2008-2011 Francesco Poli <invernomuto at paranoici.org>
+# Copyright (C) 2008-2012 Francesco Poli <invernomuto at paranoici.org>
# Copyright (C) 2009 Ryan Niebur <ryan at debian.org>
#
# This program is free software; you can redistribute it and/or modify
@@ -99,7 +99,7 @@ apt-listbugs [-h] [-v] [-s <severities>] [-T <tags>] [-S <stats>] [-B <bug#>] [-
* -q | --quiet
Don't display progress bar. This option is assumed if stdout is not a
- terminal.
+ terminal or if /dev/tty cannot be opened.
* -C <apt.conf> | --aptconf <apt.conf>
@@ -112,7 +112,7 @@ apt-listbugs [-h] [-v] [-s <severities>] [-T <tags>] [-S <stats>] [-B <bug#>] [-
* -n | --force-no
Assumes that you select no for all questions. This option is
- assumed if stdout is not a terminal.
+ assumed if stdout is not a terminal or if /dev/tty cannot be opened.
* -d | --debug
diff --git a/debian/README.Debian b/debian/README.Debian
index 01156d1..62eb955 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -39,9 +39,6 @@ Notes
This version of 'apt-listbugs' uses the Debian BTS SOAP interface for
bug retrieval.
-'apt-listbugs' requires a console for user interaction. It will
-default to non-interactive failure mode, if tty is not available.
-
'apt-listbugs' has a simple built-in interactive viewer. It uses
querybts program as a back-end. To enable this feature, you need to
install the 'reportbug' package. In addition, you can select broken
@@ -56,6 +53,41 @@ If you install www-browser, you can view bug lists in HTML.
sensible-browser from the 'sensible-utils' package is also available.
+Need for a controlling terminal (/dev/tty)
+==========================================
+
+'apt-listbugs' requires a controlling terminal for user interaction.
+It will default to non-interactive failure mode, if its standard output
+is not a tty.
+
+It will also switch to non-interactive failure mode, if it cannot open
+/dev/tty .
+This may happen when 'apt-listbugs' is (directly or indirectly) invoked
+inside an su -c "command" : commands invoked this way will have no
+controlling terminal, because of a security fix applied to package
+login from version 1:4.1.5-1 on (see bug #628843). Hence, if you want
+to use 'apt-listbugs' interactively, please do *not* invoke it (or the
+package manager that will invoke it) through the su -c "command"
+mechanism.
+
+Also, please note that some package managers (such as aptitude, wajig,
+and possibly other ones), when run as a regular user, tend to gain root
+privileges through the su -c "command" mechanism, for the actions that
+need these privileges.
+Hence, if you want to use 'apt-listbugs' interactively, please become root
+*before* invoking the package manager, as in:
+
+ $ su -
+ Password:
+ # aptitude
+
+rather than:
+
+ $ aptitude
+
+See bug #662983 for more details on this issue.
+
+
Current Design Limitation
=========================
diff --git a/debian/changelog b/debian/changelog
index 2ba5735..d33bf2e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,8 +14,11 @@ apt-listbugs (0.1.7) UNRELEASED; urgency=low
* worked around "'W: Failed to invoke browser.' when run under sudo":
when invoking a browser, do not switch to another user, not even
when apt-listbugs is run under sudo (Closes: #662865)
+ * worked around "When called by aptitude, apt-listbugs crash and precludes
+ the package upgrade": switch to non-interactive failure mode, if /dev/tty
+ cannot be opened; explain why in README.Debian (Closes: #662983)
- -- Francesco Poli (wintermute) <invernomuto at paranoici.org> Mon, 09 Apr 2012 18:03:33 +0200
+ -- Francesco Poli (wintermute) <invernomuto at paranoici.org> Tue, 01 May 2012 23:46:09 +0200
apt-listbugs (0.1.6) unstable; urgency=low
diff --git a/lib/apt-listbugs/logic.rb b/lib/apt-listbugs/logic.rb
index 4dd0e9a..d77b8c8 100644
--- a/lib/apt-listbugs/logic.rb
+++ b/lib/apt-listbugs/logic.rb
@@ -174,6 +174,15 @@ class AppConfig
@yes = false if @yes.nil?
end
+ begin
+ test_tty = File.open("/dev/tty")
+ test_tty.close if test_tty
+ rescue
+ $stderr.puts _("W: cannot open /dev/tty: running inside su -c \"command\"? switching to non-interactive mode, please see README.Debian.")
+ @quiet = true
+ @yes = false if @yes.nil?
+ end
+
@title = "Debian Bugs (#{@severity.join(', ')})" if ! @title
# http_proxy sanity check
--
apt-listbugs development tree
More information about the Apt-listbugs-commits
mailing list