From edmonds at debian.org  Mon Jul 25 00:45:15 2016
From: edmonds at debian.org (Robert Edmonds)
Date: Sun, 24 Jul 2016 20:45:15 -0400
Subject: [Resolvconf-devel] Bug#832394: Broken $PATH is propagated to hook
	scripts
Message-ID: <20160725004515.GA2400@mycre.ws>

Package: resolvconf
Version: 1.79
Severity: important

The /sbin/resolvconf script resets the PATH environment variable to
"/sbin:/bin" before running update scripts. This breaks at least the
postfix package's update-libc.d script:

    ==> /etc/resolvconf/update-libc.d/postfix <==
    #!/bin/sh -e

    # we only need to copy this in if the service is already running.
    # if it's not running, it'll get picked up by the init script on start.
    service postfix status >/dev/null 2>&1 || exit 0

    QUEUEDIR="$(/usr/sbin/postconf -h queue_directory 2>/dev/null || true)"
    if [ -n "$QUEUEDIR" ]; then
        cp /etc/resolv.conf ${QUEUEDIR}/etc/resolv.conf
        service postfix reload >/dev/null 2>&1 || exit 0
    fi

    exit 0

The 'service' command is located in /usr/sbin, so it isn't found when
the update-libc.d script runs under resolvconf. The script silently
exits instead without executing its update of the postfix chroot's copy
of /etc/resolv.conf.

On an up-to-date sid system with unbound 1.5.9-1, postfix 3.1.0-4, and
resolvconf 1.79, I get the following resolv.conf file contents after
booting the system:

    root at unbound:~# head -9999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf 
    ==> /etc/resolv.conf <==
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 127.0.0.1

    ==> /var/spool/postfix/etc/resolv.conf <==
    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    root at unbound:~# 

-- 
Robert Edmonds
edmonds at debian.org