Ubuntu
dpkg package

[Possible bug] dpkg-XXX (where XXX is name) does not read env variables

Bug #1926504 reported by Michal Dziczkowski
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dpkg (Ubuntu)
New
Undecided
Unassigned

Bug Description

The reported problem (who exist in the most versions of Ubuntu and Debian) apply to the tools, who's name begin with "dpkg-". I'll give the problem description, basing on the example of "dpkg-buildflags".

After running the dpkg-buildflags command with a propper parameter, in the terminal is displayed a list of compiler, linker, etc. flags, who differ themself from the ones with are set in the enviroment and with I wanted to use (instead of the displayed ones).

The problem that the enviroment aren't read in any way thru this programs and use only the "build-in" ones, with is a quite serrios issue because it may create vulnerabilities in the created archives or even software.

Tags: bot-comment
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1926504/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug report, what environment variable do you set that aren't respected?

affects: ubuntu → dpkg (Ubuntu)
Changed in dpkg (Ubuntu):
status: New → Incomplete
Michal Dziczkowski (mdziczkowski)
Changed in dpkg (Ubuntu):
status: Incomplete → New
Revision history for this message
Michal Dziczkowski (mdziczkowski) wrote :

There are meant all the developer related flags with are listed when running the dpkg-buildflags with given the parameter to list them (for example CPPFLAGS).

I have other parameters set in enviroment for them (according to getting the best required result of compilation) and when attempting to build a deb archive, it's beeing build with the ones from the mentioned in above program, with creates a trash in form of debug files (and related), with is by some applications a "bad thing to have" because it can create a vulnerabilities (especially it it's a security related software)

Revision history for this message
Michal Dziczkowski (mdziczkowski) wrote :

sorry for typo. It should be: "especially if it's a security related software"

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.