Snapcraft

debconf prompts not supressed for build-packages

Bug #1821313 reported by Evan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snapcraft
Fix Released
Undecided
Unassigned

Bug Description

$ snapcraft --version
snapcraft, version 3.0.1

```
build-packages:
      - wireshark
```

$ SNAPCRAFT_BUILD_ENVIRONMENT_CHANNEL_SNAPCRAFT=latest/edge snapcraft --shell-after
Launching a VM.
Launched: snapcraft-wireshark
2019-03-22T10:27:56Z INFO Waiting for restart...
core 16-2.37.4 from Canonical✓ installed
Channel latest/stable for core is closed; temporarily forwarding to stable.
SNAPCRAFT_BUILD_ENVIRONMENT_CHANNEL_SNAPCRAFT is set: installing snapcraft from latest/edge
snapcraft (edge) 3.2+git16.g841b41f from Canonical✓ installed
Channel latest/edge for snapcraft is closed; temporarily forwarding to edge.
core18 18 from Canonical✓ installed
Channel latest/stable for core18 is closed; temporarily forwarding to stable.
Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]

Setting up wireshark-common (2.6.6-1~ubuntu18.04.0) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)
debconf: falling back to frontend: Readline
Configuring wireshark-common
----------------------------

Dumpcap can be installed in a way that allows members of
the "wireshark" system group to capture packets. This is
recommended over the alternative of running
Wireshark/Tshark directly as root, because less of the
code will run with elevated privileges.

For more detailed information please see
/usr/share/doc/wireshark-common/README.Debian.

Enabling this feature may be a security risk, so it is
disabled by default. If in doubt, it is suggested to leave
it disabled.

Should non-superusers be able to capture packets? [yes/no]
Progress: [ 94%] [##################################...]

See original description
Evan (ev)
description: updated
Revision history for this message
Evan (ev) wrote :

Wireshark's use of debconf is standard:

$ cat wireshark-common.config
#! /bin/sh

set -e

. /usr/share/debconf/confmodule

db_input high wireshark-common/install-setuid || true
db_go

exit 0

$ grep wireshark-common/install-setuid templates -A7
Template: wireshark-common/install-setuid
Type: boolean
Default: false
_Description: Should non-superusers be able to capture packets?
 Dumpcap can be installed in a way that allows members of the "wireshark"
 system group to capture packets. This is recommended over the
 alternative of running Wireshark/Tshark directly as root, because
 less of the code will run with elevated privileges.

Revision history for this message
Evan (ev) wrote :

As just discussed on "Unbreakable Snapcraft", we should neuter debconf so we never get prompts, regardless of whether the scripts respect DEBIAN_FRONTEND=noninteractive. One approach would be to replace /usr/share/debconf/confmodule with shell code that for any called function returns 0.

Changed in snapcraft:
status: New → Confirmed
Revision history for this message
Adam Conrad (adconrad) wrote :

Neutering Debconf is a bit heavy-handed, and has literally never been necessary on Debian or Ubuntu buildds, so I'm not sure why Snapcraft would be special here. On buildd chroots, we set debconf to priority=critical and frontend=noninteractive, and I don't recall ever having an issue with that in the last decade or two.

(The obvious downside of neutering is if debconf is used to configure one of your build-dependencies and shorting out that configure step means that your build-dep isn't actually installed correctly)

Revision history for this message
Sergio Schvezov (sergiusens) wrote :

https://github.com/snapcore/snapcraft/pull/2600

Changed in snapcraft:
status: Confirmed → In Progress
Sergio Schvezov (sergiusens)
Changed in snapcraft:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.