summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/Cmd.hs3
-rw-r--r--src/Propellor/Property/Gpg.hs6
3 files changed, 7 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog
index 4545bcd1..acfbc895 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ propellor (5.3.0) UNRELEASED; urgency=medium
* Added rawPartition to PartSpec, for specifying partitions with no
filesystem.
* Added BiosGrubFlag to PartFlag.
+ * Run su with --login, to avoid inheriting some problematic environment
+ variables, such as TMP, from the caller.
-- Joey Hess <id@joeyh.name> Tue, 02 Jan 2018 13:06:45 -0400
diff --git a/src/Propellor/Property/Cmd.hs b/src/Propellor/Property/Cmd.hs
index f2de1a27..fbe112cc 100644
--- a/src/Propellor/Property/Cmd.hs
+++ b/src/Propellor/Property/Cmd.hs
@@ -94,6 +94,7 @@ scriptProperty script = cmdProperty "sh" ["-c", shellcmd]
-- | A property that can satisfied by running a script
-- as user (cd'd to their home directory).
userScriptProperty :: User -> Script -> UncheckedProperty UnixLike
-userScriptProperty (User user) script = cmdProperty "su" ["--shell", "/bin/sh", "-c", shellcmd, user]
+userScriptProperty (User user) script = cmdProperty "su"
+ ["--login", "--shell", "/bin/sh", "-c", shellcmd, user]
where
shellcmd = intercalate " ; " ("set -e" : "cd" : script)
diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs
index 27baa4ba..ac057b2e 100644
--- a/src/Propellor/Property/Gpg.hs
+++ b/src/Propellor/Property/Gpg.hs
@@ -33,7 +33,7 @@ keyImported key@(GpgKeyId keyid) user@(User u) = prop
ifM (liftIO $ hasGpgKey (parse keylines))
( return NoChange
, makeChange $ withHandle StdinHandle createProcessSuccess
- (proc "su" ["-c", "gpg --import", u]) $ \h -> do
+ (proc "su" ["--login", "-c", "gpg --import", u]) $ \h -> do
hPutStr h (unlines keylines)
hClose h
)
@@ -49,11 +49,11 @@ keyImported key@(GpgKeyId keyid) user@(User u) = prop
hasPrivKey :: GpgKeyId -> User -> IO Bool
hasPrivKey (GpgKeyId keyid) (User u) = catchBoolIO $
- snd <$> processTranscript "su" ["-c", "gpg --list-secret-keys " ++ shellEscape keyid, u] Nothing
+ snd <$> processTranscript "su" ["--login", "-c", "gpg --list-secret-keys " ++ shellEscape keyid, u] Nothing
hasPubKey :: GpgKeyId -> User -> IO Bool
hasPubKey (GpgKeyId keyid) (User u) = catchBoolIO $
- snd <$> processTranscript "su" ["-c", "gpg --list-public-keys " ++ shellEscape keyid, u] Nothing
+ snd <$> processTranscript "su" ["--login", "-c", "gpg --list-public-keys " ++ shellEscape keyid, u] Nothing
dotDir :: User -> IO FilePath
dotDir (User u) = do