Hello again, this is a wonderful case where rubberduck-debugging might have made sense. Right after submitting this mail I found the error.
The webserver that runs the install script has a systemd unit with ProtectSystem=full set. This prevents writes to /usr even though its not specifically read only. Since with sudo its a subprocess of the parent this restriction also applies to the install script. Sorry for the spam, I hope this entry might help future people with a similar problem, Felix On 26/03/2017 17:46, Felix Winterhalter wrote: > Hello, > > for various reasons I am currently writing a script to install packages > by calling dpkg -i package.deb. > > This mechanism has worked fine for a while. Now I need to call said > script using sudo noninteractively from a webserver. > > This leads me to my error: > > Mar 26 11:36:42 debbuilder package-updater[32246]: (Reading database ... > 124404 files and directories currently installed.) > Mar 26 11:36:42 debbuilder package-updater[32246]: Preparing to unpack > .../package_0.2_all.deb ... > Mar 26 11:36:42 debbuilder package-updater[32246]: Unpacking package > (0.2) over (0.2) ... > Mar 26 11:36:42 debbuilder package-updater[32246]: dpkg: error > processing archive /tmp/package-update-unpack/unpack/package_0.2_all.deb > (--install): > Mar 26 11:36:42 debbuilder package-updater[32246]: unable to clean up > mess surrounding `./usr/share/doc/package' before installing another > version: Read-only file system > Mar 26 11:36:42 debbuilder package-updater[32246]: Errors were > encountered while processing: > Mar 26 11:36:42 debbuilder package-updater[32246]: > /tmp/package-update-unpack/unpack/package_0.2_all.deb > > Neither /tmp nor /usr is non writeable. > > Calling the package install script manually via sudo from a normal user > runs everything as normal without any error. So the package itself is > not a problem ( apparently ). > > I've been trying to find the source of this error since a couple of > hours now. I haven't been able to make any real progress and was > wondering whether anyone here would have an idea whats going wrong. > > This error is happening on two independent debian systems. > > / is mounted > > /dev/sda1 on / type ext4 (rw,relatime,data=ordered) > > tmp is a normal folder not another mountpoint > > The packages are uploaded via a python webserver. However the package > integrity is checked before applying the install. The packages > themselves are intact. > > Best regards, > Felix >