On 2022-09-28 5:30 PM, Ansgar wrote:
On Wed, 2022-09-28 at 16:40 -0400, Zack Weinberg wrote:
"Available and usable at all times" is orthogonal to "maintainer scripts
do not render the system unbootable". As I read things, *all* packages
bear the responsibility of not rendering the system unbootable.
No, it's a significantly weaker requirement than what you want to
impose. If it is not available and usable at all time, it can clearly
render the system unbootable (by not being available or usable at
boot).
The vast majority of Debian packages provide programs, libraries, etc.
that are not used at all during the boot process. Therefore, *even if*
those packages are currently unusable, due to a crash in the middle of
an upgrade that left them unpacked-but-not-configured, or whatever, they
can't prevent the system from coming up at least as far as the point
where it's possible to get a root shell and run `dpkg -a --configure`.
The small subset of packages that *are* used at boot time, do need to
take extra care to keep working even if they are unpacked but not
configured, and that subset and that extra requirement is codified as
the rules for (transitively) Essential packages.
But *all* packages must take particular care *in their maintainer
scripts* to not render the system unbootable, because maintainer scripts
are all run with full root privileges, at a time when the system is in a
partially ill-defined state (since it is in the process of being
upgraded -- this is why we have the "postinst scripts can't assume any
non-Essential functionality works" rule), and yet it could still be in
active use (there has never been a requirement to take the system to
single-user mode before running 'apt-get upgrade').
But most packages don't *do* anything in their maintainer scripts that
has any serious *risk* of rendering the system unbootable, and therefore
we don't have to worry about them. The subset of packages that do
dangerous things in their maintainer scripts *overlaps* the set of
Essential packages, but there are members of each set that are not
members of the other.
There is also a set of packages where it's the *installed software* that
might have bugs that render the system unbootable, such as
implementations of fsck for particular filesystems.
Do you understand the distinctions I am making? If you don't, please
explain what doesn't make sense about what I just said, because I don't
think we're going to get any further with this discussion until you do.
One of the several documented
justifications for that severity is "potentially renders the system
unbootable". I see nothing anywhere that limits the scope of that
justification to essential packages, or to any other subset of the archive.
I tried searching for that justification and a major internet search
provider just says 'Your search - "potentially renders the system
unbootable" - did not match any documents.'
https://www.debian.org/Bugs/Developer#severities
The official wording appears to be "makes unrelated software on the
system (or the entire system) break". I hope you will agree that a
system that doesn't boot is entirely broken.
https://salsa.debian.org/reportbug-team/reportbug/-/blob/master/reportbug/debbugs.py#L79
is where I got the "unbootable" phrasing.
zw
