Re: System-critical package management
> Debian supports XB- tags in control files that are preserved after installation.
I am not familiar with these, where can I find out more about them?
> What is mission critical would be vary depending on the system .. it would be inappropriate for an upstream package to try to decide if it was mission critical or not.
The suggestion is that packages would be marked as system-critical by superuser or processes operating under superuser, for example via config file - not the packages themself. Therefore a desktop Debian distribution might automatically configure the display manager to be a system-critical package, but a server distribution might not.
- Peter Warrington
From: "Weatherby,Gerard" <gweatherby@uchc.edu>
Date: Wednesday, 6 September 2023 at 20:45
To: Peter Warrington <sothisispeter@gmail.com>, "debian-dpkg@lists.debian.org" <debian-dpkg@lists.debian.org>
Subject: Re: System-critical package management
We use Debian packages to manage our own software (out of a private, non-compliant repository).
Debian supports XB- tags in control files that are preserved after installation. We use these for multiple reasons. There is nothing stopping a distribution (e.g., Ubuntu) from tagging their packages if they wish.
What is mission critical would be vary depending on the system – is networking critical? I boot virtual machines without networking sometimes – I can access the console via the hypervisor. So it would be inappropriate for an upstream package to try to decide if it was mission critical or not.
From: Peter Warrington <sothisispeter@gmail.com>
Date: Wednesday, September 6, 2023 at 3:03 PM
To: debian-dpkg@lists.debian.org <debian-dpkg@lists.debian.org>
Subject: System-critical package management
*** Attention: This is an external email. Use caution responding, opening attachments or clicking on links. ***
The lack of any system of recognition for packages that are critical to system operation impedes the reliability of Debian-based systems. For example, a reboot during a background package upgrade process on critical system packages unbeknownst to the user may result in the system unable to boot as expected, with little readily-available feedback to the user as to the cause.
Other operating systems like Windows and MacOS manage this by updating system-critical components separately from user-land during shutdown, while clearly giving user-feedback that critical updates are taking place, and that for example the system should not be turned off.
The way in which DPKG deals with packages is preferable in many ways as upgrades are almost entirely made in standard user-land, and is largely transparent (for example, an upgrade will not automatically begin during shutdown without any indication to user that this will take place). It also of course means that Debian systems are highly configurable.
A potential middle-ground solution to this is to allow packages to be marked as "system-critical" to DPKG by external system components - for example a standard desktop Ubuntu system might mark the Gnome Display Manager, Networking drivers, and others in this way during installation. These system-critical packages could then be protected by DPKG in the following ways:
- They are automatically reverted to a known good state on upgrade failure (e.g. previous version)
- They cannot be removed without being unmarked as "system-critical"
- The system could check during every shutdown that system-critical packages are in a consistent state, reverting to a known good state if not
I am interested in knowing the communities' thoughts on this, and if these ideas have any merit to them.
- Peter Warrington
Reply to: