Bug#929667: debian-installer doesn't install Recommends of linux-image-*

To: 929667@bugs.debian.org, Patrick <patrick.kuijvenhoven@gmail.com>
Subject: Bug#929667: debian-installer doesn't install Recommends of linux-image-*
From: Ben Hutchings <ben@decadent.org.uk>
Date: Sun, 30 Jun 2019 14:12:02 +0100
Message-id: <[🔎] 6cd23339da8f9a38fa10ba4f6d76767d1941fc5b.camel@decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 929667@bugs.debian.org
In-reply-to: <acccd7c2b8b6d7eb7e3950c27d40325da570901c.camel@decadent.org.uk>
References: <CAJPOrZoioWTU=dALxmqghtnPiEiQ=TYKC0SmJ=5tJz5+tZtJsw@mail.gmail.com> <CAJPOrZoioWTU=dALxmqghtnPiEiQ=TYKC0SmJ=5tJz5+tZtJsw@mail.gmail.com> <acccd7c2b8b6d7eb7e3950c27d40325da570901c.camel@decadent.org.uk> <CAJPOrZoioWTU=dALxmqghtnPiEiQ=TYKC0SmJ=5tJz5+tZtJsw@mail.gmail.com>

On Tue, 2019-05-28 at 17:08 +0100, Ben Hutchings wrote:
> Control: tag -1 serious
> 
> On Tue, 2019-05-28 at 10:16 +0200, Patrick wrote:
> > Package: debian-installer
> > Version: 20190410
> > 
> > debian-installer doesn't install the Recommends of "linux-image-*".
> > Apparently, this is by design since [1].
> > 
> > The effects are:
> > 1) For "buster", a clean install doesn't include "apparmor" and
> > "firmware-linux-free" (both are Recommends for "linux-image-*"). This
> > is curious, because [2] suggests "apparmor" is enabled by default,
> > while it actually isn't.
> > 2) A future kernel upgrade initiated by "apt" _WILL_ install the
> > "Recommends", causing "apparmor" and "firmware-linux-free" to be
> > installed at that stage.
> 
> There has (effectively) been a change in APT's behaviour since that
> earlier commit.  "apt-get upgrade" does not install new packages unless
> you use the --with-new-pkgs option.  However, the newer "apt upgrade"
> command does install new dependencies and recommendations.
> 
> Because security upgrades sometimes introduce ABI changes and new
> binary packages, we now recommend use of either
> "apt-get upgrade --with-new-pkgs" or "apt upgrade" for all upgrades,
> and since last year the installer uses the former.
> 
> > I think these effects are undesired. I'd suggest to use
> > "APT::Install-Recommends true" when installing the linux image.
> 
> I agree that it's a serious problem that AppArmor may only be properly
> enabled later, and I'm upgrading the severity accordingly.
> 
> I think that for at least the kernel installation,
> APT::Install-Recommends should be set to the same value it will have in
> the installed system, i.e. dependent on base-installer/install-
> recommends.
> 
> However, I think we should revert this commit entirely.  The current
> default behaviour is that *any* security update or other stable update
> will cause the installation of its recommendations where they weren't
> installed before, and that is likely to be quite surprising.

I think the revert will have to be deferred to at least a point
release.  As I understand it, we no longer want exim4 to be included in
a standard install.  Currently cron, mdadm, and poularity-contest
recommend exim4 or default-mta, and those recommendations would need to
be removed first.

For 10.0 now I will try to do the minimal fix for kernel installation.

Ben.

-- 
Ben Hutchings
Humour is the best antidote to reality.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Prev by Date: Re: Bug#930856: autopkgtest-build-qemu: captures something from host
Next by Date: Processed: cloning 929667, retitle -1 to base-installer doesn't install Recommends for most packages
Previous by thread: Bug#929667: debian-installer doesn't install Recommends of linux-image-*
Next by thread: Bug#923675: marked as done (debian-installer: consider using haveged to gather entropy)
Index(es):
- Date
- Thread