[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: adding pre-depends to libpam-modules for lenny

On Sun, 28 Dec 2008, Steve Langasek wrote:
> Therefore I think it's neither necessary nor appropriate for libpam-modules
> to avoid a pre-dependency on debconf.
> Is it ok to make libpam-modules Pre-Depends: debconf (>= 0.5) | debconf-2.0
> for lenny?

I think so. We already have many predependencies on debconf so this is not
going to change much. 

I wonder however if the fact that you would not restart the service at the
same point in time might have an impact. 

> Also, once that change is made, it might be appropriate to also move the
> current service restart handling from the libpam0g postinst to the
> libpam-modules preinst.  The reason to do this is that libpam0g is not the
> only library used by libpam-modules that could cause symbol skew for a
> running service (the same problem has been reported in Ubuntu with
> versioned symbols from glibc), so although not relevant for etch->lenny
> (because the lenny libpam0g depends on the lenny libc6), in the general
> case it's possible the libpam0g postinst is too early to restart services to
> ensure they're usable afterwards with the new libpam-modules.
> So is it ok to also make libpam-modules Pre-Depends: ${shlibs:Depends} for
> lenny?  For reference, the current shlibs (on i386) are:
>   libc6 (>= 2.7-1), libdb4.6, libpam0g (>=, libselinux1 (>= 2.0.59)

Pre-depends has been created for critical part of the system that we can't
afford to leave even temporarily in a broken state, and IMO pam perfectly
fits this if it's required.

And from the analysis done, it looks like so. The simple Depends doesn't
ensure that the required libs are unpacked when the services are restarted
in the preinst and the Pre-Depends fixes that.

> Again, these are all already transitively essential, so the main concern is
> whether further restricting the unpack order will cause any dependency
> loops, which I don't believe it will.

But an etch-lenny upgrade test wouldn't hurt. :)

Raphaël Hertzog

Le best-seller français mis à jour pour Debian Etch :

Reply to: