Re: PackageKit cleanup: Do you use these functions?
On 12/09/14 12:43, Matthias Klumpp wrote:
> Now, if the user reboots, the system enters a special mode where
> updates are installed using PK (progress is shown on Plymouth), then
> it reboots again and enters the desktop.
I've done some work on a similar feature for unattended-upgrades
<https://bugs.debian.org/741356>, which hasn't been merged by the
maintainer yet, but is used in SteamOS. The major design difference
there is that the upgrade is carried out during shutdown instead of
having to boot into a special mode, so you don't have to reboot twice.
We did consider applying upgrades during startup, but then you have to
worry about whether all the necessary things got restarted afterwards
(which is impossible for e.g. the kernel in any case); if you do it
during shutdown, everything is about to be terminated anyway, so it
doesn't matter whether processes with old libraries mapped are still
hanging around.
FWIW, we never considered *not* rebooting for upgrades - if it works,
great, but working out all the corner cases, and diagnosing new ones
when they happen, just didn't seem an efficient use of anyone's time.
> Now, in case an offline-update was prepared and the user does an
> online-update, the "reboot & install updates" sign will simply vanish,
> and everything will behave like it always did.
> This feature is meant for unexperienced users, so, as Steve pointed
> out, it would have to be default - but even if it was, it would be
> pretty non-invasive.
I think this is a significant point. The sort of people who read
debian-devel are the sort of people who can assess the severity of a
security flaw on a scale from "drop everything and fix it now" to "apply
eventually"; interpret checkrestart output; restart the necessary
things; and recognise the symptoms of an online update to an application
that cannot actually cope with online updates (and file bugs where
appropriate).
However, those people are not Debian's only audience. If I tried to
explain all that to my parents, they'd never apply security updates.
"When your computer says it has downloaded security updates, reboot next
time it's convenient" is far easier to explain - it might sometimes be
overkill, but doing too much is better than not doing enough.
> Also,
> if e.g. a bug in a shared library gets fixed which is used by many
> programs, you would have to re-execute quite a lot of stuff.
As much as I want to agree with the general philosophy that in an ideal
world every piece of software would support re-exec'ing itself, we do
not live in that ideal world. In an ideal world libraries wouldn't break
ABI either, but they do; in an ideal world libraries and applications
wouldn't have security flaws that need stable-updates, but they do. As
much as I'd like people to implement all the subtleties of re-exec'ing
from an arbitrary older version, it doesn't seem realistic to expect it
to happen (and when it does, it'll be wrong - because as a first
approximation, code that you don't test doesn't work, and upgrading from
version < X to version >= X is the sort of thing you only do once or
infrequently).
When a significant or "core" enough bug has been fixed (e.g. Heartbleed,
or a libc flaw), I would personally advocate ignoring checkrestart and
friends, and rebooting anyway, even on a server: there is value in
knowing for sure that everything that needs restarting has definitely
been restarted, and whatever tool you used to find the necessary things
to restart didn't miss any. "Obviously correct" is better than
"reasonably sure to be correct".
S
Reply to: