On Fri, Nov 20, 2020 at 09:35:42AM +0100, Ansgar wrote:
> I would like to propose to plan to move to support merged-usr-only over
> the following releases. The motivation is bugs like [1] where upstream
> developers just use `/usr/bin/rm` (or other binaries, or user scripts
> using /usr/bin/bash, or ...) unconditionally; this was already a
> motivation to adopt merged-/usr as a default for me.
>
> As far as I know nothing broke catastrophically over the last releases
> with merged-/usr.
Unless you look at dpkg or attempts at speeding up bootstrap.
See https://salsa.debian.org/glibc-team/glibc/-/commit/49d137c4392cb1144f2313f78f31466aaa169b75
for an example.
As far as I know, dpkg maintainers consider usrmerge to be unsupported,
and trying to make my own NIH deb installer I see why.
Some more information:
https://wiki.debian.org/Teams/Dpkg/MergedUsr
A script to recover from usrmerge:
https://www.hadrons.org/~guillem/tmp/unmessusr.pl
> So a possible idea would be to:
>
> - For Debian 12 (bookworm): make it mandatory to migrate old systems to
> merged-/usr on upgrade. Possibly by allowing the existing usrmerge
> program to run from the initramfs.
Counterproposal: replace debootstrap with mmdebstrap, which is many times
faster -- and doesn't support usrmerge at all, or at least disable usrmerge
in debootstrap in default.
(My zdebootstrap is mostly vapourware yet, alas.)
> - For Debian 13 (trixie): packages should no longer install to /bin,
> /sbin, /lib, but to the respective locations under /usr.
Moving stuff with no mandated path is a good idea, yes. Alas, it's been
massively complicated by usrmerge being a thing, and thus you can't just
ship the file in a new location as you risk a path conflict.
My implementation uses libarchive which flat-out refuses to unpack over a
symlink, for multiple reasons that this conflict is just one of. [2]
So let's make it so a canonical path to a file never includes a directory
symlink; if you insist on /usr/bin/rm then /bin/rm should be
/bin/{rm->/usr/bin/rm} not /{bin->usr/bin}/rm
> [1]: https://bugs.debian.org/973853
That's a piece of software for which upstream is Red Hat. The number of
people developing on RPM distros is rapidly falling, so this is less and
less of an issue.
Meow!
[2]. Some of the issues are mentioned in
https://www.gnu.org/software/tar/manual/html_node/Live-untrusted-data.html
-- generally, until a very recent kernel there's no mechanism to unpack
over a symlink securely even if you try hard, GNU tar and possibly dpkg
don't try at all.
--
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven giant trumpets are playing in the
⠈⠳⣄⠀⠀⠀⠀ sky. Your cat demands food. The priority should be obvious...