Re: base-passwd marked as Essential: yes but other packages depend on it being configured.
On Sun, Feb 21, 2021 at 05:22:19PM +0000, Tim Woodall wrote:
> base-passwd is marked as Essential: yes
>
> However, it actually creates the initial passwd and group files in the preinst
> script.
>
> At least two other packages depend on this initial passwd file but do
> not explicitly state a dependency on this package (because it's marked
> essential)
I think the analysis you're working on here is a subset of that in
https://bugs.debian.org/924401, so I'd suggest reading over that
carefully before going any further. It has a good deal of interesting
discussion.
> debootstrap appears to work around this missing dependency by having an
> explicit ordering of the configuration of the first few packages, in
> particular it configures base-passwd first of all and then base-files,
> even though base-files has a Pre-Depends on awk (and debootstrap has to
> manually install the symlink for awk)
To date it has always been the case that bootstrapping a system requires
careful ordering, yes. Any given possible improvement to that process
may or may not turn out to be worth it; adding more declarative metadata
is often good, it's true, but to some extent the system of essential
packages exists because it tends not to be either practical or useful to
carefully annotate everything that depends on the absolute core of a
working system existing.
> I think that passwd and base-files at least should have an explicit
> dependency on base-password and, once that is in place any any other
> places identified, the Essential: yes flag on base-password should be
> removed.
What specific problem would be fixed by removing base-passwd's Essential
flag? I can't see how it would make anything better to do that; as the
base-passwd maintainer I would oppose such a change without a very
strong practical justification.
That is: let's have a solution-neutral problem statement here.
> (I cannot see a way to make base-passwd really Essential: yes other than
> bizarre ideas like making /etc/passwd a conffile - which would then
> trigger annoying warnings on upgrade and "installing the package
> maintainers version" would break systems!)
Policy's description of how essential packages work has never really
fully extended to the bootstrapping case; in practice, essential
packages must currently have been configured at least once before the
guarantees in Policy about functioning even while unconfigured truly
hold for them. (Section 6.5 almost says this, although the wording is
not completely clear. This is still a very useful guarantee for
upgrades.)
There are a couple of possibilities, both suggested in the bug report I
mentioned above): clarify Policy to weaken its guarantees to document
what's currently true in practice, or extend dpkg's unpack phase to
support something like specifying a file's initial contents in the event
that it doesn't exist without making it a full conffile. My own view
is: we should clarify Policy now to match current reality, and it can
always be strengthened later if people manage to get a more declarative
approach working well. I think this is in line with the last few
substantive messages in the bug report above.
--
Colin Watson (he/him) [cjwatson@debian.org]
Reply to: