Package: debian-policy Severity: wishlist First, some context: bash is an Essential: yes package, and recently it was changed so that /bin/sh was only there after the postinst was run. This works fine for apt, but breaks just about every other dselect method in existence. The following is Joel Klecker's message to -devel on the topic from the other day: ----- Forwarded message from Joel Klecker <jk@espy.org> ----- Date: Sat, 20 Nov 1999 14:07:26 -0800 To: Matthias Klose <doko@cs.tu-berlin.de>, debian-devel@lists.debian.org From: Joel Klecker <jk@espy.org> Subject: Re: experimental bash-2.03 and readline-4.0 packages for potato Cc: submit@bugs.debian.org Package: bash Severity: critical At 19:45 +0100 1999-11-20, Matthias Klose wrote: >I have put together packages for bash-2.03 and readline-4.0. You find >them at http://master.debian.org/~doko/bash-rl. Many bugs are fixed. >Please see the changelogs. A still open issue is a working slink >update. There's a serious issue with /bin/sh that needs to be addressed. Some NMU completely destroyed bash's Essential status[1] by handling the /bin/sh symlink outside of dpkg's control. The /bin/sh crap needs to be removed from the maintainer scripts and the binary package needs to contain the /bin/sh symlink again. This is a critical bug. >Current status: > - libreadlineg2 contains /etc/inputrc > - bash-2.02 is statically linked to libreadlineg2 > >Assume we do want to link bash dynamically against readline, history >and ncurses. Statically linking bash to readline was a stopgap to deal with libreadline's ABI changing in a rather nasty way between glibc2.0 and glibc2.1. It was expected that potato would get libreadline4, after which bash could be dynamically linked with readline again. >To avoid this for future libreadline updates, I would like to put >/etc/inputrc into it's own package (are configuration files in library >packages evil ;-?) I think policy needs to explicitly forbid "configuration files" (whether marked as conffiles or not) in library packages. [1] Essential means that the package does not need to be depended on (essential does not seem to be guaranteed to work for implicit Pre-Depends), however the thing that bash provides that is "essential" is /bin/sh. /bin/sh is not guaranteed to be present until after the postinst runs, which means that anything using /bin/sh scripts implicitly Pre-Depends on bash (depends are satisfied by unpack, pre-depends are satisfied by unpack and configure). Obviously this is not good.[2] [2] It should be noted that perl-base now also suffers from this same issue. -- Joel Klecker (aka Espy) Debian GNU/Linux Developer <URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org> <URL:http://web.espy.org/> <URL:http://www.debian.org/> -- To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org ----- End forwarded message ----- I'd therefore like to propose adding something like the following to section 2.3.7, Essential packages: ---- 2.3.7. Essential packages ------------------------- Some packages are tagged `essential'. (They have `Essential: yes' in their package control record.) This flag is used for packages that are _essential_ for a system. Since these packages can not easily be removed (you'll have to specify an extra _force option_ to `dpkg') this flag must only be used where absolutely necessary. A shared library package must not be tagged _essential_--the dependencies will prevent its premature removal, and we need to be able to remove it when it has been superseded. + Further, since these packages may be implicitly required by any + number of other packages, including dpkg itself, they must function + correctly even while unconfigured. You must not tag any packages `essential' before this has been discussed on the `debian-devel' mailing and a consensus about doing that has been reached. ---- Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. PGP encrypted mail preferred. ``The thing is: trying to be too generic is EVIL. It's stupid, it results in slower code, and it results in more bugs.'' -- Linus Torvalds
Attachment:
pgpC6dKW1935K.pgp
Description: PGP signature