Package: debian-policy
Severity: wishlist
First, some context:
bash is an Essential: yes package, and recently it was changed so that
/bin/sh was only there after the postinst was run. This works fine for
apt, but breaks just about every other dselect method in existence.
The following is Joel Klecker's message to -devel on the topic from the
other day:
----- Forwarded message from Joel Klecker <jk@espy.org> -----
Date: Sat, 20 Nov 1999 14:07:26 -0800
To: Matthias Klose <doko@cs.tu-berlin.de>, debian-devel@lists.debian.org
From: Joel Klecker <jk@espy.org>
Subject: Re: experimental bash-2.03 and readline-4.0 packages for potato
Cc: submit@bugs.debian.org
Package: bash
Severity: critical
At 19:45 +0100 1999-11-20, Matthias Klose wrote:
>I have put together packages for bash-2.03 and readline-4.0. You find
>them at http://master.debian.org/~doko/bash-rl. Many bugs are fixed.
>Please see the changelogs. A still open issue is a working slink
>update.
There's a serious issue with /bin/sh that needs to be addressed. Some NMU
completely destroyed bash's Essential status[1] by handling the /bin/sh
symlink outside of dpkg's control. The /bin/sh crap needs to be removed
from the maintainer scripts and the binary package needs to contain the
/bin/sh symlink again. This is a critical bug.
>Current status:
> - libreadlineg2 contains /etc/inputrc
> - bash-2.02 is statically linked to libreadlineg2
>
>Assume we do want to link bash dynamically against readline, history
>and ncurses.
Statically linking bash to readline was a stopgap to deal with
libreadline's ABI changing in a rather nasty way between glibc2.0 and
glibc2.1.
It was expected that potato would get libreadline4, after which bash could
be dynamically linked with readline again.
>To avoid this for future libreadline updates, I would like to put
>/etc/inputrc into it's own package (are configuration files in library
>packages evil ;-?)
I think policy needs to explicitly forbid "configuration files" (whether
marked as conffiles or not) in library packages.
[1] Essential means that the package does not need to be depended on
(essential does not seem to be guaranteed to work for implicit
Pre-Depends), however the thing that bash provides that is "essential" is
/bin/sh. /bin/sh is not guaranteed to be present until after the postinst
runs, which means that anything using /bin/sh scripts implicitly
Pre-Depends on bash (depends are satisfied by unpack, pre-depends are
satisfied by unpack and configure). Obviously this is not good.[2]
[2] It should be noted that perl-base now also suffers from this same issue.
--
Joel Klecker (aka Espy) Debian GNU/Linux Developer
<URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org>
<URL:http://web.espy.org/> <URL:http://www.debian.org/>
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
----- End forwarded message -----
I'd therefore like to propose adding something like the following to section
2.3.7, Essential packages:
----
2.3.7. Essential packages
-------------------------
Some packages are tagged `essential'. (They have `Essential: yes' in
their package control record.) This flag is used for packages that are
_essential_ for a system.
Since these packages can not easily be removed (you'll have to specify
an extra _force option_ to `dpkg') this flag must only be used where
absolutely necessary. A shared library package must not be tagged
_essential_--the dependencies will prevent its premature removal, and
we need to be able to remove it when it has been superseded.
+ Further, since these packages may be implicitly required by any
+ number of other packages, including dpkg itself, they must function
+ correctly even while unconfigured.
You must not tag any packages `essential' before this has been
discussed on the `debian-devel' mailing and a consensus about doing
that has been reached.
----
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. PGP encrypted mail preferred.
``The thing is: trying to be too generic is EVIL. It's stupid, it
results in slower code, and it results in more bugs.''
-- Linus Torvalds
Attachment:
pgpC6dKW1935K.pgp
Description: PGP signature