Bug#574729: marked as done (apt: essential is not a priority. apt-get should not install essential packages by default)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 21 Mar 2010 13:00:55 +0100
with message-id <[🔎] 20100321125315.GA3089@debian.org>
and subject line Re: Bug#574729: apt: essential is not a priority. apt-get should not install essential packages by default
has caused the Debian Bug report #177952,
regarding apt: essential is not a priority. apt-get should not install essential packages by default
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
177952: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=177952
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: apt: essential is not a priority. apt-get should not install essential packages by default
• From: Santiago Vila <sanvila@unex.es>
• Date: Sat, 20 Mar 2010 16:27:14 +0100 (CET)
• Message-id: <[🔎] alpine.DEB.1.10.1003201548430.13594@cantor.unex.es>

Package: apt
Version: 0.7.25.3

It seems apt-get installs new essential packages by default.

This *is* a bug. Please let me explain why:

The purpose and meaning of the essential flag is, and it has always
been "should not be removed", *not* "should be installed by default".

Those two things might seem very similar, but they are not!

The following example comes from a very old discussion about this:

Consider for example a forked "e2fsprogs" package having a different name,
say "e2fsprogs-foo". This package would Conflicts and Replaces the ordinary
"e2fsprogs" package. It would be of extra priority, as it conflicts
with a required package. However, it would be also "Essential: yes".

That way, installing "e2fsprogs-foo" would remove e2fsprogs automatically,
but the user would have to use "dpkg --force-remove-essential" to
remove "e2fsprogs-foo" in exactly the same way it would have to do that
to remove "e2fsprogs".

In any of these two cases, the job of dpkg (which should be also the
job of apt-get) is to prevent the user from uninstalling an essential
package accidentally, but clearly *not* to ensure that "all essential
packages are installed" as "e2fsprogs" and "e2fsprogs-foo" conflict
at each other and may not be installed at the same time.



By installing essential packages by default, apt-get is treating the
essential flag as if it were one more priority over "required". That's
not the case, essential is just a flag to prevent accidental remove,
not a priority.

Note 1: To my amazement, Bug#177952 asks for an option to disable the
current behaviour and it's marked "wontfix"! While such option would
certainly be a step in the right direction, that would not change
the fact that the default behaviour is a bug!

Note 2: Whenever new essential packages are added to the system,
old essential packages depend on them (example: the diff->diffutils
transition from lenny to squeeze), so the ability to add packages to
the set of essential packages should not be considered as a good
reason to keep the current behaviour.


Thanks.

--- End Message ---

--- Begin Message ---

• To: Santiago Vila <sanvila@unex.es>
• Cc: 574729@bugs.debian.org, 177952-done@bugs.debian.org
• Subject: Re: Bug#574729: apt: essential is not a priority. apt-get should not install essential packages by default
• From: Julian Andres Klode <jak@debian.org>
• Date: Sun, 21 Mar 2010 13:00:55 +0100
• Message-id: <[🔎] 20100321125315.GA3089@debian.org>
• Mail-followup-to: Julian Andres Klode <jak@debian.org>, Santiago Vila <sanvila@unex.es>, 574729@bugs.debian.org, 177952-done@bugs.debian.org
• In-reply-to: <[🔎] 4BA5945B.3090401@unex.es>
• References: <[🔎] alpine.DEB.1.10.1003201548430.13594@cantor.unex.es> <[🔎] 20100320224112.GA3854@debian.org> <[🔎] 4BA5945B.3090401@unex.es>

On Sun, Mar 21, 2010 at 04:36:59AM +0100, Santiago Vila wrote:
> Julian Andres Klode escribió:
> >forcemerge 177952 574729
> >thanks
> >
> >On Sat, Mar 20, 2010 at 04:27:14PM +0100, Santiago Vila wrote:
> >>Package: apt
> >>Version: 0.7.25.3
> >>
> >>It seems apt-get installs new essential packages by default.
> >>
> >>This *is* a bug. Please let me explain why:
> >It is not, read Policy section 3.8:
> >
> > "Essential is defined as the minimal set of functionality that MUST
> >  be available and usable on the system at all times
> >  [...]
> >  Packages may assume that functionality provided by essential
> >  packages is always available without declaring explicit dependencies"
> >
> >If apt were not installing them, those packages would not be available
> >on the system (1st part) and packages could not assume that they are
> >available (2nd part). Thus, not installing all essential packages
> >would violate the Policy and may result in a broken system.
> 
> No, you are drawing conclusions that are not in policy. apt-get
> would not violate policy, because policy does not say that apt-get
> should try to "fix" the system.
It only tries it in dist-upgrade or when installing new packages; and
not on upgrade. And thus it's not fixing the system; but just ensuring
that everything needed is there before doing distribution upgrades or
new installations. Otherwise, changing the essential package set would
be a much more difficult thing.

> 
> Usually, essential and required packages are installed because
> debootstrap installs them in the very first system install, and also
> because it is difficult to remove them. So in practice it is not,
> and it has never been necessary for apt-get to install them.
> 
> If the user does "dpkg --force-remove-essential", whatever breakage
> that may result is entirely under the responsability of the *user*,
> not the responsability of apt.
> 
> Moreover, quoted section 3.8 is just a description of essential, not
> a description of how package managers should behave. For a
> description of what the package system should do, we might also read
> section 5.6.9:
> 
> 5.6.9. `Essential'
> ------------------
> 
>   This is a boolean field which may occur only in the control file of a
>   binary package or in a per-package fields paragraph of a main source
>   control data file.
> 
>   If set to `yes' then the package management system will refuse to
>   remove the package (upgrading and replacing it is still possible).
> 
> Please note that it says "refuse to remove the package" (which in
> practice it translates into making particularly difficult to remove
> it), it does *not* say the package management system should
> *reinstall* it again at the smallest chance!
> 
> If dpkg allows the user to remove an essential package (using an
> extra option), apt should not second-guess the will of the user, at
> least not automatically, and definitely not without asking first.
> 
> Keeping the integrity of the system might be a desirable and nice
> thing in some cases, but it's not something that should be done
> *against* the will of the user!

You can prevent the installation of new essential packages by
pinning them to -1:

	Package: test-essential
	Pin: version 0.0-0
	Pin-Priority: -1

Thus I'm also closing bug #177952; because it is possible
to "suppress installation of essential packages". Due to
Bug #216768 this may not always work in practice; but I
have not checked it further.

Anyway, this bug is done.

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

Attachment: pgpe3ODhwUrne.pgp
Description: PGP signature

--- End Message ---