hi Holger,

On Tue Jun 2, 2026 at 11:07 AM CEST, Holger Levsen wrote:
> On Mon, Jun 01, 2026 at 10:47:13PM +0200, Serafeim (Serafi) Zanikolas wrote:
>> please find a lightly edited version attached as a patch.
>
> thanks for the updated patch. What I still miss is the information first,
> that postinst scripts normally must not fail. Or is it there and just missing
> from the patch/context?

nope, you're right. please find attached a revised patch.

thanks,
serafi
From 4b83d5935cf71a9414dfa9e5d1561585c83dbd5f Mon Sep 17 00:00:00 2001
From: "Serafeim (Serafi) Zanikolas" <[email protected]>
Date: Mon, 1 Jun 2026 22:39:43 +0200
Subject: [PATCH] best-pkging-practices: when failing postinst might be
 appropriate. Closes #801065.

---
 source/best-pkging-practices.rst | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/source/best-pkging-practices.rst b/source/best-pkging-practices.rst
index 3dea1c4..58138ee 100644
--- a/source/best-pkging-practices.rst
+++ b/source/best-pkging-practices.rst
@@ -574,6 +574,9 @@ that isn't handled merely by the creation or removal of files and
 directories. The following instructions supplement the `Debian
 Policy <https://www.debian.org/doc/debian-policy/>`__.
 
+Generic guidelines
+--------------------------------------------------------------------------------------------------------------------------------
+
 Maintainer scripts must be idempotent. That means that you need to make
 sure nothing bad will happen if the script is called twice where it
 would usually be called once.
@@ -612,6 +615,34 @@ shell-builtin for many shells and is defined in POSIX.
 Using ``which`` is an acceptable alternative, since it is from the required 
 ``debianutils`` package.
 
+Expected behavior of complex postinst scripts
+--------------------------------------------------------------------------------------------------------------------------------
+
+``postinst`` scripts must normally not fail, except for very specific cases when
+a package is clearly broken:
+
+-  A service failing to start upon a fresh install if:
+
+   - the service configuration is straightforward and can be reasonably
+     expected to work as-is in typical Debian setups
+
+   - the service has no external dependencies (e.g. a database which may not
+     yet be configured, or unreachable at install time)
+
+-  A service failing to restart upon an upgrade if:
+
+   - ``postinst`` can verify with high confidence (which may not always be
+     feasible) that the service was running prior to the restart
+
+   - the service has no external dependencies or ``postinst`` can verify that
+     they are functional
+
+   - the service configuration has not changed in backwards incompatible ways
+     between the old and new package versions
+
+The above guidance is necessarily vague because it is not possible to provide
+exhaustive guidance for all the possible nuances and edge cases.
+
 .. _bpp-config-mgmt:
 
 Configuration management with ``debconf``
-- 
2.47.3

Attachment: signature.asc
Description: PGP signature

Reply via email to