Hi Serafi,

On Fri, Jun 12, 2026 at 10:03:32PM +0200, Serafeim (Serafi) Zanikolas wrote:
> > thanks for the updated patch. What I still miss is the information first,
> > that postinst scripts normally must not fail. Or is it there and just 
> > missing
> > from the patch/context?
> nope, you're right. please find attached a revised patch.

thanks, better, however:

> +Expected behavior of complex postinst scripts
> +--------------------------------------------------------------------------------------------------------------------------------
> +``postinst`` scripts must normally not fail, 

I'd add the information here that it makes the package seriously buggy
if the package fails to install due to this, eg in piuparts testing but
also in other cases.

> +``postinst`` scripts must normally not fail, except for very specific cases 
> when
> +a package is clearly broken:
> +-  A service failing to start upon a fresh install if:
[...]
> +-  A service failing to restart upon an upgrade if:
[...]

Honestly I fail to parse the English here, though from context of the bug 
report I do get what you mean with these constructs.

Also, I dont think "a package is clearly broken" is correct, its the environment
or something else which is broken, not the package.

So how about something like:

``postinst`` scripts must normally not fail, except for very rare cases:

- failing to start upon a fresh install when:
   - the service configuration is straightforward and can be reasonably
     expected to work as-is in typical Debian setups
   - the service has no external dependencies (e.g. a database which may not
     yet be configured, or unreachable at install time)

NOTE: and now I see these are conditions when the packages must NOT fail.

So another attempt:


``postinst`` scripts must normally not fail, except for very rare cases.
These are cases where postinst must succeed:

on fresh installs:
   - the service configuration is straightforward and can be reasonably
     expected to work as-is in typical Debian setups
   - the service has no external dependencies (e.g. a database which may not
     yet be configured, or unreachable at install time)

on upgrades:
   - ``postinst`` can verify with high confidence (which may not always be
     feasible) that the service was running prior to the restart
   - the service has no external dependencies or ``postinst`` can verify that
     they are functional
   - the service configuration has not changed in backwards incompatible ways
     between the old and new package versions


what do you think?


-- 
cheers,
        Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

Kinda weird that we’re all gonna experience climate change as a series of
short, apocalyptic videos until eventually it’s your phone that’s recording.
(@shocks)

Attachment: signature.asc
Description: PGP signature

Reply via email to