Colin Watson <cjwat...@debian.org> writes:
> On Wed, Sep 28, 2011 at 05:13:50PM +0200, Goswin von Brederlow wrote:
>> Cc:ing the base-passwd Maintainer since his package is involved.
>
> Thanks.
>
>> Santiago Vila <sanv...@unex.es> writes:
>> > Of course I can, because base-passwd is "Essential: yes".
>> > base-files, like any other package, is right to assume that every
>> > essential package is ready to be used.
>>
>> If you assume the creating /etc/passwd and /etc/group is the core
>> functionality of base-passwd then it fails policy 3.8:
>>
>> | Since dpkg will not prevent upgrading of other packages while an
>> | essential package is in an unconfigured state, all essential packages
>> | must supply all of their core functionality even when *unconfigured*. If
>> | the package cannot satisfy this requirement it must not be tagged as
>> | essential, and any packages depending on this package must instead
>> | have explicit dependency fields as appropriate.
>>
>> Base-passwd does not provide an /etc/passwd and /etc/group while
>> unconfigured.
>>
>> And I don't see how it could. It can not ship an /etc/passwd and
>> /etc/group file because that would break on upgrades.
>>
>> So lets look at it this way: Providing /etc/passwd and /etc/group is not
>> a core functionality of base-passwd but an extra feature only available
>> after the package has been configured. In that case you need to depend
>> on the package before using this extra feature as it is not covered by
>> the package being Essential: yes.
>
> Perhaps we should adjust the wording of policy here. The key part of
> the requirement is that the core functionality should continue working
> during upgrade while the package is unconfigured, i.e. while a new
> version is being unpacked. I've always understood it to be acceptable
> that the Essential package may have to have been configured *once*; this
> is a much less intrusive requirement. As another piece of precedent,
Indeed. And I think that was the thought behind the policy.
> base-files provides several things I consider to be Essential
> functionality (/etc/profile, /etc/nsswitch.conf, various directories,
> and so on) which it only creates the first time it's configured. I have
> never heard anyone seriously suggest that a package needs to depend on
> base-files if it uses NSS facilities.
Do any essential packages make use of NSS facilities in their postinst?
> Once base-passwd has been configured once, then its core functionality
> continues to be available during future upgrades, even while base-passwd
> is temporarily unconfigured. That's the important point.
>
>> This would be a trivial one line fix.
>
> To many, many packages.
/var/lib/dpkg/info$
grep chown *.postinst -l | while read F; do basename $F .postinst; done
| xargs apt-cache show | grep-dctrl -F Essential yes -s Package -n |
uniq
base-files
----------
#chown root:staff $1 2> /dev/null || true
chown root:$3 /$1
chown root:utmp /var/log/wtmp /var/log/btmp /var/log/lastlog
chown root:utmp /var/run/utmp
chown root:root /var/lib/dpkg
chown root:root /var/lib/dpkg/status
chown root:root /usr/share/info/dir
dpkg
----
chown root:root $logfile 2>/dev/null || chown 0:0 $logfile
login
-----
chown root:root /var/log/faillog
>> I disagree. The configure order of packages is something the package
>> should declare and that should not have to be duplicated in every
>> bootstrap tool out there even if the order is only relevant for the
>> initial install.
>
> There are a handful of bootstrap tools at best, and thousands of
> packages that care about the 'root' user existing. I can't accept any
> analysis producing the solution that every package that does 'chown
> root:root filename' in its postinst should have to depend on
> base-passwd, and I think a different analysis is indicated.
>
> --
> Colin Watson [cjwat...@debian.org]
I think it is safe to say that essential packages have to be configured
before the rest by any bootstraping tool. That seriously reduces the set
of packages this is relevant to. Of those paclages only 3 packages (see
above) do use chown and dpkg already works around passwd not being there
and login can do the same. But that wouldn't be feasable for base-files
since it uses a number of different groups.
So all we are talking about is 2 packages of which only on would need
the Depends.
MfG
Goswin
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
