Bug#953759: debootstrap: mandatory security support breaks too many things

2020-03-13 Thread Johannes Schauer 
Hi,

Quoting Tianon Gravi (2020-03-13 08:05:11)
> On Thu, 12 Mar 2020 at 18:27, Cyril Brulebois  wrote:
> > The latest batch of bug reports filed by Johannes 'josch' Schauer seems
> > to confirm my initial assessment: this will break (too) many use cases
> > (#953404, #953588, #953593, #953594, #953617).
> +1, thanks (to you both) for doing this -- my first thought seeing these
> changes was that this would have a pretty strong negative effect on the
> debian-installer (especially folks using the larger CDs to avoid the
> internet).
> 
> I wonder if we could reasonably hook up josch's mmdebstrap tests via Salsa's
> CI for MRs and commits to debootstrap?  That seems like it would help avoid
> these types of regressions for adding new features like this in a safer
> manner.

better write a more comprehensive autopkgtest suite for debootstrap and test
for the things that you are actually interested in. To find the problems this
commit introduced, it would've been enough to add simple smoke tests for each
of the debootstrap options (mmdebstrap only tests few of them) and then run
debootstrap for unstable, testing, stable and oldstable -- verifying that they
give a non-zero exit code.

The plan for mmdebstrap is to go away once there is the "apt-get bootstrap"
command at some point in the future.  Also, mmdebstrap's test can break for a
multitude of other reasons unrelated to debootstrap, so this is not a good
idea.

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#953759: debootstrap: mandatory security support breaks too many things

2020-03-13 Thread Tianon Gravi 
On Thu, 12 Mar 2020 at 18:27, Cyril Brulebois  wrote:
> The latest batch of bug reports filed by Johannes 'josch' Schauer seems
> to confirm my initial assessment: this will break (too) many use cases
> (#953404, #953588, #953593, #953594, #953617).

+1, thanks (to you both) for doing this -- my first thought seeing
these changes was that this would have a pretty strong negative effect
on the debian-installer (especially folks using the larger CDs to
avoid the internet).

I wonder if we could reasonably hook up josch's mmdebstrap tests via
Salsa's CI for MRs and commits to debootstrap?  That seems like it
would help avoid these types of regressions for adding new features
like this in a safer manner.

♥,
- Tianon
  4096R / B42F 6819 007F 00F8 8E36  4FD4 036A 9C25 BF35 7DD4

Bug#953759: debootstrap: mandatory security support breaks too many things

2020-03-12 Thread Steve McIntyre 
On Fri, Mar 13, 2020 at 02:26:04AM +0100, Cyril Brulebois wrote:
>Package: debootstrap
>Version: 1.0.120
>Severity: serious
>Justification: RoM
>
>Hi,
>
>It seems my comments in [1] were ignored, so filing an RC bug to make
>sure this is tracked at least by the BTS and britney.
>
> 1. https://lists.debian.org/debian-boot/2020/03/msg00103.html
>
>The latest batch of bug reports filed by Johannes 'josch' Schauer seems
>to confirm my initial assessment: this will break (too) many use cases
>(#953404, #953588, #953593, #953594, #953617).
>
>Right now, my current plan would be:
> - creating a branch called “mandatory-security-support” (or something
>   similar) at 1.0.121, so that people wanting to turn that into something
>   suitable can try to do so, but I'm still unconvinced even having that as
>   an option (disabled by default) would be appropriate, for all the
>   problems that can come up when trying to drive apt.
> - remove support in master entirely, for the time being.
>
>Rationale for plain removal is: we need to be able to upload debootstrap
>with bugfixes, without having to suffer from all the side effects coming
>from that recent change.

Sounds sensible enough to me...

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
We don't need no education.
We don't need no thought control.

Bug#953759: debootstrap: mandatory security support breaks too many things

2020-03-12 Thread Cyril Brulebois 
Package: debootstrap
Version: 1.0.120
Severity: serious
Justification: RoM

Hi,

It seems my comments in [1] were ignored, so filing an RC bug to make
sure this is tracked at least by the BTS and britney.

 1. https://lists.debian.org/debian-boot/2020/03/msg00103.html

The latest batch of bug reports filed by Johannes 'josch' Schauer seems
to confirm my initial assessment: this will break (too) many use cases
(#953404, #953588, #953593, #953594, #953617).

Right now, my current plan would be:
 - creating a branch called “mandatory-security-support” (or something
   similar) at 1.0.121, so that people wanting to turn that into something
   suitable can try to do so, but I'm still unconvinced even having that as
   an option (disabled by default) would be appropriate, for all the
   problems that can come up when trying to drive apt.
 - remove support in master entirely, for the time being.

Rationale for plain removal is: we need to be able to upload debootstrap
with bugfixes, without having to suffer from all the side effects coming
from that recent change.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant