Bug#928172: fixing debian-security-support upgrades from stretch (for good)
Sean Whitton: > Hello, > > On Mon 13 May 2019 at 11:52AM +00, Holger Levsen wrote: > >> [re-sent with debian-release list address corrected...] > > Also resending. Sorry. > >> so there is "#928172 debian-security-support: fails to upgrade from >> 'testing': >> dpkg: error: error executing hook" which happens when base-files is upgraded >> before debian-security-support (but doesnt happen if d-s-s is upgraded >> first...) >> >> So I think this can only be fixed properly (=without asking people to >> upgrade to the latest stretch pointrelease but instead allowing upgrades >> to buster from *any* stretch pointrelease) by adding a "pre-depends: >> debian-security-support (>= 2019.04.25)" to base-files in buster. > > I didn't think we supported upgrades from anything but the latest point > release of the previous stable release? > > My belief is based on the release notes saying that you should upgrade > to the latest point relesae first. > My understanding is that we prefer that upgrade paths works regardless of which minor version of the stable release you upgrade from (to the extend possible). Thanks, ~Niels
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
Hello, On Mon 13 May 2019 at 11:32AM +00, Holger Levsen wrote: > so there is "#928172 debian-security-support: fails to upgrade from 'testing': > dpkg: error: error executing hook" which happens when base-files is upgraded > before debian-security-support (but doesnt happen if d-s-s is upgraded > first...) > > So I think this can only be fixed properly (=without asking people to > upgrade to the latest stretch pointrelease but instead allowing upgrades > to buster from *any* stretch pointrelease) by adding a "pre-depends: > debian-security-support (>= 2019.04.25)" to base-files in buster. I didn't think we supported upgrades from anything but the latest point release of the previous stable release? My belief is based on the release notes saying that you should upgrade to the latest point relesae first. -- Sean Whitton signature.asc Description: PGP signature
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
Hello, On Mon 13 May 2019 at 11:52AM +00, Holger Levsen wrote: > [re-sent with debian-release list address corrected...] Also resending. Sorry. > so there is "#928172 debian-security-support: fails to upgrade from 'testing': > dpkg: error: error executing hook" which happens when base-files is upgraded > before debian-security-support (but doesnt happen if d-s-s is upgraded > first...) > > So I think this can only be fixed properly (=without asking people to > upgrade to the latest stretch pointrelease but instead allowing upgrades > to buster from *any* stretch pointrelease) by adding a "pre-depends: > debian-security-support (>= 2019.04.25)" to base-files in buster. I didn't think we supported upgrades from anything but the latest point release of the previous stable release? My belief is based on the release notes saying that you should upgrade to the latest point relesae first. -- Sean Whitton signature.asc Description: PGP signature
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
On Mon, May 13, 2019 at 08:17:26PM +0100, Ben Hutchings wrote: > On Mon, 2019-05-13 at 19:08 +, Holger Levsen wrote: > > reassign -1 base-files > > retitle -1 base-files: please add a break on d-s-s < 2019.04.25 and FWIW and for future releases, I've just now done https://salsa.debian.org/debian/debian-security-support/commit/970c319393cc1a43d6213b21e92b3ec1c6b77e73 "check-support-status.in: don't fail if security-support-ended.debX does not exist for the release d-s-s is running on. Closes: #927450." though I won't upload this immediatly as I'm not sure it's the most ideal fix for this. Maybe it is though. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
On Mon, 2019-05-13 at 19:08 +, Holger Levsen wrote: > reassign -1 base-files > retitle -1 base-files: please add a break on d-s-s < 2019.04.25 > thanks > > On Mon, May 13, 2019 at 01:00:14PM +0100, Ben Hutchings wrote: > > On Mon, 2019-05-13 at 11:52 +, Holger Levsen wrote: > > > So I think this can only be fixed properly (=without asking people to > > > upgrade to the latest stretch pointrelease but instead allowing upgrades > > > to buster from *any* stretch pointrelease) by adding a "pre-depends: > > > debian-security-support (>= 2019.04.25)" to base-files in buster. > > This makes debian-security-support transitively essential, whereas it > > used to be optional. > > thanks, Ben. > > > Is "Conflicts" not strong enough? > > after re-reading > https://www.debian.org/doc/debian-policy/ch-relationships.html#packages-which-break-other-packages-breaks > and > https://www.debian.org/doc/debian-policy/ch-relationships.html#conflicting-binary-packages-conflicts > (policy 7.3 and 7.4) I now also think that a "Breaks: > debian-security-support (>= 2019.04.25)" in src:base-files is in order. After re-reading, I concur that "Breaks" should be sufficient. But please do test this! Ben. -- Ben Hutchings For every complex problem there is a solution that is simple, neat, and wrong. signature.asc Description: This is a digitally signed message part
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
reassign -1 base-files retitle -1 base-files: please add a break on d-s-s < 2019.04.25 thanks On Mon, May 13, 2019 at 01:00:14PM +0100, Ben Hutchings wrote: > On Mon, 2019-05-13 at 11:52 +, Holger Levsen wrote: > > So I think this can only be fixed properly (=without asking people to > > upgrade to the latest stretch pointrelease but instead allowing upgrades > > to buster from *any* stretch pointrelease) by adding a "pre-depends: > > debian-security-support (>= 2019.04.25)" to base-files in buster. > This makes debian-security-support transitively essential, whereas it > used to be optional. thanks, Ben. > Is "Conflicts" not strong enough? after re-reading https://www.debian.org/doc/debian-policy/ch-relationships.html#packages-which-break-other-packages-breaks and https://www.debian.org/doc/debian-policy/ch-relationships.html#conflicting-binary-packages-conflicts (policy 7.3 and 7.4) I now also think that a "Breaks: debian-security-support (>= 2019.04.25)" in src:base-files is in order. Thanks. -- tschau, Holger --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C we'll all die. make a difference while you can. disobey. smile. signature.asc Description: PGP signature
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
On May 13, Holger Levsen wrote: > So I think this can only be fixed properly (=without asking people to > upgrade to the latest stretch pointrelease but instead allowing upgrades > to buster from *any* stretch pointrelease) by adding a "pre-depends: > debian-security-support (>= 2019.04.25)" to base-files in buster. I strongly object to adding this package, and its dependency gettext-base, to the transitive essential set. There are many situations where this package is not needed (e.g. containers, where Debian is already quite suboptimal) and it is wrong to force it on every system because it wastes disk space and may cause future troubles (and it already doing this now). This is not acceptable for a package with such a low popcon ranking. I tried installing it (I had never heard of it before) and I see that it immediately complains about the version of binutils currently in unstable, so I also have serious doubts about the usefulness of a security tool which will always report an alarm. -- ciao, Marco signature.asc Description: PGP signature
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
On Mon, 2019-05-13 at 11:52 +, Holger Levsen wrote: > [re-sent with debian-release list address corrected...] > > > hi, > > so there is "#928172 debian-security-support: fails to upgrade from 'testing': > dpkg: error: error executing hook" which happens when base-files is upgraded > before debian-security-support (but doesnt happen if d-s-s is upgraded > first...) > > So I think this can only be fixed properly (=without asking people to > upgrade to the latest stretch pointrelease but instead allowing upgrades > to buster from *any* stretch pointrelease) by adding a "pre-depends: > debian-security-support (>= 2019.04.25)" to base-files in buster. [...] This makes debian-security-support transitively essential, whereas it used to be optional. Is "Conflicts" not strong enough? Ben. -- Ben Hutchings For every complex problem there is a solution that is simple, neat, and wrong. signature.asc Description: This is a digitally signed message part
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
[re-sent with debian-release list address corrected...] hi, so there is "#928172 debian-security-support: fails to upgrade from 'testing': dpkg: error: error executing hook" which happens when base-files is upgraded before debian-security-support (but doesnt happen if d-s-s is upgraded first...) So I think this can only be fixed properly (=without asking people to upgrade to the latest stretch pointrelease but instead allowing upgrades to buster from *any* stretch pointrelease) by adding a "pre-depends: debian-security-support (>= 2019.04.25)" to base-files in buster. As per policy 7.2 I'm asking debian-devel to discuss this and form a consensus that this is the right thing to do. Please note that there are two more relevant bugs for this disucssion: "#927450 [debian-security-support] debian-security-support needs to be adapted to each new Debian release" - this bug should be fixed in another debian-security-support upload targeted at buster, probably by just exiting with 0 in case of an unsupported release. Please note that #927450 was fixed in d-s-s 2019.04.25 and then reopened with another scope :/ (=fixing this permanently and forever, while #927450 was originally only about not recognizing buster as a valid release.) "#928204 [debian-security-support] check-support-status: cannot create /var/lib/debian-security-support/security-support.semaphore: Directory nonexistent" - I looked at the code and couldnt see how this bug could happen. Help welcome, also just by confirming whether it's possible for you to (not) reproduce this bug. -- tschau, Holger, who didn't create this mess... --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
On Mon, May 13, 2019 at 11:32:36AM +, Holger Levsen wrote: > hi, > > so there is "#928172 debian-security-support: fails to upgrade from 'testing': > dpkg: error: error executing hook" which happens when base-files is upgraded > before debian-security-support (but doesnt happen if d-s-s is upgraded > first...) > > So I think this can only be fixed properly (=without asking people to > upgrade to the latest stretch pointrelease but instead allowing upgrades > to buster from *any* stretch pointrelease) by adding a "pre-depends: > debian-security-support (>= 2019.04.25)" to base-files in buster. Please no, this would make debian-security-support essential de-facto. We should allow debian-security-support to propagate to testing first. Then I can just add a Breaks: debian-security-support (<= version-in-stretch) in base-files. Please tell me what's wrong with that. Thanks.
Bug#928172: fixing debian-security-support upgrades from stretch (for good)
hi, so there is "#928172 debian-security-support: fails to upgrade from 'testing': dpkg: error: error executing hook" which happens when base-files is upgraded before debian-security-support (but doesnt happen if d-s-s is upgraded first...) So I think this can only be fixed properly (=without asking people to upgrade to the latest stretch pointrelease but instead allowing upgrades to buster from *any* stretch pointrelease) by adding a "pre-depends: debian-security-support (>= 2019.04.25)" to base-files in buster. As per policy 7.2 I'm asking debian-devel to discuss this and form a consensus that this is the right thing to do. Please note that there are two more relevant bugs for this disucssion: "#927450 [debian-security-support] debian-security-support needs to be adapted to each new Debian release" - this bug should be fixed in another debian-security-support upload targeted at buster, probably by just exiting with 0 in case of an unsupported release. Please note that #927450 was fixed in d-s-s 2019.04.25 and then reopened with another scope :/ (=fixing this permanently and forever, while #927450 was originally only about not recognizing buster as a valid release.) "#928204 [debian-security-support] check-support-status: cannot create /var/lib/debian-security-support/security-support.semaphore: Directory nonexistent" - I looked at the code and couldnt see how this bug could happen. Help welcome, also just by confirming whether it's possible for you to (not) reproduce this bug. -- tschau, Holger, who didn't create this mess... --- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C signature.asc Description: PGP signature