On Wed, Sep 28, 2011 at 05:13:50PM +0200, Goswin von Brederlow wrote: > Cc:ing the base-passwd Maintainer since his package is involved.
Thanks. > Santiago Vila <[email protected]> writes: > > Of course I can, because base-passwd is "Essential: yes". > > base-files, like any other package, is right to assume that every > > essential package is ready to be used. > > If you assume the creating /etc/passwd and /etc/group is the core > functionality of base-passwd then it fails policy 3.8: > > | Since dpkg will not prevent upgrading of other packages while an > | essential package is in an unconfigured state, all essential packages > | must supply all of their core functionality even when *unconfigured*. If > | the package cannot satisfy this requirement it must not be tagged as > | essential, and any packages depending on this package must instead > | have explicit dependency fields as appropriate. > > Base-passwd does not provide an /etc/passwd and /etc/group while > unconfigured. > > And I don't see how it could. It can not ship an /etc/passwd and > /etc/group file because that would break on upgrades. > > So lets look at it this way: Providing /etc/passwd and /etc/group is not > a core functionality of base-passwd but an extra feature only available > after the package has been configured. In that case you need to depend > on the package before using this extra feature as it is not covered by > the package being Essential: yes. Perhaps we should adjust the wording of policy here. The key part of the requirement is that the core functionality should continue working during upgrade while the package is unconfigured, i.e. while a new version is being unpacked. I've always understood it to be acceptable that the Essential package may have to have been configured *once*; this is a much less intrusive requirement. As another piece of precedent, base-files provides several things I consider to be Essential functionality (/etc/profile, /etc/nsswitch.conf, various directories, and so on) which it only creates the first time it's configured. I have never heard anyone seriously suggest that a package needs to depend on base-files if it uses NSS facilities. Once base-passwd has been configured once, then its core functionality continues to be available during future upgrades, even while base-passwd is temporarily unconfigured. That's the important point. > This would be a trivial one line fix. To many, many packages. > I disagree. The configure order of packages is something the package > should declare and that should not have to be duplicated in every > bootstrap tool out there even if the order is only relevant for the > initial install. There are a handful of bootstrap tools at best, and thousands of packages that care about the 'root' user existing. I can't accept any analysis producing the solution that every package that does 'chown root:root filename' in its postinst should have to depend on base-passwd, and I think a different analysis is indicated. -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
