Package: dpkg Version: 1.21.22 Severity: wishlist Before Debian trixie, login was Essential; now it's merely Protected (included in normal installations, but removable).
In minimal container environments where logins and package management are not required functionality, it can be useful to remove Essential and Protected packages. For example, https://salsa.debian.org/smcv/flatdeb (used in Valve's Steam Runtime) is intended for single-user, Flatpak-like app containers with an immutable /usr, so it removes login, passwd and eventually dpkg to save some space in the container, using dpkg --force-remove-essential to make that happen. (Obviously this breaks some normal things in that container, but that's OK for my particular use-case.) When login became non-Essential, this regressed: now that login is Protected, `dpkg --force-remove-essential --purge login` refuses to remove it, even though being Protected is "weaker" than being Essential: 2024/07/15 04:30:34 platformize | dpkg: error processing package login (--purge): 2024/07/15 04:30:34 platformize | this is a protected package; it should not be removed and even though it does allow Essential packages to be removed: 2024/07/15 04:30:34 platformize | dpkg: warning: overriding problem because --force enabled: 2024/07/15 04:30:34 platformize | dpkg: warning: this is an essential package; it should not be removed I think it might make sense for --force-remove-essential to automatically enable the "weaker" option --force-remove-protected - if we're in a scenario where removing Essential packages is OK, then it's certainly OK to remove packages like login that are only Protected. A workaround is to detect the dpkg version in use, and if it's >= 1.20.1, add --force-remove-protected to the dpkg command-line. smcv