Re: Please, minimize your build chroots
Hi,
Quoting David Kalnischkies (2022-12-18 17:18:28)
> On Fri, Dec 16, 2022 at 03:38:17PM +0100, Santiago Vila wrote:
> > Then there is "e2fsprogs", which apt seems to treat as if it were
> > an essential package:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826587
>
> As Julian explained, it is considered "essential" because the maintainer
> said so. If you don't think e2fsprogs should be considered "essential"
> for a system it is installed on please talk to the maintainer.
>
> Sure, the package is not (anymore) really "Essential:yes", but 'apt'
> isn't either and will print the same message anyhow. I don't think it
> would be a net-benefit for a user to invent words for different types of
> essentialness in apt because in the end you either know what you are
> doing while removing a somewhat essential package and continue or you don't
> know what you are doing and (hopefully) get the hell out.
would it be so difficult to cater to both kind of users? For those who do not
know the terminology, using the word "essential" is probably fine. But for
those who do it's confusing. Why can apt not say something like:
WARNING: The following packages will be removed. Apt considers them essential
because they are marked as Priority:required. This should NOT be done unless
you know exactly what you are doing!
> > This sort-of breaks sbuild when using an ordinary chroot (not overlayfs),
> > because after building a package needing e2fsprogs, it may not be removed
> > and it's kept in the chroot.
>
> "It may". Well, certainly apt won't autoremove it. Like a lot of other
> packages it wont even through they aren't essential or protected or
> whatever… ("just" prio:required is enough for example). They are not not
> irremovable through. It might just be a little harder to remove them
> than to install them. Heck, some people believe its far easier to start
> vim than to exit it.
Note also, that you really shouldn't be using sbuild with an ordinary chroot,
that is without overlayfs or without the chroot being a tarball unpacked to a
tmpfs. The system will not only be different from before after removal of
packages at the end, if you add --allow-remove-essential to the removal
commandline in sbuild, the chroot might even be completely unusable. What is
the use-case of using sbuild with non-emphimeral chroots?
So personally, I'll not invest my own time in making sbuild better at package
removal at the end of the build process.
> > build packages. Here we would need some interface like
> > SUDO_FORCE_REMOVE=yes, or maybe just stop doing anything at all with the
> > Important:yes flag.
>
> Ironically, one of the selling points for Protected:yes (that is how the
> field ended up named which dpkg is supporting by now) was that it allows
> to shrink the essential set (e2fsprogs even being an example) as there
> is a non-empty set of people who believe users do incredibly dumb things
> if you give them the option to.
>
> I mean, we got practically bullied into replacing the "Do as I say!"
> prompt with a semi-hidden cmndline flag (--allow-remove-essential)
> because some wannabe YT star yolo'ed the prompt ending in misery and
> somehow that was framed as our fault by everyone as we didn't show the
> appropriate meme-gif (rendered with caca) to make them understand
> without reading [sorry, not sorry. I am not even exaggerating that much].
After this operation, 195 MS disk space will be freed.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'
https://youtu.be/0506yDSgU7M?t=637
"I have to type 'Yes, do as I say!' in order to install it."
Sigh...
> Due to that, you are now presented with:
> | E: Removing essential system-critical packages is not permitted. This might break the system.
>
> See? "essential" again and even "system-critical" at that.
> It is all a lie of course. Nobody really needs an init system, much less
> some silly metapackage for it, as long as there is /bin/sh and a keyboard.
> I should make a video about it to – essentially – become famous & rich…
Dammit, and now you wrote that one can use in a public forum that it's possible
to add --allow-remove-essential! Think of the children!
> Btw, apt also has behaviour specifically for sbuild: 'apt-cache show
> mail-transport-agent' has a zero exitcode even through that makes no
> sense at all apart from not making (some?) sbuild versions explode.
> You are welcome. I hate it.
Errrr... lets change that. What's the problem in sbuild?
Thanks!
cheers, josch
Reply to: