Bug#872587: Document the Protected field

To: 872587@bugs.debian.org
Subject: Bug#872587: Document the Protected field
From: Simon McVittie <smcv@debian.org>
Date: Wed, 27 Mar 2024 13:31:33 +0000
Message-id: <[🔎] ZgQftSL9eePyDsNN@tautology.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 872587@bugs.debian.org
In-reply-to: <[🔎] CAPZXPQdOF0K6a6k+NxHQptyEXXuWEmOsEx_M3odmQ1Pso2gY+Q@mail.gmail.com>
References: <150308957836.26649.615920951225490275.reportbug@umbar.angband.pl> <[🔎] CAPZXPQddfaGUricG0_nMbdn4-bP+0fVSbcG_fFTs8DKQ4y92XQ@mail.gmail.com> <[🔎] ZgQJVYwS9o9o9348@belkar.wrar.name> <150308957836.26649.615920951225490275.reportbug@umbar.angband.pl> <[🔎] CAPZXPQdOF0K6a6k+NxHQptyEXXuWEmOsEx_M3odmQ1Pso2gY+Q@mail.gmail.com> <150308957836.26649.615920951225490275.reportbug@umbar.angband.pl>

On Wed, 27 Mar 2024 at 14:43:40 +0200, Martin-Éric Racine wrote:
> ke 27. maalisk. 2024 klo 14.00 Andrey Rakhmatullin (wrar@debian.org) kirjoitti:
> > "Essential: yes" are always installed. Tools and dependencies assume they
> > are installed.  Bootstrapping tools install them implicitly. Package
> > management tools refuse to remove them.
> >
> > "Protected: yes" are nothing like that. Package management tools refuse to
> > remove them and that's all.

Another way to look at this is that if a Protected package is already
installed, then package management behaves as though it's Essential,
but if a Protected package is merely available from a configured apt
source, then nothing special happens.

> Protected: yes|no
> This field prevents a package from getting auto-removed by dpkg
> without using one of the force options.

True so far...

> It is intended for custom
> local packages not meant for upload to the Debian repository.

... but this isn't the whole story. Protected: yes is also appropriate
for non-local packages that are required for system boot, or for package
management. The design principle is that if it would be hard to recover
from removing a package once it has been installed, then it's Protected.

An example of Protected: yes on boot packages is that the init metapackage
is Protected: yes, to make sure you don't accidentally remove the init
system and make the system unbootable (which is hard to recover from
because before you can install a new init system, you need to be able to
boot). It might also make sense for bootloaders like grub to be Protected:
yes, although currently they are not.

An example of Protected: yes on package management packages is that it
would be appropriate to put Protected: yes on apt (although in fact apt
is hard-coded to behave that way even without Protected: yes), to avoid
accidentally getting into a situation where you have removed apt
(which is hard to recover from because now there's no package manager,
and no easy-to-validate trust chain to check that a manually-downloaded
apt_*.deb is authentic).

    smcv

Reply to:

References:
- Bug#872587: Document the Protected field
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>
- Bug#872587: Document the Protected field
  - From: Andrey Rakhmatullin <wrar@debian.org>
- Bug#872587: Document the Protected field
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>

Prev by Date: Bug#872587: Document the Protected field
Next by Date: Bug#1064593: Bug#1066967: Bug#1064593: Bug#1066967: dh_sphinxdoc: replaces files provided by read-the-doc theme by empty symlinks
Previous by thread: Bug#872587: Document the Protected field
Next by thread: Move "ITP" from Wiki into the Dev Ref
Index(es):
- Date
- Thread