Re: non-essential adduser poses problems to purging packages
- To: Helmut Grohne <helmut@subdivi.de>, debian-release@lists.debian.org, Andreas Beckmann <anbe@debian.org>, adduser@packages.debian.org, deity@lists.debian.org, submit@bugs.debian.org
- Subject: Re: non-essential adduser poses problems to purging packages
- From: Sebastian Ramacher <sramacher@debian.org>
- Date: Sun, 7 May 2023 10:49:40 +0200
- Message-id: <[🔎] ZFdmJBZSNg9HMI0I@ramacher.at>
- Mail-followup-to: Helmut Grohne <helmut@subdivi.de>, debian-release@lists.debian.org, Andreas Beckmann <anbe@debian.org>, adduser@packages.debian.org, deity@lists.debian.org, submit@bugs.debian.org
- In-reply-to: <[🔎] 20230504091750.GA2242429@subdivi.de>
- References: <[🔎] 20230504091750.GA2242429@subdivi.de>
Source: apt
Version: 2.5.4
Severity: serious
On 2023-05-04 11:17:50 +0200, Helmut Grohne wrote:
> Hi release team,
>
> Andreas Beckmann does wonderful QA work and recently figured that some
> packages use deluser during purge (e.g. #1035494 and #1035495). deluser
> is shipped with adduser and adduser used to be practically essential,
> becaue apt used to depend on it, but that dependency was removed on my
> request. Now apt never was essential to begin with, but having a Debian
> installation without apt is a relatively rare thing. So while this was
> theoretically buggy at all times, it is now practically observable.
The current list of relevant bug reports is:
#1034758 x2goserver-common x2goserver-common: fails to purge - command (deluser|delgroup) in postrm not found
#1035291 desktop-autoloader desktop-autoloader: fails to purge - command (deluser|adduser) in postrm not found 2023-04-30
#1035292 debian-edu-fai debian-edu-fai: fails to purge - command (deluser|adduser) in postrm not found 2023-04-30
#1035435 webdis webdis: fails to purge - command (deluser|adduser) in postrm not found
Those bugs might be fixable, but is this list complete?
And then there's that:
> Even if we fix these bugs in the packages, people may still upgrade
> their systems and remove them rather than upgrading. Then, once the
> upgrade is finished (and adduser is removed), they may consider purging
> them and boom things go bad without any way of us fixing those packages.
>
> So fixing these bugs (and probably not removing users in purge) is the
> way to go, but this also raises the question of whether we want to limit
> the possible damage in trixie by making adduser temporarily essential
> for trixie. What do you think?
I suppose you meant s/trixie/bookworm/. We are very late in the release
cycle, so dear apt maintainers, please re-instante the dependency on
adduser for bookworm. Once bookworm is released, removing adduser from
the pseudo-essential set can be revisited.
With such a change I would have expected upgrade/piuparts tests from
bullseye to bookworm that tried to remove adduser a various stages and
check for the fallout. Given that Andreas is only doing them now, that's
too late for changes to the pseudo-essential set.
Cheers
> Of course, I really like small essential and want it gone, but we need
> to balance that with possible breakage.
>
> I think this primarily is a decision that belongs to the release
> managers with the default choice being "do nothing about it".
>
> Helmut
>
--
Sebastian Ramacher
Reply to: