Bug #15690
Stop installing all "Priority: standard" packages only to remove some of them later
100%
Description
We currently pass --tasks standard
to lb config
. Due to inconsistencies between the main Debian archive and security.d.o regarding packages priority overrides, combined with an aufs bug, this has broken our incremental upgrades to 3.0.1 and later to 3.6: Bug #13426, Bug #15418.
I think our best option is to stop passing --tasks standard
to lb config
and instead explicitly list the packages we want to install in config/chroot_local-packageslists/*.list
. And then every time we upgrade to a new version of Debian, we create a ticket to update that list, based on the current set of Priority: standard
packages in that version of Debian. Using a separate file will make this clearer and easier to maintain.
Subtasks
Related issues
Related to Tails - |
Resolved | 2018-03-16 | |
Related to Tails - |
Resolved | 2017-07-05 | |
Related to Tails - Feature #16280: Refresh tails-standard.list packages list for Bullseye | Confirmed | 2019-01-04 | |
Blocked by Tails - |
Resolved | 2018-03-28 | |
Blocked by Tails - |
Resolved | 2018-06-28 | |
Blocks Tails - |
Resolved | 2018-08-27 | |
Blocks Tails - |
Resolved | 2019-01-04 |
History
#1 Updated by intrigeri 2018-06-29 12:37:17
- related to
Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades added
#2 Updated by intrigeri 2018-06-29 12:37:21
- related to
Bug #15418: Find out what's going on with Exim in our ISO build process added
#3 Updated by intrigeri 2018-06-29 12:37:25
- related to
Bug #13426: Tor does not start on Tails 3.0.1 automatically upgraded from 3.0 added
#4 Updated by intrigeri 2018-06-29 12:56:03
- related to
Feature #15691: Refresh tails-standard.list packages list for Buster added
#5 Updated by intrigeri 2018-06-29 12:59:46
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
- Feature Branch set to bugfix/15690-stop-installing-all-priority-standard-packages
#6 Updated by intrigeri 2018-06-29 13:11:28
- blocked by
Bug #15472: Rebase our Tor Browser AppArmor policy on top of torbrowser-launcher 0.2.9-2's added
#7 Updated by intrigeri 2018-06-29 18:20:20
- related to deleted (
)Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades
#8 Updated by intrigeri 2018-06-29 18:20:27
- blocked by
Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades added
#9 Updated by intrigeri 2018-06-29 18:27:30
- Target version changed from Tails_3.9 to Tails_4.0
- Feature Branch changed from bugfix/15690-stop-installing-all-priority-standard-packages to wip/bugfix/15690-stop-installing-all-priority-standard-packages
I’ve got a WIP branch that builds fine and the resulting packages list looks OK, but changing the installation order impacts the allocated UIDs/GIDs, which is precisely what we want to avoid here. So I think we should merge this branch into feature/buster, so that it’s applied only to a release that we won’t provide automatic upgrades to anyway. I doubt the kind of issues we’re after here will affect Stretch again anyway: I seriously hope that once the exim4 priority override problem was identified on security.d.o, all such overrides were sync’ed from Stretch.
#10 Updated by intrigeri 2018-06-30 10:26:38
- related to deleted (
)Feature #15691: Refresh tails-standard.list packages list for Buster
#11 Updated by intrigeri 2018-06-30 10:26:45
- blocks
Feature #15691: Refresh tails-standard.list packages list for Buster added
#12 Updated by intrigeri 2019-01-04 16:45:56
- blocks
Bug #15854: Re-add UID/GID stability checks on feature/buster added
#13 Updated by intrigeri 2019-01-04 16:53:54
- Feature Branch changed from wip/bugfix/15690-stop-installing-all-priority-standard-packages to bugfix/15690-stop-installing-all-priority-standard-packages
#14 Updated by intrigeri 2019-01-04 16:55:31
Additionally:
- refresh this list based on the output of
tasksel --task-packages standard | sort
run in a clean Buster system - create a ticket to do that again for Bullseye (see
Feature #15691for an example)
#15 Updated by intrigeri 2019-01-04 16:55:40
- blocked by deleted (
)Feature #15691: Refresh tails-standard.list packages list for Buster
#16 Updated by intrigeri 2019-01-04 20:45:41
- related to Feature #16280: Refresh tails-standard.list packages list for Bullseye added
#17 Updated by intrigeri 2019-01-04 20:46:18
- Assignee changed from intrigeri to CyrilBrulebois
- % Done changed from 10 to 50
- QA Check set to Ready for QA
#18 Updated by intrigeri 2019-01-04 20:47:42
- blocks
Bug #16272: Compare packages lists devel vs. feature/buster added
#19 Updated by hefee 2019-01-07 22:46:26
- Assignee changed from CyrilBrulebois to hefee
#20 Updated by hefee 2019-01-07 23:04:20
- Assignee changed from hefee to intrigeri
- QA Check changed from Ready for QA to Pass
Te diff between the two packagelists look reasonable. More stuff is getting to be removed.
<code class="diff">
--- feature/buster
+++ bugfix/15690-stop-installing-all-priority-standard-packages
-aspell 0.60.7~20110707-5
-aspell-en 2018.04.16-0-1
+cryptsetup 2:2.0.6-1
cryptsetup-bin 2:2.0.6-1
+cryptsetup-initramfs 2:2.0.6-1
+cryptsetup-run 2:2.0.6-1
-enchant 1.6.0-11.1+b1
-geoip-database 20181108-1
-libgdk-pixbuf2.0-bin 2.38.0+dfsg-7
-libgtk-3-bin 3.24.2-3
-libswitch-perl 2.17-2
-publicsuffix 20181227.1630-1
</code>
#21 Updated by intrigeri 2019-01-08 09:58:47
- QA Check changed from Pass to Ready for QA
> Te diff between the two packagelists look reasonable. More stuff is getting to be removed.
>
<code class="diff">
> --- feature/buster
> +++ bugfix/15690-stop-installing-all-priority-standard-packages
> -aspell 0.60.7~20110707-5
> -aspell-en 2018.04.16-0-1
> +cryptsetup 2:2.0.6-1
> cryptsetup-bin 2:2.0.6-1
> +cryptsetup-initramfs 2:2.0.6-1
> +cryptsetup-run 2:2.0.6-1
> -enchant 1.6.0-11.1+b1
> -geoip-database 20181108-1
> -libgdk-pixbuf2.0-bin 2.38.0+dfsg-7
> -libgtk-3-bin 3.24.2-3
> -libswitch-perl 2.17-2
> -publicsuffix 20181227.1630-1
> </code>
Thanks for checking!
- aspell, aspell-en, enchant: I left them out on purpose as per
Bug #16272#note-3(otherwiseBug #16272would lead to another branch that removes them anyway :) - cryptsetup: this branch independently re-introduces stuff that we’ve removed for
Bug #16264; fixed with commit:b00d9a608b6f4e1ab9e22b24f389468587c2d529, will compare the packages lists again before merging into feature/buster - libgtk-3-bin, publicsuffix: similarly to aspell, we don’t ship them in Tails 3.x, no reason to add it here just to remove them later
- geoip-database, libgdk-pixbuf2.0-bin, libswitch-perl: I doubt we need them, let’s see how it goes without them
#22 Updated by hefee 2019-01-08 10:30:56
- QA Check changed from Ready for QA to Pass
> * aspell, aspell-en, enchant: I left them out on purpose as per Bug #16272#note-3 (otherwise Bug #16272 would lead to another branch that removes them anyway :)
ok
> * cryptsetup: this branch independently re-introduces stuff that we’ve removed for Bug #16264; fixed with commit:b00d9a608b6f4e1ab9e22b24f389468587c2d529, will compare the packages lists again before merging into feature/buster
ok
> * libgtk-3-bin, publicsuffix: similarly to aspell, we don’t ship them in Tails 3.x, no reason to add it here just to remove them later
ok
> * geoip-database, libgdk-pixbuf2.0-bin, libswitch-perl: I doubt we need them, let’s see how it goes without them
libs are mostly just installed as dependency, so if the purpose of installatino is gone, it is mostly safe to remove the libs too.
#23 Updated by intrigeri 2019-01-08 10:52:43
- QA Check changed from Pass to Ready for QA
(As per “will compare the packages lists again before merging into feature/buster”)
#24 Updated by intrigeri 2019-01-08 14:36:11
- Status changed from In Progress to Resolved
- % Done changed from 50 to 100
Applied in changeset commit:tails|eaeb426fc196d0840f3f7c2b8832f144610e5469.
#25 Updated by intrigeri 2019-01-08 14:36:37
- Assignee deleted (
intrigeri) - QA Check changed from Ready for QA to Pass