Bug #15690

Stop installing all "Priority: standard" packages only to remove some of them later

Added by intrigeri 2018-06-29 12:37:08 . Updated 2019-01-08 14:36:37 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Build system
Target version:
Start date:
2018-06-29
Due date:
% Done:

100%

Feature Branch:
bugfix/15690-stop-installing-all-priority-standard-packages
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

We currently pass --tasks standard to lb config. Due to inconsistencies between the main Debian archive and security.d.o regarding packages priority overrides, combined with an aufs bug, this has broken our incremental upgrades to 3.0.1 and later to 3.6: Bug #13426, Bug #15418.

I think our best option is to stop passing --tasks standard to lb config and instead explicitly list the packages we want to install in config/chroot_local-packageslists/*.list. And then every time we upgrade to a new version of Debian, we create a ticket to update that list, based on the current set of Priority: standard packages in that version of Debian. Using a separate file will make this clearer and easier to maintain.


Subtasks


Related issues

Related to Tails - Bug #15418: Find out what's going on with Exim in our ISO build process Resolved 2018-03-16
Related to Tails - Bug #13426: Tor does not start on Tails 3.0.1 automatically upgraded from 3.0 Resolved 2017-07-05
Related to Tails - Feature #16280: Refresh tails-standard.list packages list for Bullseye Confirmed 2019-01-04
Blocked by Tails - Bug #15472: Rebase our Tor Browser AppArmor policy on top of torbrowser-launcher 0.2.9-2's Resolved 2018-03-28
Blocked by Tails - Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades Resolved 2018-06-28
Blocks Tails - Bug #15854: Re-add UID/GID stability checks on feature/buster Resolved 2018-08-27
Blocks Tails - Bug #16272: Compare packages lists devel vs. feature/buster Resolved 2019-01-04

History

#1 Updated by intrigeri 2018-06-29 12:37:17

  • related to Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades added

#2 Updated by intrigeri 2018-06-29 12:37:21

  • related to Bug #15418: Find out what's going on with Exim in our ISO build process added

#3 Updated by intrigeri 2018-06-29 12:37:25

  • related to Bug #13426: Tor does not start on Tails 3.0.1 automatically upgraded from 3.0 added

#4 Updated by intrigeri 2018-06-29 12:56:03

  • related to Feature #15691: Refresh tails-standard.list packages list for Buster added

#5 Updated by intrigeri 2018-06-29 12:59:46

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 10
  • Feature Branch set to bugfix/15690-stop-installing-all-priority-standard-packages

#6 Updated by intrigeri 2018-06-29 13:11:28

  • blocked by Bug #15472: Rebase our Tor Browser AppArmor policy on top of torbrowser-launcher 0.2.9-2's added

#7 Updated by intrigeri 2018-06-29 18:20:20

  • related to deleted (Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades)

#8 Updated by intrigeri 2018-06-29 18:20:27

  • blocked by Bug #15419: Detect earlier in the dev process if we're breaking automatic upgrades added

#9 Updated by intrigeri 2018-06-29 18:27:30

  • Target version changed from Tails_3.9 to Tails_4.0
  • Feature Branch changed from bugfix/15690-stop-installing-all-priority-standard-packages to wip/bugfix/15690-stop-installing-all-priority-standard-packages

I’ve got a WIP branch that builds fine and the resulting packages list looks OK, but changing the installation order impacts the allocated UIDs/GIDs, which is precisely what we want to avoid here. So I think we should merge this branch into feature/buster, so that it’s applied only to a release that we won’t provide automatic upgrades to anyway. I doubt the kind of issues we’re after here will affect Stretch again anyway: I seriously hope that once the exim4 priority override problem was identified on security.d.o, all such overrides were sync’ed from Stretch.

#10 Updated by intrigeri 2018-06-30 10:26:38

  • related to deleted (Feature #15691: Refresh tails-standard.list packages list for Buster)

#11 Updated by intrigeri 2018-06-30 10:26:45

  • blocks Feature #15691: Refresh tails-standard.list packages list for Buster added

#12 Updated by intrigeri 2019-01-04 16:45:56

  • blocks Bug #15854: Re-add UID/GID stability checks on feature/buster added

#13 Updated by intrigeri 2019-01-04 16:53:54

  • Feature Branch changed from wip/bugfix/15690-stop-installing-all-priority-standard-packages to bugfix/15690-stop-installing-all-priority-standard-packages

#14 Updated by intrigeri 2019-01-04 16:55:31

Additionally:

  1. refresh this list based on the output of tasksel --task-packages standard | sort run in a clean Buster system
  2. create a ticket to do that again for Bullseye (see Feature #15691 for an example)

#15 Updated by intrigeri 2019-01-04 16:55:40

  • blocked by deleted (Feature #15691: Refresh tails-standard.list packages list for Buster)

#16 Updated by intrigeri 2019-01-04 20:45:41

  • related to Feature #16280: Refresh tails-standard.list packages list for Bullseye added

#17 Updated by intrigeri 2019-01-04 20:46:18

  • Assignee changed from intrigeri to CyrilBrulebois
  • % Done changed from 10 to 50
  • QA Check set to Ready for QA

#18 Updated by intrigeri 2019-01-04 20:47:42

  • blocks Bug #16272: Compare packages lists devel vs. feature/buster added

#19 Updated by hefee 2019-01-07 22:46:26

  • Assignee changed from CyrilBrulebois to hefee

#20 Updated by hefee 2019-01-07 23:04:20

  • Assignee changed from hefee to intrigeri
  • QA Check changed from Ready for QA to Pass

Te diff between the two packagelists look reasonable. More stuff is getting to be removed.

<code class="diff">
--- feature/buster
+++ bugfix/15690-stop-installing-all-priority-standard-packages

-aspell 0.60.7~20110707-5
-aspell-en      2018.04.16-0-1
+cryptsetup     2:2.0.6-1
 cryptsetup-bin 2:2.0.6-1
+cryptsetup-initramfs   2:2.0.6-1
+cryptsetup-run 2:2.0.6-1
-enchant        1.6.0-11.1+b1
-geoip-database 20181108-1
-libgdk-pixbuf2.0-bin   2.38.0+dfsg-7
-libgtk-3-bin   3.24.2-3
-libswitch-perl 2.17-2
-publicsuffix   20181227.1630-1
</code>

#21 Updated by intrigeri 2019-01-08 09:58:47

  • QA Check changed from Pass to Ready for QA

> Te diff between the two packagelists look reasonable. More stuff is getting to be removed.

>

<code class="diff">
> --- feature/buster
> +++ bugfix/15690-stop-installing-all-priority-standard-packages

> -aspell 0.60.7~20110707-5
> -aspell-en      2018.04.16-0-1
> +cryptsetup     2:2.0.6-1
>  cryptsetup-bin 2:2.0.6-1
> +cryptsetup-initramfs   2:2.0.6-1
> +cryptsetup-run 2:2.0.6-1
> -enchant        1.6.0-11.1+b1
> -geoip-database 20181108-1
> -libgdk-pixbuf2.0-bin   2.38.0+dfsg-7
> -libgtk-3-bin   3.24.2-3
> -libswitch-perl 2.17-2
> -publicsuffix   20181227.1630-1
> </code>

Thanks for checking!

  • aspell, aspell-en, enchant: I left them out on purpose as per Bug #16272#note-3 (otherwise Bug #16272 would lead to another branch that removes them anyway :)
  • cryptsetup: this branch independently re-introduces stuff that we’ve removed for Bug #16264; fixed with commit:b00d9a608b6f4e1ab9e22b24f389468587c2d529, will compare the packages lists again before merging into feature/buster
  • libgtk-3-bin, publicsuffix: similarly to aspell, we don’t ship them in Tails 3.x, no reason to add it here just to remove them later
  • geoip-database, libgdk-pixbuf2.0-bin, libswitch-perl: I doubt we need them, let’s see how it goes without them

#22 Updated by hefee 2019-01-08 10:30:56

  • QA Check changed from Ready for QA to Pass

> * aspell, aspell-en, enchant: I left them out on purpose as per Bug #16272#note-3 (otherwise Bug #16272 would lead to another branch that removes them anyway :)
ok

> * cryptsetup: this branch independently re-introduces stuff that we’ve removed for Bug #16264; fixed with commit:b00d9a608b6f4e1ab9e22b24f389468587c2d529, will compare the packages lists again before merging into feature/buster
ok

> * libgtk-3-bin, publicsuffix: similarly to aspell, we don’t ship them in Tails 3.x, no reason to add it here just to remove them later
ok

> * geoip-database, libgdk-pixbuf2.0-bin, libswitch-perl: I doubt we need them, let’s see how it goes without them

libs are mostly just installed as dependency, so if the purpose of installatino is gone, it is mostly safe to remove the libs too.

#23 Updated by intrigeri 2019-01-08 10:52:43

  • QA Check changed from Pass to Ready for QA

(As per “will compare the packages lists again before merging into feature/buster”)

#24 Updated by intrigeri 2019-01-08 14:36:11

  • Status changed from In Progress to Resolved
  • % Done changed from 50 to 100

Applied in changeset commit:tails|eaeb426fc196d0840f3f7c2b8832f144610e5469.

#25 Updated by intrigeri 2019-01-08 14:36:37

  • Assignee deleted (intrigeri)
  • QA Check changed from Ready for QA to Pass