Debian still having trouble with merged /usr
The addition of the "/usr merge" feature has been something of longstanding mess in the Debian world. It seems like a relatively innocuous change, which is in keeping with the practice of most other distributions at this point; it effectively eliminates the top-level /bin, /sbin, and /lib* directories in order to move their contents to the corresponding locations under /usr. But ever since we first covered the feature introduction for Debian—more than six years ago—it has a been a recurring series of headaches within that community. Recent events have seemingly simply prolonged the pain, though perhaps the end is in sight.
Background
The /usr merge idea was first raised in "The Case for the /usr Merge" by Lennart Poettering in 2012. It came out of the systemd community, but was not meant to be systemd-specific, though, as the comment thread on that LWN post indicates, the idea was controversial at least in part because of its association with systemd. At its core, it was a straightforward plan to move the files in /bin to /usr/bin, then make a symbolic link so that /bin would resolve to /usr/bin; the same would be done for the other top-level directories of interest (/sbin and /lib*).
The main reason behind the merge was for compatibility with other Unix systems and to make building packages for Linux distributions easier; upstream software, build tools, and the like would no longer have to treat Linux specially. Anything that relied on /bin/foo or /usr/bin/foo would find what they were looking for, but everything would live under /usr. That would permit things like an immutable, distribution-supplied /usr, snapshots of the system state would be simpler, and so on.
Fedora, as is often the case, took the lead and implemented merged /usr, for Fedora 17 in 2012. Other distributions followed suit, with most of the mainstream distributions following the Fedora approach of having a "flag day" switch; new or upgraded versions of the distribution would either install a merged /usr or switch the system to use that as part of an upgrade. Supporting both the old and the new layout simultaneously was not something those distributions chose to do.
Debian took a more incremental approach, in part because it strives not to make wholesale changes to users' systems like those required by a flag-day upgrade to a merged /usr. In 2016, the ability to voluntarily switch to that scheme was added, then some attempts were made for newer versions of the distribution to be installed with a merged /usr by default. In 2018, the Debian build systems were switched to use that layout, but problems cropped up because packages built under a merged /usr would sometimes fail to work on non-merged systems. The location of some files was being resolved at build time to point into /usr/bin (for example), but those files only existed in /bin on the non-merged systems.
The build system changes were reverted, so that both types of systems could be supported. But the problem led Ian Jackson to ask the Debian technical committee (often abbreviated as CTTE or ctte), which is the ultimate arbiter of technical disputes within the project, to override the decision by the debootstrap developers to make merged /usr be the default. Debootstrap is used to create a base system into a directory that can then be used as a chroot environment for building additional packages, though it has other uses as well.
The committee declined to overrule the debootstrap maintainers, but did give a lengthy summary of the cases for and against /usr merge. The committee also used its advisory role to note that the then-under-development Debian 10 ("buster") would support both system types in a "weak" form, but suggested that it was desirable that Debian 11 ("bullseye") move toward a "middle" ground with better support for merged /usr.
Debian, being Debian, discussed the issue multiple times along the way, at varying levels of intensity and rancor. Supporting both types of systems was difficult in various ways, leading some to say that either /usr merge should be made mandatory—or scrapped entirely. At the end of 2020, Ansgar Burchardt asked the technical committee to decide whether Debian 12 ("bookworm") should only support merged /usr systems. At the end of January 2021, the question was put to a vote, and the result was unanimous in favor of doing so:
The Technical Committee resolves that Debian 'bookworm' should support only the merged-usr root filesystem layout, dropping support for the non-merged-usr layout.Until after the release of 'bullseye', any implementation of this resolution must be done in the 'experimental' distribution, or otherwise kept out of the critical paths for the release of 'bullseye'.
Symlink farms
That would seem to resolve the situation, in favor of a flag day for
Debian 12, but, as might be guessed, things did not quite work out
that way. During the discussion on the vote, committee member Simon
McVittie expressed concern
that there were two competing visions of what a merged /usr
meant. He wondered: "Should we be more specific than this in what we
vote on, to avoid
later having to adjudicate between developers who say that a particular
implementation is or isn't merged-usr?
" That comment would
foreshadow the events to come.
The "standard" way to support /usr merge, as described above, is
sometimes called "merged /usr via aliased
directories
". It is what the usrmerge tool, which got the ball
rolling for Debian in 2016, does; that mechanism is tracked on the UsrMerge page on the Debian
wiki. An alternative, which is championed by dpkg maintainer Guillem Jover, uses
"symlink farms", which McVittie described as follows:
an arrangement where all regular files that have traditionally been in /bin, /sbin, /lib and /lib64 are physically located in /usr, with /bin etc. becoming "symlink farms" containing symlinks like /bin/sh -> /usr/bin/sh, /lib/ld-linux.so.2 -> /usr/lib/ld-linux.so.2 and so on
There was some discussion in the bug entry about the advantages of the two different arrangements, but most of the participants seemed to think that the symlink-farm approach was not desirable, viable, or both. Along the way, McVittie realized that the earlier decision on debootstrap seemed to indicate that the committee thought that the aliased-directories mechanism was the singular approach to solving the /usr merge problem. His vote reflected that understanding.
The discussion moved to the mailing lists, where a certain amount of consensus was found, at least in some areas. McVittie opened a bug asking the committee to resolve the aliased directories versus symlink farm question along with others swirling around the upcoming /usr merge transition for bookworm. He was asking the committee to use its formal advisory role to offer guidance on how that transition should proceed.
A lengthy statement was put out for a vote by the committee; once again, it passed unanimously. The advice clearly rejected the symlink-farm approach, in favor of aliased directories, and made it clear that packages could not assume that systems have a merged /usr until Debian 13 ("trixie") development starts. Beyond that, the committee advised that upgrading from either type of system to Debian 12 should work, packages should build and function on both types of systems (until after Debian 12), and a few other items. The bug was marked as "done" on October 18 and, once again, it seemed that the situation was resolved.
Dpkg resistance
Meanwhile, though, the dpkg maintainer was adamantly opposed to the aliased-directories approach; his complaints were described in a MergedUsr page in the dpkg team's section of the wiki. It presented a long list of problems with that approach because the mechanism is handled outside of dpkg itself:
This approach goes behind dpkg's back, and has caused and [does] now cause problems due to the aliased directories, as multiple pathnames canonicalize into different pathnames that point to the same dentry, which can mess up anything that handles pathnames in databases and similar. Note: dpkg has supported for a long time symlinked directories as a way to allow local admins to manage filesystem size constraints, by moving directories contents into other partitions, but has never supported aliased directories via symlinks pointing to other directories already tracked by dpkg. This approach makes it impossible to know what is the canonical (from dpkg's PoV) pathname for an object just by looking at the filesystem, so it is trivial for users use the wrong one.
Many of the entries in the list were marked with a symbol indicating:
"This approach is considered broken by design and is unsupported by
dpkg. dpkg-buildinfo marks packages built on these systems as tainted in
the .buildinfo file.
" The symlink-farm approach is superior, the
page says, even
though it still has the aliasing problem for the symbolic links that get
installed:
This still suffers mild aliasing problems, but only for pathnames that will end up in both locations due to backwards compatibility symlinks, which should keep decreasing, and any such issue will self-heal over time, eventually ending up being just a handful of them. The big difference is that in the long term this is a tiny and decreasing bounded set of pathnames that might end up causing problems, while the other layout is an unbounded set affecting all pathnames permanently. Another thing that makes a difference is that the object is a symlink, and not the same object being accessed from different pathnames.
Both that page and the dpkg
FAQ entry recommend using the dpkg-fsys-usrunmess
utility, which "undoes the merged-/usr-via-aliased-dirs
mess
". So it was perhaps unsurprising when Josh Triplett reported in
mid-March that dpkg
had started to emit a warning when it was installed or upgraded:
Setting up dpkg (1.21.2) ... dpkg: warning: System unsupported due to merged-usr-via-aliased-dirs. dpkg: warning: See <https://wiki.debian.org/Teams/Dpkg/FAQ#broken-usrmerge>.This escalation seems in direct contradiction to the tech-ctte decision in 994388. Moreover, this seems to effectively use package maintainer scripts as a means of directing a complaint at Debian users that has not gotten traction in other forums, and then directing such users at a wiki page that contradicts a prior project decision.
His report was aimed at the committee bug that resulted in the decision
back in October. As Russ Allbery noted, that kind
of a warning "will be perceived by users as an official declaration from Debian as
a project that their system configuration is unsupported, while
simultaneously this is the default installation mode for new systems and
something that we have elsewhere said is a correct system
configuration
". Burchardt said
that the warning was already causing confusion and asked the committee to
decide quickly on how to handle it "to
avoid this becoming yet another energy drain (we had several
sufficiently long enough threads about this topic already)
".
Bugs and fixes
There is a question of what "supported" means in the context of /usr merge, Helmut Grohne said; he was added to the committee at the beginning of the year after two members reached their term limit and retired from it. He said:
At this point, neither merged-/usr nor unmerged-/usr is supported well. Both are broken in one way or another and nobody steps up to fix the mess. In particular, the dpkg maintainer does not support merged-/usr in dpkg (which is his constitutional right as long as he does not block reasonable patches), but neither does anyone else. As such I find it difficult to disagree with the content of the warning. I do see how it confuses people. It definitely does not reach people who could do something about [it]. Rather it takes users as hostages.
As had been mentioned in some of the (many) threads surrounding this issue,
Ubuntu has successfully made the move to a merged /usr; as Luca
Boccassi put
it: "And on top of new installations, old installations of Ubuntu upgrading
to 21.10 and/or the soon-to-be-released 22.04 have been [forcefully]
migrated too. They are not blocked, unsupported, or broken.
" There
have been few problems with that transition, at least according to
/usr merge proponents, so whatever bugs exist are not
show-stopping. But Allbery cautioned against
taking that too far:
We know that merged-/usr is buggy, in that one can construct a set of package operations that leave the system in an invalid state. We have a project disagreement over how serious those bugs are. No one is stepping forward to fix those bugs, which is indeed quite unfortunate. I personally strongly disagree with the belief that simply because Ubuntu hasn't seen many instances of this class of bugs while using a package set where people have not moved files between packages and out of /lib and /bin very much if at all, it is acceptable to leave dpkg in that buggy state.[...] I personally am disappointed that the folks who have been pushing merged-/usr forward are willing to leave dpkg in a known-buggy state without attempting to patch it to fix the remaining issues. I realize that there are various obstacles in successfully doing that, not all of which are technical, but I want to believe that Debian is the sort of project that will do the hard work (both technical and social) to fix edge cases and maintain a high level of consistency and correctness.
But Triplett disagreed with that characterization:
It does not seem at all obvious that such patches would have been accepted, given the repeated vehement objections from the dpkg maintainer about the chosen approach. Those objections did not invite contribution; at every point, the assertion was that usrmerge was broken, not that dpkg needed help supporting it.
Boccassi said
that looking at Ubuntu's experience is legitimate; the problems identified
are relatively small and "it's believed to be impossible
to get them fixed
" over the maintainer's objections. He asked what
else would be a reasonable way forward. Allbery replied that
proponents of the change should create a patch to fix the problems that
have been identified in dpkg even though it might be rejected. In part, it
comes down to finding something that is actionable under the powers of the
technical committee, he said in a
follow-up: "It's difficult, procedurally, for the TC to do anything about a
theoretical patch that someone could write but hasn't written.
"
Committee chair Sean Whitton agreed with that analysis, though he did say that he thought the committee could take action to get the warning changed or removed; other members concurred with that view. Shortly thereafter, Triplett pointed out that the warning message had changed, though it was not really any better in his view.
Grohne also wanted to see fixes for dpkg to better support merged /usr. He even mentioned the possibility of reverting the change:
If the resulting bugs do not get fixed, we may need to consider other means for limiting their impact. The most obvious method here is revisiting the decision and considering whether the /usr-merge may have failed. On a process level, it certainly has failed. At some point, we may need to look at a bigger picture than the technical one. If the people driving the change are not able to do it, then maybe we should not have that change in the first place and revert back to the known working state. Of course that route is not without cost.
A patch arrives
But as the thread progressed, Boccassi noted
that a link to a dpkg patch had just been posted to IRC by a user named "uau".
Allbery (among others) was elated to
see the patch and immediately had some feedback on ways to improve it.
Committee member Gunnar Wolf thought
that the "patch seems sane from a first, very much
10000m-point-of-view
"; he wondered if it had "been shared with
Guillem, or included in any relevant
bug report
".
Boccassi followed
up with some more information from the author of the patch, again from
IRC. The author said "that some time ago the patch was presented to the dpkg
maintainer, who rejected it with an answer along the lines of the usual
'usrmerge is broken by design', with no further comment
". Boccassi
wondered if those who had been looking for a patch of this nature would "try and
take it forward themselves
". Based on that conversation with the
author, the license of the patch is the same as for dpkg, so that should not be
a barrier.
Grohne said that he remembered some more concrete criticism of the patch and that the patch itself says that it is incomplete, so it cannot go into dpkg in its current form. He lamented the state of the transition, and once again raised the specter of reverting the whole thing:
The more and more I have to deal with the /usr-merge the more I get disappointed by how badly this transition is planned and carried out. In principle, the technical merits seem solvable to me, but the total failure on the process level leaves me wish for a revert. I am really surprised that instead of improving the process, you carry on with that destructive attitude. Given this, it seems unsurprising that Guillem does not want to interact with you. Of course that's not an excuse for implementing the recent changes to dpkg. The communication is clearly failing on both sides, which is why we're here at the ctte again.
Burchardt asked
that Grohne stop suggesting a revert unless he wanted to start the process
of asking the committee (or the developers by way of a general resolution)
to do so. There are lots of problems with making that change at this
point, so: "If you don't want that solution, please don't suggest it repeatedly:
it's non-motivating to spend any further time.
"
Things went further off the rails on March 29, with a non-maintainer
upload (NMU) for dpkg made by Bastian Blank that removed the warning
and stopped installing
dpkg-fsys-usrunmess. An NMU is something of a hostile act for a package
with an active maintainer. As reported by
Triplett, the NMU was quickly overridden by Jover with a comment:
"This also clears a bullying NMU.
" As Triplett put it:
"we're now even further into full-blown 'fights in the archive'
territory
".
In his most recent message (as of this writing), Grohne said that Boccassi was not being constructive and that he was not surprised Jover did not want to communicate with him about the problems. He reiterated some of the problems that have occurred with the feature, noting that the current problem was largely not technical:
It has a history of its proponents not fixing the resulting bugs, but deferring them to others and/or denying/downgrading them. I've definitely spent more than a week on fixing /usr-merge breakage excluding the time discussing it. It is not working fine at all. Possibly, it is fixable on a technical level, but it is totally broken socially. Please stop this unconstructive behaviour.While this may sound single-sided, Guillem's behaviour wrt /usr-merge cannot be described as constructive either. Rest assured, that side of the picture is not being ignored. That should also be evident from dpkg.git at this time.
The dpkg Git
repository does show a recent
change by Jover that removes the offending warning, but only on Debian systems.
The commit message could certainly be interpreted as non-constructive, as
well, however. For example: "On Debian some people seem so offended by a
(factual) warning, that the
obvious recourse has been for them to bully and abuse.
" The
communication between proponents of /usr merge and the
maintainer of the critical package-manager for the distribution seems utterly broken
at this point—probably irretrievably so.
It is not clear where things go from here. The technical committee has repeatedly made its feelings known on the path it wants to see the project take, but it cannot order anyone to do anything, exactly. Debian developers are volunteers and its packages are the personal fiefdoms of their maintainers. The Debian Constitution does allow the committee to override developer decisions—to not accept a patch, for example—but someone has to voluntarily do the work to bring the late-breaking dpkg patch up to snuff.
It seems like some project elder (in terms of experience, not necessarily age) could steer this kind of change through the rocks. While it would appear to be vanishingly unlikely that the committee would backtrack on its three earlier decisions, even though there are two new members since they were made, it is not impossible, at least in theory. The bugs that exist in dpkg with the aliased-directories version of /usr merge may simply live on as irritations for a time, since they do not really seem to rise to the level of a release-blocking bug, at least so far. We will all have to wait and see how it turns out in the next episode of "As the Debian Turns" ...
Posted Apr 6, 2022 0:01 UTC (Wed)
by NYKevin (subscriber, #129325)
[Link] (48 responses)
If you applied such a transformation, and kept new bad packages out of the repository with rigorous testing, would there still be problems?
Posted Apr 6, 2022 0:09 UTC (Wed)
by bluca (subscriber, #118303)
[Link] (33 responses)
Posted Apr 6, 2022 0:17 UTC (Wed)
by NYKevin (subscriber, #129325)
[Link] (32 responses)
Posted Apr 6, 2022 3:07 UTC (Wed)
by jreiser (subscriber, #11027)
[Link] (30 responses)
Posted Apr 6, 2022 5:03 UTC (Wed)
by milesrout (subscriber, #126894)
[Link] (29 responses)
Posted Apr 6, 2022 5:59 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
That way you are keeping a copy of what is fed to bash, although it still doesn't stop someone modifying the file copy.
Cheers,
Posted Apr 6, 2022 6:16 UTC (Wed)
by NYKevin (subscriber, #129325)
[Link] (27 responses)
Posted Apr 6, 2022 8:16 UTC (Wed)
by wtarreau (subscriber, #51152)
[Link] (26 responses)
Nobody should ever use "curl|bash", that's irresponsible, there's no valid reason except laziness for using it. At least do "curl>foo && less foo" and only then "bash foo".
Posted Apr 6, 2022 10:08 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (6 responses)
If curl stops at this location, bash won't run that line because it won't receive a newline and will instead be SIGPIPE-d.
Posted Apr 6, 2022 14:22 UTC (Wed)
by wtarreau (subscriber, #51152)
[Link] (5 responses)
No, SIGPIPE is for the writer, not the reader, so it would be for curl that would receive it if bash had quit. Here bash receives a regular EOF, and as you can trivially test below, it *does* execute a truncated command that doesn't contain an LF:
$ echo -n 'echo blah' | bash
Posted Apr 7, 2022 13:20 UTC (Thu)
by MrWim (subscriber, #47432)
[Link] (4 responses)
It's a suggestion about 40 years too late though :(.
Posted Apr 7, 2022 15:59 UTC (Thu)
by wtarreau (subscriber, #51152)
[Link] (3 responses)
50 years ;-) It would make pipes work a bit more like sockets, but with this come new classes of trouble such as who is responsible for closing in a process tree, etc. The success of pipes comes from their simplicity and we'd definitely lose quite a bit of it.
Also it would not necessarily address everything because the truncated script could for example start some processes and create temp files or mount temporary file systems, and being aborted in the middle by the transfer while it was expected to perform all the cleanup at the end.
Another example, imagine an install script that does something like this to convert ancient config files to the new format:
cleanup() { rm -rf /etc/svc-tmp; exit }
Of course it's completely made up you could end up with something bad if the script is truncated between "find" and "cp", you'd end up without your old files and with the new ones removed. And here catching the error doesn't change anything.
Posted Apr 8, 2022 12:54 UTC (Fri)
by MrWim (subscriber, #47432)
[Link] (1 responses)
Yeah, I guess for MPMC usage it would have to work on a file-descriptor level like `close` and some `fcntl` commands. Related to this I think it would be nice if child processes didn't inherit file-descriptors by default, except for stderr. Inheriting anything beyond that should be explicit, so child processes would start up with (0: /dev/null, 1: stderr, 2: stderr) by default.
On the subject of process trees and other changes to unix to dream about, I'd quite like it if all the child processes of a process were killed when the parent dies. You'd never have reparenting, or have to worry about killed processes leaving their children still running. Under this model if you wanted something to outlive parent (like with nohup) you'd have to ask a longer lived process (systemd?) to start it as a child.
Writing UNIX software is easy, as long as you're willing to tolerate weird behaviour when things fail. Writing robust UNIX software that does the right thing when you hit these edge cases is a massive PITA.
One can dream.
> The success of pipes comes from their simplicity and we'd definitely lose quite a bit of it.
True, it would definitely not be applicable to all pipes, and wouldn't solve all problems with them.
Posted Apr 8, 2022 14:03 UTC (Fri)
by wtarreau (subscriber, #51152)
[Link]
You have prctl(PR_SET_PDEATHSIG) for this, and PR_SET_CHILD_SUBREAPER can also be useful to some extents.
> Writing UNIX software is easy, as long as you're willing to tolerate weird behaviour when things fail. Writing robust UNIX software that does the right thing when you hit these edge cases is a massive PITA.
Totally agreed.
Posted Apr 8, 2022 15:33 UTC (Fri)
by nybble41 (subscriber, #55106)
[Link]
Posted Apr 6, 2022 13:07 UTC (Wed)
by mgedmin (subscriber, #34497)
[Link] (12 responses)
Of course you have to trust that the author of the script you're piping to bash is competent and not malicious.
But then again a Debian package's postinst script is a shell script that runs as root, so you also have to trust the author to be competent and not malicious.
Posted Apr 6, 2022 13:34 UTC (Wed)
by LtWorf (subscriber, #124958)
[Link]
Posted Apr 6, 2022 14:26 UTC (Wed)
by wtarreau (subscriber, #51152)
[Link] (10 responses)
That's precisely my point. Poeple seem to think about "curl|bash" being secure because "it comes from a trusted site" or whatever, but it has nothing to do with trusting the origin for not being malicious, but for the shell doing the right thing. And we all do bugs all the time without being malicious, and in addition the way this is handled cannot protect against transport issues.
The only way to make this reliable is to first download, then execute if the download completed successfully (and you've done the necessary extra checks that depend on the origin and your level of trust).
Posted Apr 6, 2022 15:31 UTC (Wed)
by KJ7RRV (subscriber, #153595)
[Link] (9 responses)
Posted Apr 6, 2022 15:33 UTC (Wed)
by KJ7RRV (subscriber, #153595)
[Link]
Oops, the commands didn't format correctly.
Posted Apr 6, 2022 16:55 UTC (Wed)
by wtarreau (subscriber, #51152)
[Link] (7 responses)
Posted Apr 6, 2022 19:33 UTC (Wed)
by KJ7RRV (subscriber, #153595)
[Link] (6 responses)
Posted Apr 7, 2022 19:42 UTC (Thu)
by wtarreau (subscriber, #51152)
[Link] (5 responses)
Posted Apr 8, 2022 2:10 UTC (Fri)
by KJ7RRV (subscriber, #153595)
[Link] (4 responses)
Posted Apr 14, 2022 16:47 UTC (Thu)
by zamubafoo (subscriber, #154779)
[Link] (3 responses)
You could do something like overlayFS rollback function, but I'm not sure if you can just apply the top layer to those below.
Posted Apr 16, 2022 16:06 UTC (Sat)
by KJ7RRV (subscriber, #153595)
[Link] (1 responses)
Posted Apr 16, 2022 16:51 UTC (Sat)
by KJ7RRV (subscriber, #153595)
[Link]
Posted Apr 17, 2022 15:32 UTC (Sun)
by smurf (subscriber, #17840)
[Link]
Cleaning up the resulting two (or three) subtrees from underneath the current one, in order to free the copyied-on-write bits, might require a couple of kernel enhancements, but that seems solvable.
Posted Apr 6, 2022 19:50 UTC (Wed)
by gnu_lorien (subscriber, #44036)
[Link] (5 responses)
The valid reason is that people don't know how to make this safer and there's often no way to install the software they need other than doing this.
This is one of those areas where I think distros and package management software have really failed their users. If "It's not difficult at all and offers more guarantees of correctness" then why don't we have things like:
dpkg -i --web-bash-url=http://site-you-can-trust.org/install.bash
One can envision how these systems could do something to keep a history of what those scripts did and what they changed that would be extremely difficult for users to put together on their own in a one-liner. Why don't they?
I could make a similar argument for package systems and their disdain for vendoring. Like it or not this is how a lot of packages are shipped to consumers and users are not choosing the distros over the software that they want. After all the hemming and hawing about how "npm should do better" all users really come away with is, "My distribution can't install the software I want, so I'll use whatever the website suggests."
Posted Apr 7, 2022 15:45 UTC (Thu)
by wtarreau (subscriber, #51152)
[Link]
Yes there is another way, at least the one I mentioned to do it in two steps. 1) download, 2) execute. *Even* doing just that without reading the script is much safer because they only need to trust the origin and not the network. Really the only reason they proceed like this (and more importantly to provide such methods) is because it look cool and it impresses friends.
> Like it or not this is how a lot of packages are shipped to consumers
That's the first point I'm complaining about.
> and users are not choosing the distros over the software that they want
Yes they do choose to blindly copy-paste that dangerous line without checking. Downloading the script *before* executing it is not difficult, and if they cannot do that because they really have no idea what they're doing in this funny terminal, they'd rather not copy-paste random strings from the web because even copying extra delimiters or misplaced quotes can have devastating effect for them.
Posted Apr 7, 2022 21:37 UTC (Thu)
by calumapplepie (guest, #143655)
[Link] (3 responses)
Never going to happen. Dpkg isn't a tool for installing arbitrary software on your system: it is a tool for installing software intended for Debian systems, and formatted appropriately. Adding that option implies to the user that dpkg will somehow keep track of what the script does, and allow you to apt remove it later. Which you can't, because that script can do whatever it wants.
Perhaps someone will put together a separate shell script that does that for you in the future, but I doubt it. The trend of "just run this magic script" is a security nightmare, and simply logging what is run isn't enough: any decent malicious script will simply edit the log.
> Like it or not this is how a lot of packages are shipped to consumers and users are not choosing the distros over the software that they want.
I avoid any software that is not in my distribution like the plague. The literal plague. Just because you have a dozen outdated copies of Electron powering a dozen different apps doesn't mean the rest of us want that. The first place many users go for software, in my opinion, is a quick apt search. You know whatever gets added through there is trustworthy, can be easily removed, and won't cause duplication across your system. The same cannot be said for software that is self-published.
If a software is being shipped to consumers via a magic shell script, it is two things. One, it isn't a package: it contains many unrelated things that you probably already have, and it isn't being installed and managed by a centralized package manager. Two, it isn't trustworthy: anyone can publish a website, and anyone can but binaries up for download there. There is an independent review process for Debian packages: no such process exists for random websites. There is a signing mechanism for Debian packages, with a root of trust in keys that are placed there on installation: no such root of trust exists for a third party package. Sure, it might verify what it downloaded: but since it also just downloaded the key, that's no guarantee that an attacker didn't corrupt it.
If you want me to run your code, and it isn't absolutey essential I run your specific product, I will look for an alternative in my distribution.
Posted Apr 7, 2022 22:28 UTC (Thu)
by mpr22 (subscriber, #60784)
[Link] (1 responses)
If software is being shipped to people via a magic shell script, it probably isn't being shipped to "consumers", but rather to techies with a dismally low standard of security.
I'm reasonably confident that the main route for software to be installed on Linux systems by "consumers" is probably the Steam client, with some favouring the GOG or itch.io clients instead.
Posted Apr 8, 2022 6:36 UTC (Fri)
by kleptog (subscriber, #1183)
[Link]
Sometimes you're just not given a choice. The recommended procedure for installing Rust is a curl | sh command. Sure, Debian ships with a version of Rust, but it's sometimes too old to build whatever software you're using which decided to start using Rust and require a super recent version. So you hold your nose and think "it's building inside a container anyway".
The situation got a lot better with Bullseye, but in a few places I wish there was a debian-backports with recent versions of Rust.
Posted Apr 8, 2022 14:44 UTC (Fri)
by floppus (guest, #137245)
[Link]
At least one such script exists (checkinstall). I haven't used it in many years and it's certainly not perfect, but it worked acceptably well back in the day.
Posted Apr 6, 2022 3:25 UTC (Wed)
by foom (subscriber, #14868)
[Link]
Indeed this seems like an obvious answer. And, it is effectively what the proposed (but reportedly summarily rejected) dpkg patch by "uau" implements. Only instead of normalizing on database write, it normalizes on database read.
Posted Apr 6, 2022 0:45 UTC (Wed)
by atnot (subscriber, #124910)
[Link] (11 responses)
Posted Apr 6, 2022 13:09 UTC (Wed)
by mgedmin (subscriber, #34497)
[Link] (10 responses)
Posted Apr 7, 2022 7:30 UTC (Thu)
by madhatter (subscriber, #4665)
[Link] (9 responses)
Posted Apr 7, 2022 8:57 UTC (Thu)
by atnot (subscriber, #124910)
[Link] (1 responses)
Compare, say, the models used by Rust, Fedora and many other projects, where ownership is shared and changes are made through "change proposals" that are signed off on by a smaller group that determines if sufficient consensus exists in the community for them to go through. This means you keep the do-ocratic nature, heavy discussions and consensus building. However, crucially, once decisions have been made, they can be implemented (or reverted) by the change owners without requiring much work from anybody else. That is, imo, a much better approach than giving everyone a shotgun and their little patch of "don't tread on me" land to viciously squabble over.
Posted Apr 8, 2022 10:46 UTC (Fri)
by smurf (subscriber, #17840)
[Link]
So no it's not Debian that "has trouble" with merged /usr. IMHO it's the maintainer of the dpkg package who *causes* said trouble.
Posted Apr 12, 2022 23:58 UTC (Tue)
by ras (subscriber, #33059)
[Link] (6 responses)
Yes, watching it in action is for masochists. If you ever wanted an example of why you should not look at how the sausage is made, it's Debian. After watching it in action, I find myself surprised when it comes to a conclusion. Yet despite appearances, if you look how Debian has transformed itself over the years, it's made many fundamental changes to how it operates, and some like reproducible builds have literally set the pace for the rest of the software world to follow.
If you evaluate it by end results, then Churchill's quote summarises the situation well: "It has been said that democracy is the worst form of Government except for all those other forms that have been tried from time to time.…"
The technical committee is one of Debian's hidden gems. Not because it has power to force anything - as this illustrates it doesn't. All it's writings do is collect the facts, and organise the arguments. In doing so it makes it possible for the 1000 odd people in the project to assess the situation without having to wade through tons of emails, IRC chats, Debconf discussions, half or which are flamewars. The "power" of the technical committee is without it, the project would not reach an informed consensus in many cases. Instead the loudest voice would win.
It looks to be the best in class of any open source project. Sadly, it contrasts to how Debian handles other more personal conflicts. Debian like all large organisations works because on a whole, there is conflict is solved by consensus rather than one group ousting another. If it is to survive, the Debian project has to protect itself form such individuals who generate more heat than light by banning them from mailing lists, infrastructure, wiki's and even expulsions. It does that of course, but as a DD myself what happened behind the scenes to justify those decisions is so opaque (which is usually justified with "privacy" handwaving), it's impossible to feel comfortable with them. I wish we had a committee as diligent as the technical committee summarising those situations.
Posted Apr 13, 2022 5:31 UTC (Wed)
by zdzichu (subscriber, #17118)
[Link] (5 responses)
How to prevent such conflicts? Banning maintainer from mailinglists achieves nothing. Don't use software you have no influence on as a critical part of distribution? Don't mix upstream and downstream maintainership? Have more active provenpackager group?
Posted Apr 13, 2022 6:38 UTC (Wed)
by ras (subscriber, #33059)
[Link] (3 responses)
That sanction is used when people are behaving unpleasantly to each other. This is a technical disagreement, so it has no role here. If Debian started disciplining or banning people because they didn't agree with a technical decision the project would fall apart.
I was trying to make clear I think Debian's track record of resolving technical disagreements like this is very good. The article was written because to onlookers this resolution process it can look a little chaotic, but it's track record speaks for itself. I have no doubt this will be resolved well too.
Posted Apr 13, 2022 16:01 UTC (Wed)
by smurf (subscriber, #17840)
[Link] (2 responses)
The technical part has been settled, as far as Debian is concerned, by the CTTE, so the consequence for everybody else is to either go with the flow (under protest if necessary) or step aside and let somebody solve the problem who doesn't have a vested interest not to.
The fact that the dpkg maintainer apparently chose "none of the above" is … unfortunate. As in "Debian could do with less heated arguments, not more".
Disclaimer: I didn't peruse Debian's mailing list archives lately, so this impression might be wrong and/or outdated.
Posted Apr 13, 2022 23:21 UTC (Wed)
by ras (subscriber, #33059)
[Link] (1 responses)
There is another aspect to this. Someone has to do the work.
Debian is a volunteer organisation. It can't direct anyone to do something. If there is only one person offering to do something (such as maintain dpkg), then there are only two options: it's done as they want, or it doesn't happen. Someone not maintaining dpkg isn't a tenable option for Debian, obviously. So if this is the situation then there is no role for the technical committee, as there is no decision to be made.
There will be a role if the dispute becomes so heated another credible group stands up and offers to take over the maintenance of dpkg ongoing. But that's a big job, it's absolutely critical it be done well and the current maintainer has been doing it very well for a long while. So it's not surprising no one has stepped up to fill those very big shoes. Since no one has stepped up there is no role for the technical committee, yet.
But ... if goes on long enough passions will rise, and if they keep rising eventually someone credible will step up. Only then will we have the conditions where the technical committee can play a role - two people offering to do things that can't both proceed, and the project must choose which one will happen. That choice is made by the technical committee.
In other words Debian is not an autocracy. The direction the project takes isn't made at the head, by someone in power (say the technical committee, or the project leader) who then tells people to do their bidding. Debian is a do'ocracy. Progress is made by people electing to do things of their own accord, doing work that interests them. Inflection points like this, where what two people want to do conflict, are rare enough to warrant news articles such as this one.
The idea a large project with clear objectives could arise from such a chaotic system is surprising to some. I personally believe it delivers the largest Linux distro on the planet which is also among the most reliable, and it does so for the lowest cost.
Posted Apr 14, 2022 6:39 UTC (Thu)
by smurf (subscriber, #17840)
[Link]
Somebody already did the work, or at least a reasonably-well-working PoC that could easily be the basis for a perfectly working solution to the problem IMHO, but was roundly rebuffed by the maintainer.
Stepping up to replace the current maintainer is a somewhat radical step, at least within Debian, that no wonder nobody has offered to wear that hat. It might yet come to that.
Posted Apr 15, 2022 19:32 UTC (Fri)
by amacater (subscriber, #790)
[Link]
Posted Apr 6, 2022 2:29 UTC (Wed)
by josh (subscriber, #17465)
[Link]
What we could do, though, is give dpkg a list of directory mappings, and have it automatically translate all files from packaged location to installed location at unpack time as though the package shipped them in those locations.
Posted Apr 10, 2022 4:50 UTC (Sun)
by rra (subscriber, #99804)
[Link]
There's no way around modifying dpkg to fix this properly (unless the entire change is reverted, of course, but reverting it is also dangerous and buggy). Personally, I favor changing dpkg so that it has built-in, native understanding of merged-/usr specifically, and adjusts its package operations accordingly on merged-/usr systems. The proposed patch does move somewhat in that direction, but architecturally it's very brute-force and doesn't handle a bunch of edge cases, so it's not really ready to merge as-is.
I personally am convinced that this is a solvable problem, but implementing this properly is just tricky enough that it's not the kind of work that someone could knock off in a couple of days. It would require a few weeks of careful work and a whole lot of testing, and it's understandable that people aren't willing to embark on that work if they don't feel there's any reasonable chance of it being merged. And the social issues are currently getting worse, rather than better, which makes the exact cooperation required to finish an entirely doable technical change that requires some careful design and care difficult to find. Meanwhile, usrmerge works just well enough and the problems are rare enough that it will work for 99% of systems, and thus the problems with it aren't quite painful enough for everyone to agree they have to be fixed.
Posted Apr 6, 2022 1:00 UTC (Wed)
by milesrout (subscriber, #126894)
[Link] (59 responses)
Posted Apr 6, 2022 1:02 UTC (Wed)
by KJ7RRV (subscriber, #153595)
[Link] (31 responses)
Posted Apr 6, 2022 1:04 UTC (Wed)
by KJ7RRV (subscriber, #153595)
[Link] (1 responses)
:%s/autocorrect/autoincorrect/g
Posted Apr 6, 2022 15:29 UTC (Wed)
by Wol (subscriber, #4433)
[Link]
Cheers,
Posted Apr 6, 2022 2:06 UTC (Wed)
by josh (subscriber, #17465)
[Link] (17 responses)
First, technical challenges: HURD tried to move from /usr to / and had quite a bit more trouble with it, and that trouble warned against trying it on a larger scale. It's much easier to move from / to /usr than from /usr to / ; fewer things break.
Second, consolidation: moving *into* /usr gives us a single directory containing all files managed by the distro / package manager. This has quite a few advantages. It makes sharing /usr among several chroots or containers feasible (one /usr, different /etc and /var). It makes versioning and A/B upgrades (upgrade to new image, fall back to old image if new image doesn't boot) simpler and easier. It makes it easy to lock down /usr with something like fs-verity.
Posted Apr 6, 2022 15:33 UTC (Wed)
by juliank (guest, #45896)
[Link] (1 responses)
Posted Apr 6, 2022 16:00 UTC (Wed)
by bluca (subscriber, #118303)
[Link]
Posted Apr 7, 2022 5:51 UTC (Thu)
by smurf (subscriber, #17840)
[Link] (14 responses)
The easiest remedy for this is to move /var/lib/dpkg to /usr/state/ (or wherever), and bind-mount /var/lib/dpkg to that. No, a symlink isn't sufficient.
Posted Apr 7, 2022 6:10 UTC (Thu)
by josh (subscriber, #17465)
[Link] (13 responses)
Posted Apr 7, 2022 8:14 UTC (Thu)
by bluca (subscriber, #118303)
[Link] (12 responses)
Posted Apr 8, 2022 4:25 UTC (Fri)
by pabs (subscriber, #43278)
[Link] (11 responses)
Posted Apr 8, 2022 11:09 UTC (Fri)
by smurf (subscriber, #17840)
[Link] (10 responses)
Specifically you want a 3-way merge between the old /etc, the new one as updated by dpkg, and your current /etc contents. Surprise, there's etckeeper and git, so this is a solved problem.
Solution: teach dpkg to redirect any files in /etc to /usr/state/etc instead, use etckeeper to check those into git, pull that from your system's /etc, ask the user to fix any merge conflicts, done. Maybe do the manual merge in a scratch /run/etc directory so the system isn't in a broken state while you do this. Ditto for updating config file formats to newer versions, and other shenanigans some packages get into.
The chances of this actually happening while dpkg's current maintainer guards their fiefdom are somewhat less than zero, however. Otherwise I'd've started implementing this scheme years ago.
Posted Apr 8, 2022 11:36 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (9 responses)
Ultimately, the deep bug is outside dpkg - programs should read and merge multiple config locations, so that you can have /usr/etc containing the packaged config, and /etc containing the user config.
Posted Apr 9, 2022 1:39 UTC (Sat)
by josh (subscriber, #17465)
[Link] (8 responses)
Posted Apr 9, 2022 2:22 UTC (Sat)
by pabs (subscriber, #43278)
[Link] (7 responses)
Posted Apr 9, 2022 9:37 UTC (Sat)
by bluca (subscriber, #118303)
[Link]
Posted Apr 9, 2022 9:39 UTC (Sat)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Apr 9, 2022 9:51 UTC (Sat)
by smurf (subscriber, #17840)
[Link] (4 responses)
OpenWRT tries to do something along these lines. Rather than hack the individual services they invented their own data structure (still text based, but a common format – though personally I'd use YAML instead of their scheme) and then generate the service-specific config files from that. Requires a generator script for each service supported that way, of course.
Posted Apr 12, 2022 0:03 UTC (Tue)
by pabs (subscriber, #43278)
[Link]
OTOH, the OpenWRT approach is *great* in the situation where there is a reasonably complete web app for the config in the Luci web interface. A discoverable graphical interface is often way easier to use than config file formats with a wide range of options, some of which might not be well documented.
Posted Apr 12, 2022 10:05 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link] (2 responses)
Posted Apr 12, 2022 11:04 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (1 responses)
Posted Apr 12, 2022 19:56 UTC (Tue)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Apr 7, 2022 0:20 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link] (10 responses)
Posted Apr 7, 2022 6:03 UTC (Thu)
by epa (subscriber, #39769)
[Link] (9 responses)
Posted Apr 7, 2022 9:22 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (8 responses)
And of course, as referenced elsewhere in this thread, the reason to have a split between / and /usr is that you can't have a / partition that's big enough to store the whole system, so you put some of the binaries in /usr instead. This is all from the days before UNIX did dynamic linking, so it's fairly trivial to get the split right.
Since then, we've acquired snapshotting filesystems (LVM snapshots, ZFS, Btrfs), which make it easier to administer the system if you never want to take a snapshot of /, instead snapshotting mount points under /. This motivates a gradual move to having / just contain mount points, and in turn motivates merging /bin and /lib into /usr.
Posted Apr 8, 2022 10:53 UTC (Fri)
by smurf (subscriber, #17840)
[Link] (1 responses)
This option is not supported by most installers … but that's a different problem.
Posted Apr 8, 2022 11:34 UTC (Fri)
by farnz (subscriber, #17727)
[Link]
Oh yes, it's entirely possible to snapshot /bin and /lib atomically while not snapshotting the rest of the root filesystem, it's just not as easy as having everything in a subdirectory that you snapshot instead.
Posted Apr 8, 2022 16:38 UTC (Fri)
by jhhaller (guest, #56103)
[Link] (5 responses)
The first Unix system I used had a single RK05 removable hard drive (2.5 MB capacity), and a 9-track magnetic tape based on a PDP 11/40. It could fit Unix v6 on that drive with some room for user files. When we got Unix v7, it no longer fit on a single drive, and ended up having to use a dd backup of the hard drive root partition to the tape to extract some of the good bits. You haven't lived unless you have booted root from a tape drive. The stuff in /usr/bin absolutely would not fit, maybe one or two critical pieces. But, that was the big reason for / and /usr being separate. Even when moving to larger drives (RP06) 176 MB drive, having /usr separated into a separate device was helpful. There were some optimizations for having /bin, such as being faster to access executables earlier in the search path, but not noticeable for interactive jobs. Distributions didn't have packages, you got everything.
Few of these reasons still exist today, between larger devices and optional package installations. While that doesn't make converting existing systems easy, there is no reason to keep a relic of ancient times.
Posted Apr 8, 2022 17:20 UTC (Fri)
by farnz (subscriber, #17727)
[Link] (4 responses)
And importantly, in the modern world, we have the initramfs, which is the root you boot from (replaces the tape or the boot RK05/RP06 in your story).
So the same split between a minimal FS to boot from and a big FS for the running system still exists - it's just that the minimal FS is now the initramfs, not your root partition on a real disk.
Posted Apr 9, 2022 2:24 UTC (Sat)
by pabs (subscriber, #43278)
[Link] (3 responses)
Posted Apr 9, 2022 6:47 UTC (Sat)
by zdzichu (subscriber, #17118)
[Link] (1 responses)
Posted Apr 9, 2022 9:40 UTC (Sat)
by bluca (subscriber, #118303)
[Link]
Posted Sep 9, 2022 22:42 UTC (Fri)
by anatolik (guest, #73797)
[Link]
Posted Apr 6, 2022 1:59 UTC (Wed)
by calumapplepie (guest, #143655)
[Link] (19 responses)
Quick: is bash in /bin or /usr/bin? How about python? awk? groff? pearl? java? (yes you can shebang java scripts now).
The beautiful thing about usrmerge is that there isn't really a "standard" path. For all intents and purposes, /bin is the standard path: it contains everything /usr/bin does, because that how symlinks work.
Posted Apr 6, 2022 2:30 UTC (Wed)
by milesrout (subscriber, #126894)
[Link] (11 responses)
Posted Apr 6, 2022 2:41 UTC (Wed)
by dskoll (subscriber, #1630)
[Link] (6 responses)
That won't work if you need another argument on the commandline. For example, this will fail:
#!/usr/bin/env awk -f
Posted Apr 6, 2022 4:02 UTC (Wed)
by wahern (subscriber, #37304)
[Link] (5 responses)
Sometimes Linux' behavior in this respect is annoying--other kernels field split the shebang argument substring, at least up to some limit, before appending the script path and original argument vector--but I can't remember the last time I got bit by that. Maybe trying to use `perl -w` instead of `use warnings` a couple weeks ago? But that's because I'm stubborn. Didn't Perl 5 introduce `use warnings` precisely to resolve this problem, or am I misremembering?
Posted Apr 6, 2022 5:02 UTC (Wed)
by buck (subscriber, #55985)
[Link] (2 responses)
Perhaps more edifying: the GNU version of env allows you to use a -S option to get around the issue of the "shebang" line not being parsed into multiple arguments; see https://man7.org/linux/man-pages/man1/env.1.html#OPTIONS which has an example of a shebang line invoking env to split up a perl command line so that perl's -w option can be set.
Posted Apr 6, 2022 12:12 UTC (Wed)
by dskoll (subscriber, #1630)
[Link]
Cool! I did not know about -S. Thanks!
Posted Apr 6, 2022 17:23 UTC (Wed)
by jond (subscriber, #37669)
[Link]
Posted Apr 6, 2022 5:29 UTC (Wed)
by josh (subscriber, #17465)
[Link] (1 responses)
Posted Apr 6, 2022 12:13 UTC (Wed)
by dskoll (subscriber, #1630)
[Link]
In the specific case of awk, though, the -f is mandatory, whether it's on the shebang line or by a direct command-line invocation.
Posted Apr 6, 2022 9:24 UTC (Wed)
by ballombe (subscriber, #9523)
[Link] (3 responses)
Posted Apr 6, 2022 17:17 UTC (Wed)
by fredex (subscriber, #11727)
[Link] (2 responses)
Posted Apr 6, 2022 18:01 UTC (Wed)
by excors (subscriber, #95769)
[Link]
(...except Debian recently wanted to deprecate which (https://lwn.net/Articles/874049/) so that may not work either.)
Posted Apr 7, 2022 16:14 UTC (Thu)
by Tet (guest, #5433)
[Link]
Posted Apr 6, 2022 2:55 UTC (Wed)
by KJ7RRV (subscriber, #153595)
[Link] (6 responses)
Posted Apr 6, 2022 3:36 UTC (Wed)
by calumapplepie (guest, #143655)
[Link] (5 responses)
TLDR: /usr/local can and should be shared. If you want your package to live separately, see /opt/
Posted Apr 6, 2022 4:16 UTC (Wed)
by KJ7RRV (subscriber, #153595)
[Link] (1 responses)
Posted Apr 6, 2022 4:41 UTC (Wed)
by calumapplepie (guest, #143655)
[Link]
Posted Apr 6, 2022 17:24 UTC (Wed)
by jond (subscriber, #37669)
[Link]
Posted Apr 6, 2022 17:46 UTC (Wed)
by jccleaver (guest, #127418)
[Link] (1 responses)
For all but the most trivial of packages, you almost always are expected to use _bindir or _sbindir appropriately in your RPMs.
Posted Apr 6, 2022 18:13 UTC (Wed)
by bluca (subscriber, #118303)
[Link]
Posted Apr 6, 2022 2:33 UTC (Wed)
by Paf (subscriber, #91811)
[Link] (6 responses)
Posted Apr 6, 2022 9:36 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (5 responses)
It is “incorrect” mainly because / and /usr have been separate for almost 50 years – mostly because the PDP-11 the original Unix people at Bell Labs were using had disks that were too small to hold the content of both / and /usr on one drive, not because it was an inspired design with obvious and far-reaching architectural advantages –, and secondarily because the suggestion of merging them comes from the person who is also responsible for systemd, which implies that anything he says is automatically suspect.
Posted Apr 6, 2022 10:39 UTC (Wed)
by pebolle (guest, #35204)
[Link]
Posted Apr 6, 2022 17:54 UTC (Wed)
by jccleaver (guest, #127418)
[Link] (3 responses)
Anything LP says *is* automatically suspect, or should be. The systemd cabal has been the source of more needless sysadmin misery than any other aspect of Linux in the last 12 years, and the fact that it was snuck in (on the RH side) as a nearly-invisible transition just like the swap to upstart had been from EL5->EL6 doesn't help with his trustworthiness. (Nor, indeed, does his history before that, but that's a separate matter.)
systemd is the ur-example of the slippery slope, and this extended pain demonstrates how far that slope goes. This was from 2019 in Fedora, but I wouldn't be surprised if there were still more landmines out there thanks to this... https://bugzilla.redhat.com/show_bug.cgi?id=1691825
Posted Apr 14, 2022 19:42 UTC (Thu)
by rahulsundaram (subscriber, #21946)
[Link]
This is not rational especially given that Lennart wasn't even involved in this change, at all and it had nothing to do with systemd. Evaluate changes on their own merits.
http://0pointer.de/blog/projects/the-usr-merge
"Primarily I put this together to have a nice place to point all those folks who continue to write me annoyed emails, even though I am actually not even working on all of this..."
>This was from 2019 in Fedora, but I wouldn't be surprised if there were still more landmines out there thanks to this...
https://docs.fedoraproject.org/en-US/packaging-guidelines...
This one is just an example of a maintainer fixing up the package they maintain to follow the guidelines as documented after a change. Hardly new or surprising.
Posted Apr 15, 2022 11:30 UTC (Fri)
by HelloWorld (guest, #56129)
[Link] (1 responses)
Posted Apr 19, 2022 4:35 UTC (Tue)
by flussence (guest, #85566)
[Link]
But on the whole his involvement in FOSS has made my life as a sysadmin much less miserable, and I don't even use systemd.
Posted Apr 6, 2022 3:25 UTC (Wed)
by flussence (guest, #85566)
[Link] (1 responses)
Posted Apr 6, 2022 7:17 UTC (Wed)
by dilinger (subscriber, #2867)
[Link]
brb, whipping up a patch :D
Posted Apr 6, 2022 6:56 UTC (Wed)
by digwer (guest, #123427)
[Link] (4 responses)
Posted Apr 6, 2022 8:32 UTC (Wed)
by matthias (subscriber, #94967)
[Link] (1 responses)
Posted Apr 6, 2022 10:38 UTC (Wed)
by digwer (guest, #123427)
[Link]
Posted Apr 6, 2022 13:00 UTC (Wed)
by smoogen (subscriber, #97)
[Link] (1 responses)
Posted Apr 6, 2022 14:28 UTC (Wed)
by flussence (guest, #85566)
[Link]
These paper standards aren't nearly as important as the undocumented meta-standards for how to cope with systems that don't follow them in the first place, as those are what everyone* ends up using anyway. Things like pkgconf, LD_PRELOAD, autotools (blegh) and its replacements (and their replacements, and...).
[*] a well-behaved subset of "everyone", anyway. I've recently had to deal with distro-packaging an app that hardcodes everything to be in the same directory as the main binary...
Posted Apr 6, 2022 8:26 UTC (Wed)
by bluca (subscriber, #118303)
[Link] (26 responses)
So the important questions it would have been interesting to see explored from an outsider's perspective are, how does/can a volunteer project based on bureaucracy like Debian deal with dissent or even obstructionism? Can the project make effective decisions and implement then, whatever they might be, given its self-imposed rules and customs and the practical reality of how volunteers take care of specific parts of the projects as their own thing? Are there similar situations in other projects/distros? And so on.
Posted Apr 6, 2022 9:49 UTC (Wed)
by ballombe (subscriber, #9523)
[Link] (3 responses)
The TC should not have decided the usrmerge issue before all the relevant patches were available. Since the TC cannot force anybody to implement anything, what the TC really decided is that bookworm should be delayed indefinitely until someone implement usrmerge. This is not sustainable.
Helmut Grone called it correctly.
Posted Apr 6, 2022 9:55 UTC (Wed)
by bluca (subscriber, #118303)
[Link] (2 responses)
Posted Apr 6, 2022 11:00 UTC (Wed)
by ballombe (subscriber, #9523)
[Link] (1 responses)
Posted Apr 6, 2022 11:18 UTC (Wed)
by bluca (subscriber, #118303)
[Link]
Posted Apr 6, 2022 10:59 UTC (Wed)
by pebolle (guest, #35204)
[Link]
This is, as the article says, "Debian, being Debian".
I've come to the view that for a certain number of people things like discussions taking the better part of a decade, endless threads on countless lists, resolutions of thousands of words, voting, and what not are a feature of Debian, not a bug. Some people actually enjoy being part of that. And apparently quite a number of those people ended up running Debian.
(Clearly there are also people in Debian doing all the other stuff needed to keep Debian going. I expect that most of the people in the let's-do-mock-United-nations group are probably in the do-the-work group too.)
Posted Apr 6, 2022 13:14 UTC (Wed)
by mgedmin (subscriber, #34497)
[Link] (9 responses)
While it hasn't fallen apart completely, there are minor buglets here and there, e.g. dpkg -S $(which $thing) fails to find the package containing some binaries.
I personally haven't noticed anything else, and I think this will be fixed once Debian drops support for non-usr-merged system and migrates all the buildbots, so the built packages no longer declare that they contain files from /bin or /lib.
Posted Apr 6, 2022 14:45 UTC (Wed)
by mbunkus (subscriber, #87248)
[Link] (8 responses)
[0 mbunkus@reliant ~] dpkg -S $(which vim)
/usr/bin/vim is a symlink to the alternatives system. In my case the actual binary is vim.basic, and that one is found by dpkg. You have to know about this system already, and having one more thing to know isn't really the sky falling in my opinion.
Posted Apr 6, 2022 15:08 UTC (Wed)
by ianmcc (subscriber, #88379)
[Link] (3 responses)
Posted Apr 6, 2022 15:13 UTC (Wed)
by mbunkus (subscriber, #87248)
[Link] (2 responses)
Posted Apr 6, 2022 19:02 UTC (Wed)
by sobkas (subscriber, #40809)
[Link] (1 responses)
Posted Apr 7, 2022 3:56 UTC (Thu)
by pabs (subscriber, #43278)
[Link]
Posted Apr 6, 2022 17:30 UTC (Wed)
by jond (subscriber, #37669)
[Link] (3 responses)
Posted Apr 7, 2022 8:52 UTC (Thu)
by farnz (subscriber, #17727)
[Link] (2 responses)
Note that in this case, it's just a different manifestation of the same bug.
In the usrmerge case, the user has the path /bin/bash, where /bin is a dpkg-managed symlink to /usr/bin. dpkg does not handle the symlink case at all, so it is unaware that /bin/bash and /usr/bin/bash are the same location, despite having all the information it needs to do this.
In the alternatives case, /usr/bin/vim is a symlink to /usr/bin/vim.basic; again, dpkg is unaware that the symlink makes the paths the same from the user's perspective.
If you fixed dpkg to try once with the "raw" path, and then retry with the result of realpath(3) on the user input, it'd work in both cases.
Posted Apr 7, 2022 10:23 UTC (Thu)
by mgedmin (subscriber, #34497)
[Link] (1 responses)
You need to call realpath on every path recorded in the dpkg database for things to be consistent, and AFAIU that's what the unmerged and outdated patch was attempting to do.
Posted Apr 8, 2022 10:50 UTC (Fri)
by smurf (subscriber, #17840)
[Link]
Yes that doesn't fix the general problem – but if humanity had always waited for a general solution to appear out of thin air, instead of actually fixing what we can fix Right Now(ish), we'd still be up in the trees somewhere.
Posted Apr 6, 2022 17:27 UTC (Wed)
by jond (subscriber, #37669)
[Link] (8 responses)
Posted Apr 6, 2022 17:43 UTC (Wed)
by bluca (subscriber, #118303)
[Link]
Posted Apr 10, 2022 5:32 UTC (Sun)
by rra (subscriber, #99804)
[Link] (6 responses)
I assume Luca is correct that Ubuntu hasn't encountered any problems (I don't follow Ubuntu development so have no personal knowledge). The edge cases where there are failures are, well, edge cases, and pretty uncommon ones as well, although they do turn up from time to time. I think it's entirely plausible that Ubuntu just hasn't happened to encounter one of those edge cases but that Debian will in the future; Luca thinks that Ubuntu does enough original packaging including moving files between packages that if the problems were at all common, Ubuntu would have seen them, and thus Debian won't run into them in the future. It's really hard to tell which of us is correct. It's mostly guesswork, and I cede the point that Luca has more concrete data.
My philosophical position rests on a desire for a stronger correctness goal. I think a package manager should be like a file system: short of hardware failure, it should never lose data ever, period, for any reason, no matter how rare the circumstances are. Anything else is a bug that should be fixed, and treated fairly seriously. This is a very strong position. It's entirely legitimate for Luca to not agree and think I'm holding the package manager to too high of a standard.
Philosophically, I think Debian should be a project that pays attention to those sorts of details, and that we should fix this sort of bug even if the incidence is rare. But I'm also not in a position to volunteer to do the work.
Posted Apr 10, 2022 9:19 UTC (Sun)
by bluca (subscriber, #118303)
[Link] (5 responses)
Posted Apr 11, 2022 0:18 UTC (Mon)
by pabs (subscriber, #43278)
[Link] (1 responses)
Posted Apr 11, 2022 5:58 UTC (Mon)
by johannbg (guest, #65743)
[Link]
There is literally no technical reason to support systems with split-usr and supporting the split-usr mode makes both code and documentation more complicated for upstreams ( it adds to the CoD for projects ).
Upstream will and should at this point in time close any such issue with wontfix and consumers of components that make up the core/baseOS layers should rather expect that split-usr mode is not supported or no longer supported and upstreams will drop this without hesitation or as much as a warning at this point. ( not that such warning would ever be visible to anyone other than the person building the software anyway like [1] )
Posted Apr 11, 2022 2:29 UTC (Mon)
by rra (subscriber, #99804)
[Link] (2 responses)
Maybe this really would be a sufficiently rare situation provided that Debian was careful not to move files between / and /usr for one release after usrmerge became mandatory (assuming we do make usrmerge mandatory).
I will say that I am still uncomfortable leaving dpkg with an incorrect understanding of where files are on the file system. That seems like the sort of thing that will cause problems even if we don't know what problems they are and aren't running into them now. But I admit this is philosophical and code smell, rather than me being able to point to a specific issue other than the one we already know about when files move between packages.
Posted Apr 11, 2022 7:29 UTC (Mon)
by smurf (subscriber, #17840)
[Link] (1 responses)
IMHO these oh-so-dangerous edge cases simply do not occur on actual systems. Files from held packages get moved to /usr by the usr-merge transition, they are where dpkg thinks they are (see above) and are reachable under both old and new paths, due to various symlinks.
Posted Apr 11, 2022 17:15 UTC (Mon)
by rra (subscriber, #99804)
[Link]
You're assuming exactly the thing that we're discussing, which is not done, and which the dpkg maintainer does not want to do. Yes, if the problem is solved, there isn't much of a problem.
Posted Apr 7, 2022 11:53 UTC (Thu)
by kleptog (subscriber, #1183)
[Link] (1 responses)
The specific pattern of having several actors with different mandates and rules that decide who gets to decide what leading to bizarre results is something that happens the world over in many different forms. It remains because the actors generally like the fiefdoms they control and refuse to give them up, even if doing so would lead to better results overall (though what is "better" is often subjective anyway).
This is just humans being humans. I don't imagine this is going to change any time soon. Debian has chosen this model and for good and for ill will have to work it out. In the mean time I guess you can just stock up on popcorn.
Posted Apr 8, 2022 8:11 UTC (Fri)
by marcH (subscriber, #57642)
[Link]
I obviously do not wish to live in a dictatorship but are "democratic" ideas the best way to run software projects? I'm not sure. "Free country" and "Free software" sound like two very different things to me.
BTW there is some evidence that political systems depend on family structures:
Posted Apr 6, 2022 9:46 UTC (Wed)
by sobkas (subscriber, #40809)
[Link] (14 responses)
Now what I'm supposed to do? Wait for dpkg-fsys-usrunmess-unmess?
Posted Apr 6, 2022 14:49 UTC (Wed)
by wsy (subscriber, #121706)
[Link]
Posted Apr 6, 2022 19:40 UTC (Wed)
by mb (subscriber, #50428)
[Link]
I also have a selfbuilt kernel installed. But it's properly built and installed as deb package. It converted that just fine, too.
Posted Apr 7, 2022 2:48 UTC (Thu)
by NYKevin (subscriber, #129325)
[Link] (7 responses)
But that's too sensible, so they will obviously never make it a policy.
Posted Apr 7, 2022 6:21 UTC (Thu)
by mb (subscriber, #50428)
[Link] (6 responses)
Why would this be irreversible?
Posted Apr 7, 2022 8:12 UTC (Thu)
by bluca (subscriber, #118303)
[Link] (2 responses)
Posted Apr 7, 2022 9:03 UTC (Thu)
by mb (subscriber, #50428)
[Link] (1 responses)
That step is optional and disabled by default.
Posted Apr 7, 2022 9:44 UTC (Thu)
by bluca (subscriber, #118303)
[Link]
Posted Apr 7, 2022 17:46 UTC (Thu)
by NYKevin (subscriber, #129325)
[Link] (2 responses)
I consider a package installation "irreversible" if reversing it is more complicated than apt remove. Yes, technically, you can probably reverse any change made to your system unless data was actually deleted, but in practice, you're just going to back up your data and reinstall or reimage, because that's faster and safer than tediously picking through the filesystem and manually rearranging everything.
Posted Apr 8, 2022 15:03 UTC (Fri)
by mb (subscriber, #50428)
[Link] (1 responses)
The package installed *by* dpkg-fsys-usrunmess is purely optional and disabled by default. It has nothing to do with the conversion of the filesystem hierarchy.
Saying that dpkg-fsys-usrunmess is irreversible is just plain wrong.
Posted Apr 8, 2022 17:16 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link]
Well, that just makes things even worse in my book, because now you don't even have apt remove as a thing to try, and you *have* to undo it by hand.
> Saying that dpkg-fsys-usrunmess is irreversible is just plain wrong.
I already explained what I meant by "irreversible" once; I will not repeat myself.
Posted Apr 7, 2022 11:52 UTC (Thu)
by rahulsundaram (subscriber, #21946)
[Link] (3 responses)
The project formally has already decided to go one way, so a core component directing you to do something that prevents that action and tells you to do something else is indeed quite confusing and asinine thing to do. When it was just debating merits in a development list as has happened numerous times before, that's just part of open development but this has gone too far. Hopefully Debian decides that they need a policy preventing such actions from happening again. If a specific maintainer doesn't agree with a formal decision and they don't have a proper recourse, they should just step aside and let someone else deal with it.
Posted Apr 8, 2022 10:55 UTC (Fri)
by smurf (subscriber, #17840)
[Link]
We'll see whether Debian manages not to have a systemd-style blowup over this. Not holding my breath either way, I am.
Posted Apr 8, 2022 15:10 UTC (Fri)
by mb (subscriber, #50428)
[Link]
Yes, I'm really pleased by that. Not.
Posted Nov 19, 2022 7:14 UTC (Sat)
by LtWorf (subscriber, #124958)
[Link]
Posted Apr 6, 2022 10:25 UTC (Wed)
by aragilar (subscriber, #122569)
[Link] (2 responses)
Posted Apr 6, 2022 10:43 UTC (Wed)
by bluca (subscriber, #118303)
[Link]
Posted Apr 6, 2022 15:38 UTC (Wed)
by juliank (guest, #45896)
[Link]
I think we are all strong proponents of merged-usr.
Posted Apr 6, 2022 10:55 UTC (Wed)
by IanKelling (subscriber, #89418)
[Link] (5 responses)
Making every executable have 2 paths, both equally valid, adds
Posted Apr 6, 2022 15:35 UTC (Wed)
by juliank (guest, #45896)
[Link] (2 responses)
If you only had a symlink farm, /usr/bin/bash would still be wrong.
This also improves portability with (from) systems that are not usrmerged but do have bash in /usr/bin.
Posted Apr 6, 2022 19:43 UTC (Wed)
by IanKelling (subscriber, #89418)
[Link] (1 responses)
I don't understand why, perhaps I'm missing something obvious? In the symlink farm, you have /usr/bin/bash, and the symlink /bin/bash -> /usr/bin/bash. That doesn't seem obviously any different for a bash user than in the normal usr merge symlink /bin -> /usr/bin.
Posted Apr 6, 2022 20:05 UTC (Wed)
by bluca (subscriber, #118303)
[Link]
SUSE tried that for a few years, it did not work out, they had to spend a lot of time and effort to undo it, before finally moving to proper merged-usr. It would be a very bad idea to ignore history like that.
Posted Apr 7, 2022 0:12 UTC (Thu)
by mathstuf (subscriber, #69389)
[Link] (1 responses)
Posted Apr 7, 2022 20:16 UTC (Thu)
by zuki (subscriber, #41808)
[Link]
The correct place is systemd. It has a compile time option for the default path, with suitable auto-detection checking whether the system has split-usr and split-bin-sbin. It'll then use this path for the executables it spawns, and to set $PATH.
(Snippets in /etc/profile* are simply too late: they are only executed when you actually use the shell, and nowadays most things don't need to. But of course you want the same default used for $PATH everywhere. Setting it from systemd gives nice consistency.)
Posted Apr 6, 2022 14:15 UTC (Wed)
by Thalience (subscriber, #4217)
[Link] (4 responses)
Posted Apr 6, 2022 15:41 UTC (Wed)
by calumapplepie (guest, #143655)
[Link] (3 responses)
Their are processes to deal with stubborn maintainers: however, you can't force them to do work.
Posted Apr 6, 2022 17:09 UTC (Wed)
by jeltz (guest, #88600)
[Link] (1 responses)
Posted Apr 6, 2022 19:01 UTC (Wed)
by smoogen (subscriber, #97)
[Link]
Things take a long time in Debian by design. It is pretty much a 'they who live longest, win' do-ocracy. You do what you want until you don't want to do it anymore and if people didn't like it they could either come up with a replacement package, a replacement system or a replacement OS (aka moved to something else). In the end, this goes back to the core reason Debian exists for many people, to be the arbitrator of 'licensing' decisions ( https://lwn.net/Articles/884301/ ) and that means it is more like a law journal than a fast running OS distributor. I say a law journal because in the end it is important to have a good argument which may be used by someone else later or to be counter argued years later . Those arguments are important and have shaped a lot of long term thinking in both Open and Closed source software in the last 3 decades. However also as a law journal, there is rarely a closed case. Things will be relitigated as people come up with different ideas and concerns.
The problem is that these arguments and relitigations also extend to what some people think is what Debian is for.. writing an OS.
Posted Apr 6, 2022 17:39 UTC (Wed)
by atnot (subscriber, #124910)
[Link]
That this would be needed in the first place is precisely the issue though. In a model where the project collectively owns packages and the maintainer is merely a steward or primary point of contact for it, there would be no need to force anyone to do any work.
In such a model, standardization means less work for you and cooperation is beneficial lest your decisions be overridden by others. Meanwhile in Debian's model, standardization increases your workload without any benefits, and being uncooperative reduces your personal maintainance burden.
Posted Apr 10, 2022 4:18 UTC (Sun)
by jdulaney (subscriber, #83672)
[Link] (1 responses)
Seems the dpkg maintainer's objections could be resolved by packaging guidelines such as found in Fedora.
Posted Apr 10, 2022 15:21 UTC (Sun)
by jbicha (subscriber, #75043)
[Link]
Debian has packaging guidelines too.
Posted Apr 13, 2022 0:42 UTC (Wed)
by mirabilos (subscriber, #84359)
[Link] (11 responses)
This will just cause problems in the long term, when people write scripts with #!/bin/perl or #!/usr/bin/sh at the beginning. They will be unable to run well on most operating environments.
There’s much that breaks with this.
Posted Apr 13, 2022 5:34 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (8 responses)
Just use "!/usr/bin/env perl" or "!/usr/bin/env sh" and you'll be fine in both kinds of environments. Eventually this can be phased out in favor of "!/usr/bin/perl" or "!/usr/bin/sh", and the legacy symlinks can be removed.
The root directory will then look much nicer: "/etc /boot /var /tmp /usr /home". Very logical and tidy.
Posted Apr 13, 2022 8:27 UTC (Wed)
by mirabilos (subscriber, #84359)
[Link] (7 responses)
Also, *I* know it’s somewhat¹ possible to use env(1), but typical script writers won’t.
¹) not portably if you also need flags
Posted Apr 13, 2022 9:36 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link] (6 responses)
I've been using "#!/usr/bin/env sh" scripts just fine for the last 10 years or so. I don't remember any problems with that.
> Also, *I* know it’s somewhat¹ possible to use env(1), but typical script writers won’t.
They'll get used to it over time. Transition to /usr-only systems won't happen overnight.
Posted Apr 13, 2022 19:17 UTC (Wed)
by mirabilos (subscriber, #84359)
[Link] (5 responses)
Posted Apr 14, 2022 1:39 UTC (Thu)
by rahulsundaram (subscriber, #21946)
[Link] (4 responses)
Can you provide a specific reference? The objections to this effort which was proposed and implemented in Fedora nearly a decade back and subsequently adopted by several major distributions doesn't appear to be technical.
Posted Apr 14, 2022 2:14 UTC (Thu)
by mirabilos (subscriber, #84359)
[Link] (3 responses)
Posted Apr 14, 2022 3:21 UTC (Thu)
by rahulsundaram (subscriber, #21946)
[Link] (2 responses)
To give credit where it is due, Harold Hoyer and Kay Sievers put together the original proposal for Fedora and did all of the work involved. Getting rid of any associated symlinks is not part of the plan.
Posted Apr 14, 2022 6:40 UTC (Thu)
by smurf (subscriber, #17840)
[Link] (1 responses)
It's also basically impossible. You will not convince the world to replace all instances of '#!/bin/sh'. Nor would you want to.
Posted Apr 14, 2022 7:24 UTC (Thu)
by Cyberax (✭ supporter ✭, #52523)
[Link]
I want to, just out of aesthetic reasons. I periodically test that in containers and actually pretty much everything works.
But yeah, it'll take at least a decade to transition to /bin-less systems.
Posted Apr 13, 2022 7:14 UTC (Wed)
by mpr22 (subscriber, #60784)
[Link]
Solaris 11 was released in November 2011, and of course the decision that Solaris would turn /bin and /sbin into symlinks to their counterparts in /usr was made well before the release.
Posted Apr 13, 2022 15:55 UTC (Wed)
by smurf (subscriber, #17840)
[Link]
My $PATH is now two entries shorter. Assuming that this has a measurable impact on system speed would be beyond folly, but it does have a measurable impact on me not having to look at a path thrice before I notice that something's amiss.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
curl | bash is a security nightmare. It should be prohibited. At least keep a record of what came across the network: curl > foo.sh; chmod a-w foo.sh; sh foo.sh
curl | bash
curl | bash
curl | bash
Wol
curl | bash
curl | bash
It's not difficult at all and offers more guarantees of correctness.
curl | bash
curl | bash
blah
curl | bash
curl | bash
trap cleanup EXIT ERR
mkdir /etc/svc-tmp
migrate-cfg -i /etc/svc -o /etc/svc-tmp
find /etc/svc/ -name '*.cfg' | xargs rm
cp -a /etc/svc-tmp/* /etc/svc/
curl | bash
curl | bash
curl | bash
curl | bash
curl | bash
curl | bash
Would it be useful to have a program that would download a script, show it with a pager, and execute it with a shell? It could stay in memory the whole time, so unless an attacker can modify the process's memory they shouldn't be able to hijack the process (and if they can modify the memory of other processes, trying to protect against them likely won't do much good[?]).
A program to securely replace `curl | bash`
netrun https://example.com/a-shell-script.sh
netrun --interpreter=python3 https://example.com/a-python-script.py
A program to securely replace `curl | bash`
netrun https://example.com/a-shell-script.shnetrun --interpreter=python3 https://example.com/a-python-script.pyA program to securely replace `curl | bash`
A program to securely replace `curl | bash`
A program to securely replace `curl | bash`
I wish that one day we can say that curl|bash is an error of the past waiting for netrun!
A program to securely replace `curl | bash`
A program to securely replace `curl | bash`
A program to securely replace `curl | bash`
A program to securely replace `curl | bash`
A program to securely replace `curl | bash`
curl | bash
It's not difficult at all and offers more guarantees of correctness."
dnf -i --web-bash-url=http://site-you-can-trust.org/install.bash
curl | bash
curl | bash
curl | bash
curl | bash
curl | bash
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
than 25 years old now.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Wol
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
, Nest with Fedora 2021).
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Why do you need to remember that list of distinctions?
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Right, so env might not be in /usr/bin either.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Obligatory observation: which lies. Use type -p instead. It's actually no longer strictly true, and modern versions of which are pretty accurate. But historical versions weren't and you can't guarantee you're not on a system that still uses a broken version.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
> https://bugzilla.redhat.com/show_bug.cgi?id=1691825
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Is FHS still relevant, or is it just obsolete standard that no one cares about?
Filesystem Hierarchy Standard
Filesystem Hierarchy Standard
Doh! Sorry about that.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
If a GR was put to vote whether or not to delay bookworm for usrmerge would likely fail.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
It is not the first TC decision to have been ignored because nobody was willing to do the work.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
dpkg-query: no path found matching pattern /usr/bin/vim
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
It checked if hash of a file was identical to one in dpkg database and if not it would reinstall package.
It also deleted files that were not part of any package. Surprisingly it didn't brake my system and allowed Gnome to start again.
It was so long time ago, but then I just started to package changes that I needed instead of using make install.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
https://www.cambridge.org/core/journals/journal-of-instit...
Debian still having trouble with merged /usr
But now I see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008486
And even without that there are problems with that tool:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991218
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991192
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008316
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008478
Is my system broken because I have used dpkg-fsys-usrunmess(that dpkg advised me to do?).
As a Debian user I'm confused and a bit angry. What is a way forward?
Because apparently no one knows.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
It worked just fine.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
The dpkg message alerted me and took me to lots of official looking Debian pages and the dpkg-fsys-usrunmess that are full of horror stories.
Then of course I transformed my one affected system quickly.
Just to find out now, from LWN (not from the Debian documentation!) that this was completely unnecessary and I'll probably have to migrate back to usrmerge at some point.
Thanks for that.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
it, and then I added /usr/sbin. Now, suddenly under the usr merge, I'm
getting /usr/sbin binaries looked up as /sbin. I'd rather that not
happen.
significant complexity to the system. In general for software system
design, people try hard to avoid duplicating things like that. So, I see
the appeal of the symlink farm of just needed files, which is like 1% of
the files that would gain a symlink in comparison to the directory
symlinks. Ideally, both options would be supported. In the Fedora
document, it says they actually used the symlink farm to do their
transition, then removed it once it was done. Too bad.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
> I think this usually falls to the shell packages or whatever provides the relevant `/etc/profile.d/` snippets
The whole "My package, my precious" attitude of many Debian Developers is really the worst thing about the project. The second-worst thing about Debian is the lack of any real way to deal with the first problem. Collaboration becomes impossible when obstructionism is tolerated.
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
It's actually the reverse. POSIX explicitly says not to depend on it: https://pubs.opengroup.org/onlinepubs/009695399/utilities... - "Applications should note that the standard PATH to the shell cannot be assumed to be either /bin/sh or /usr/bin/sh, and should be determined by interrogation of the PATH returned by getconf PATH , ensuring that the returned pathname is an absolute pathname and not a shell built-in."
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr
Debian still having trouble with merged /usr