Page MenuHomePhabricator

the package resource should mark packages as manually installed
Open, MediumPublic

Description

In the following scenario, important packages can end up in the list of apt-get autoremove candidates:

  • Package A is installed, either by hand or with puppet. Package A depends on B, hence B gets installed and marked as being automatically installed
  • Package B is needed for a certain reason, and a puppet manifest with require_package('B') is added. B is already installed, hence nothing much happens
  • Package A isn't necessary anymore and it gets removed
  • apt-get autoremove considers B for removal as it is apt-marked as auto

This problem can be fixed by making require_package mark packages as manually installed (apt-mark manual $pkg) if they weren't already.

Event Timeline

ema triaged this task as Medium priority.May 30 2018, 3:11 PM
ema updated the task description. (Show Details)

Ack, the analysis and the proposed fix seem entirely correct.

Vvjjkkii renamed this task from require_package should mark packages as manually installed to ezbaaaaaaa.Jul 1 2018, 1:06 AM
Vvjjkkii raised the priority of this task from Medium to High.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from ezbaaaaaaa to require_package should mark packages as manually installed.Jul 2 2018, 2:26 AM
CommunityTechBot lowered the priority of this task from High to Medium.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot added a subscriber: Aklapper.

I attempted a patch for this upstream although its not quite working yet

I attempted a patch for this upstream although its not quite working yet

merged

I attempted a patch for this upstream although its not quite working yet

merged

You rock.

We are removing require_package across the board now in T266479.

jbond claimed this task.

reqiure_package has been removed

reqiure_package has been removed

But ensure_packages has the same issue, hasn't it?

jbond reopened this task as Open.EditedNov 4 2021, 9:15 PM

reqiure_package has been removed

But ensure_packages has the same issue, hasn't it?

re-opening, i think the answer is i need to double check. i think there was some further progress on the patch i did above (by others) but need to check where/how it landed

we should also raise an upstream bug as well if it is

jbond renamed this task from require_package should mark packages as manually installed to ensure_packages should mark packages as manually installed.Nov 4 2021, 9:15 PM
jbond renamed this task from ensure_packages should mark packages as manually installed to the package resource should mark packages as manually installed.Nov 4 2021, 9:17 PM

have updated the title, the underlining issue is actually with the apt provider for the package type