Control: retitle -1 usrmerge: files in a nested symlinked directory in /lib/foo/ are not moved to /usr/lib/foo/
On Tue, 2022-09-20 at 10:04 +0200, Vincent Danjean wrote:
> Hi,
>
> Le 20/09/2022 à 04:22, Marco d'Itri a écrit :
> > Indeed, this should be handled. Let's have a look at the code:
> [...]
> > In your case the expected outcome should have been a failure instead,
> > because /lib/systemd/system/ was a link which did not point to
> > /usr/lib/systemd/system/ :
> >
> > fatal("Both $n and /usr$n exist");
>
> So yes, I should have been informed before rebooting. My
> upgrade should have been interrupted.
>
> However, I'm not really pleased with the fact that a key package
> of the upgrade can fail on unusual but valid cases. When it appends
> in a dist-upgrade, the resulting state is often a mess to recover
> from (less than the one I suffered, but still really annoying).
>
> What about:
> 1) adding a --dry-mode to /usr/lib/usrmerge/convert-usrmerge
> that report about conflicts but do not change anything on
> the FS
> 2) embedding and using convert-usrmerge in dry-mode from the
> debconf script.
> Put a low warning notice if the script fail due to missing
> dependencies (perl, perl modules, ...)
> Put a high warning notice if the script detect a conflict
>
> This would allows one to stop the conversion in case of strange
> layout in the FS before the upgrade start.
Most of the issues would crop up when actually attempting to move
things, so a dry-run would be a lot of work and provide little benefits
I think. To be thorough you'd have to replicate the filesystem
somewhere else and try it there first, but that requires a huge amount
of disk space and a lot of time too, so it doesn't seem worth it, given
in 5+ years on multiple distros this is the first case we've seen.
I think what we should add is debsums -c before/after, and fail if
something is not right, so that there's an immediate and clear error
plus recovery step presented. I've sent a patch to Marco for this.
But I'm glad we figured out what went wrong, as it was a very puzzling
case. With my systemd maintainer hat on: you shouldn't move these files
away to /etc. Units shipped in /usr|/lib are fixed vendor-provided
files, and must not be modified. Local modifications should instead
happen on /etc or /run. I strongly advise to fix that on your system.
(of course we still need usrmerger to support the generic case, that
goes without saying)
--
Kind regards,
Luca Boccassi
signature.asc
Description: This is a digitally signed message part
