Package: dpkg Version: 1.22.11 Severity: normal X-Debbugs-Cc: debian-security-supp...@packages.debian.org
As dpkg's man page notes, complex apt runs can yield multiple invocations of dpkg and hence also of dpkg-level hooks. As (at minimum) I and the reporters of #775503 and #931344 have found, this arrangement can interact somewhat poorly with debian-security-support, which then prompts in the middle of long upgrades (or buries short reports when using the readline debconf frontend); I'm copying its maintainers accordingly. I see that apt arranges to defer triggers for efficiency on that front. Having --no-triggers outright disable post-invoke hooks could plausibly break some setups, but perhaps it could result in invoking them with some special environment setting so that they could then cleanly bail unless they truly needed to run quite so promptly. Ideally, pre-invoke hooks should analogously be able to identify an apt run's first dpkg invocation. However, that may be easier said than done, and I'm not sure it's as much of a concern in practice. Thanks! -- Package-specific info: -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'oldstable-security'), (500, 'testing'), (300, 'unstable-debug'), (300, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, x32 Kernel: Linux 6.11.2-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dpkg depends on: ii libbz2-1.0 1.0.8-6 ii libc6 2.40-3 ii liblzma5 5.6.2-2 ii libmd0 1.1.0-2 ii libselinux1 3.7-3 ii libzstd1 1.5.6+dfsg-1 ii tar 1.35+dfsg-3 ii zlib1g 1:1.3.dfsg+really1.3.1-1 dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 2.9.8 pn debsig-verify <none> -- debconf-show failed
