From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id CBC281FF15F for ; Mon, 9 Sep 2024 09:47:39 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6FC84E671; Mon, 9 Sep 2024 09:48:16 +0200 (CEST) Date: Mon, 9 Sep 2024 09:48:11 +0200 (CEST) From: =?UTF-8?Q?Fabian_Gr=C3=BCnbichler?= To: Thomas Lamprecht , Proxmox VE development discussion , Fiona Ebner Message-ID: <232400452.25716.1725868091670@webmail.proxmox.com> In-Reply-To: <5b91cdd6-abfc-4320-81a6-e973e4b6b80c@proxmox.com> References: <20240906104019.40450-1-f.ebner@proxmox.com> <5b91cdd6-abfc-4320-81a6-e973e4b6b80c@proxmox.com> MIME-Version: 1.0 X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.6-Rev67 X-Originating-Client: open-xchange-appsuite X-SPAM-LEVEL: Spam detection results: 0 AWL 0.050 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [RFC qemu-server] apt hook: warn against using 'upgrade' command X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" > Thomas Lamprecht hat am 06.09.2024 18:58 CEST geschrieben: > Am 06/09/2024 um 12:40 schrieb Fiona Ebner: > > Many people will use 'upgrade' instead of 'full-upgrade' or > > 'dist-upgrade' (e.g. [0][1]) despite the documentation explicitly > > mentioning 'dist-upgrade' [3]. Proxmox VE uses different packaging > > guarantees than Debian and using 'upgrade' can lead to a broken > > system [2]. just a slight nit here: you should only end up with a broken system if we miss properly tracking some inter-package relationship. it can happen happen (and probably does, from time to time), but in the vast majority of cases "apt[-get] upgrade" should at most leave you stuck with an outdated system (with APT telling you that there are still packages to be upgraded), not a broken one. we did get a lot better about accounting for these things over the past few years (but of course, we don't have anywhere close to the infrastructure that Debian has for automated tracking and testing). > > The match is kept simple, to not accidentally catch things like > >> -o 'foo=bar upgrade baz' > > and trip up advanced users. > > > > It does not catch invocations with '-y' either, making it less likely > > to break automated user scripts. Although they should not use > > 'upgrade' either, it still would be bad to break them. If the risk is > > still considered too high, this change should wait until a major or > > at least point release. > > > > To avoid false positives, it would be necessary to properly parse > > options, which is likely not worth the effort. > > > > A downside is that the hook is only invoked after the user confirms > > the upgrade, but there doesn't seem to be an early enough hook entry > > (DPkg::Pre-Invoke is also too late). Since this is just an additional > > safety warning to guide new users, it should still be good enough. > > > > [0]: https://forum.proxmox.com/threads/150217/post-680158 > > [1]: https://forum.proxmox.com/threads/140580/post-630419 > > [2]: https://www.reddit.com/r/Proxmox/comments/ujqig9/use_apt_distupgrade_or_the_gui_not_apt_upgrade/ > > [3]: https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#system_software_updates > > > > yeah, it's something I considered here and then but never pulled through, > as it just somehow doesn't feel right... > > But it's definitively a real problem, and so I surely won't block this on > the basis of some gut feeling, I'd rather like to hear Fabian's opinion on > it. given that I also use `apt upgrade` from time to time (habit from being an unstable user ;)), and that it might alienate power users coming from Debian, I'd prefer this to be a non-interactive warning with the text "disarmed" a bit? something like !! WARNING !! Since Proxmox VE follows a rolling release model, using 'upgrade' can lead to a system being stuck on outdated versions, or in rare cases, break upon upgrading. Use 'dist-upgrade' or 'full-upgrade' instead. !! WARNING !! with or without a prompt (it's a pity that the hook is not executed with the config before the regular confirmation prompt, else we could just depend on that)? _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel