XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

Hi Steve,

thanks for the update!

Am 02.10.22 um 16:27 schrieb Steve McIntyre:

* Tweaks to add the non-free-firmware section in the apt-setup module
if desired/needed.

...

If you think I've missed anything here, please let me and Cyril know -
the best place would be the mailing list
(debian-boot@lists.debian.org).

What's the plan for upgraded systems with an existing /etc/apt/sources.list. >Will the new n-f-f section added on upgrades automatically(if non-free was >enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper tool?

--
Steve McIntyre, Cambridge, UK. steve@einval.com Into the distance, a ribbon of black
Stretched to the point of no turning back

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list. >>Will the new n-f-f section added on upgrades automatically(if non-free was >>enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Is there a reason to not continue to make the packages available in
non-free? I don't see a reason to force any change on existing systems.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

Hi all!

[ I've also blogged about this - see
https://blog.einval.com/2022/10/02#firmware-vote-result ]

I'm assuming that there will be no surprises and Kurt will shortly
confirm the result that devotee reported already [1]. :-)

We have quite a few things to do now, ideally before the freeze for
Debian 12 (bookworm), due January 2023 [2]. This list of work items is
almost definitely not complete, and Cyril and I are aiming to get
together this week and do more detailed planning for the d-i
pieces. Off the top of my head I can think of the following:

* Update the SC with the new text, update the website.

* Check/add support for the non-free-firmware section in various
places:
+ d-i build
+ debian-cd
+ debmirror (?)
+ ftpsync (?)
+ Any others?

* Uploads of firmware packages targeting non-free-firmware.

* Extra d-i code to inform users about what firmware blobs have been
loaded and the matching non-free-firmware packages. Plus information
about the hardware involved. Maybe a new d-i module / udeb for this?
Exact details here still TBD. Probably the biggest individual piece
of work here.

* Tweaks to add the non-free-firmware section in the apt-setup module
if desired/needed.

* An extra boot option (a debconf variable) to disable loading extra
firmware automatically, then exposed as an extra option through the
isolinux and GRUB menus. d-i "expert mode" can also be used to tweak
this behaviour later, except (obviously) for things like audio
firmware that *must* be loaded early if they're going to be useful
at all.

* Update the image build scripts to include the n-f-f packages, only
build one type of image. I'll do my best to keep config and support
around too for images without n-f-f included, to make it easier to
still build those for people who still want them.

* Matching updates to docs, website, wiki etc.

* ...

If you think I've missed anything here, please let me and Cyril know -
the best place would be the mailing list
(debian-boot@lists.debian.org). If you'd like to help implement any of
these changes, that would be lovely too!

[1] https://lists.debian.org/debian-vote/2022/10/msg00000.html
[2] https://lists.debian.org/debian-devel/2022/03/msg00251.html

--
Steve McIntyre, Cambridge, UK. steve@einval.com There's no sensation to compare with this
Suspended animation, A state of bliss

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

Steve McIntyre <steve@einval.com> (2022-10-02):

* Extra d-i code to inform users about what firmware blobs have been
loaded and the matching non-free-firmware packages. Plus information
about the hardware involved. Maybe a new d-i module / udeb for this?
Exact details here still TBD. Probably the biggest individual piece
of work here.

Not just blobs that were loaded, but also those which might get loaded
in the installed system (since we don't have all modules around), see hw-detect.post-base-installer.d/50install-firmware in hw-detect (udevadm
vs. modalias stuff).

* Tweaks to add the non-free-firmware section in the apt-setup module
if desired/needed.

* An extra boot option (a debconf variable) to disable loading extra
firmware automatically, then exposed as an extra option through the
isolinux and GRUB menus. d-i "expert mode" can also be used to tweak
this behaviour later, except (obviously) for things like audio
firmware that *must* be loaded early if they're going to be useful
at all.

The option/variable looks easy enough (once we decide what to call it)…
Not sure what would be best to expose it to users: bootloader menus
already have many options (text vs. graphical, normal vs. rescue, accessibility settings, etc.), and don't get internationalization
support anyway. On the flip side, having to go through a full expert installation is very nice.

Maybe start by documenting the option (probably installation guide plus
release notes), and of course implementing it; then see if/how we expose
it?


Cheers,
--
Cyril Brulebois (kibi@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmM5rrkACgkQ/5FK8MKz VSApMw//VvfjTH3vcb13YQ3G/zLFBhSrduMqJMQZC/yhfCEneI9LSKSxTvUDa3MG xlQIjAUmdwPun8agmTYFBkT6xdnGWFjclbSsQ+99Ep8QKmhAw2knwjNj0RDCrmt+ OccIej+6lRTXeDkCr3ZFajyps52uO4Edo2I2E8yHfM2BSF1427YyKS8YnRUT1pQT WJSPBlo9DGnPr5Uppsyt7Xk0xLQSEZv3e5gfwablDlvH6LMe8cSRcCkFa2cEMHy9 JRwHfeT2j5eUUEq7+MoxkGYnMfDhdCvBHHgNaOTl9f2F+mIJ/irs19memeKpjhEY IpCcuWYNi7TNBkNfnbJvkZZwu/6HSxHtu6bLe9CqGsdqWDWBl4vU+n6Qk93ipimU UO6unu0BAu+ZT5/ZdLsrmCK21fiLEVFsZN0FKnQ9QF5ZIU280rGqz+BPZrBrq+WU mJUQG4JfWySHfAZ0FV8WBoAuFDNKuwe0vnDzeJJO5KfkbzHvYdUTtT2gbiWUpto8 LoQauWYhdEXbDWv1KCfiM3XifdH78s05kA8MuTBdYCGxYAK0iq9stBUjwzE9YEmt ZcxWRyThvGyWfxGQuWGwL9EkxkV0nWVVEtSMnHGvqKVHoMl6biNf/LDW20C8HOhk it0zXR+pL0qhuVwHTm/smQDCg9vvoAgRZiAqSE0TDNdc0lfWC2s=
=kK3d
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
*

XPost: linux.debian.maint.boot

On Sun, Oct 2, 2022 at 10:53 AM Steve McIntyre <steve@einval.com> wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list. >Will the new n-f-f section added on upgrades automatically(if non-free was >enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

There is /etc/apt/sources.list.d/ . One idea is that you could have a
package install a non-free-firmware apt source line there without
needing to touch anyone's primary /etc/apt/sources.list

I'm guessing things that change apt sources for mirrors would need to
be able to handle that file, but maybe they needed to handle
sources.list.d/ anyway.

Thank you,
Jeremy Bicha

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 2, 2022 at 10:53 PM Steve McIntyre <steve@einval.com> wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

Hi Steve,

thanks for the update!

Am 02.10.22 um 16:27 schrieb Steve McIntyre:

* Tweaks to add the non-free-firmware section in the apt-setup module
if desired/needed.

...

If you think I've missed anything here, please let me and Cyril know -
the best place would be the mailing list
(debian-boot@lists.debian.org).

What's the plan for upgraded systems with an existing /etc/apt/sources.list. >Will the new n-f-f section added on upgrades automatically(if non-free was >enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper tool?

For upgrading, people already need to edit their source list to change
the suite name, why would it hurt to add one more manual step to
change the section name?

--
Shengjing Zhu

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
On 2022-10-02 at 13:52, Russ Allbery wrote:

Shengjing Zhu <zhsj@debian.org> writes:

On Sun, Oct 2, 2022 at 10:53 PM Steve McIntyre <steve@einval.com>
wrote:

So this is the one bit that I don't think we currently have a
good answer for. We've never had a specific script to run on
upgrades (like Ubuntu do), so this kind of potentially breaking
change doesn't really have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper
tool?

For upgrading, people already need to edit their source list to
change the suite name, why would it hurt to add one more manual
step to change the section name?

I think the difference is that if you don't update your sources.list
to point to the new suite, your system won't upgrade and so the
problem will be very obvious. But if you currently have non-free
configured but don't add the new firmware section, everything will
appear to work but you won't get new firmware, so the problem may go unnoticed.

There's also the issue of people who track stable or testing by that
name, rather than by the release-specific codename, and so *don't* need
to edit sources.list to start getting the packages from the new release.

I don't know how many of us there are, but I know there's at least me
(for the testing case), and I'd greatly prefer to be able to run an
upgrade and have things Just Work rather than need to make sure I catch whatever notification comes along and make that change at the right
time to coordinate with when the 'upstream' change is made.

--
The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEJCOqsZEc2qVC44pUBKk1jTQoMmsFAmM50g8ACgkQBKk1jTQo MmvB0A//Qqe4X8q5ng8rrzkT7ukeNYVAK/MrQYlrMo5sl2hvysTOgdi0bNdjXCjD tmjQjwkaUnL36xCnx5zsmhoSlkRGu1y+Gdy54/oiwfD/+eJFPvRS34/ZcKbqImMh yhWcQ+DbozQ+jd/uBTH4i77dhZLMIKu+zQLS30aC46SD6JiBPbqbStO0PhpCFs5I DnMMQm1wcblBntitvLqycH3yJTyE7HsOhmhoXaP6fhhkywHi/TfGJVYr1hALlPyG VqghYcjbVon0AhMRf2RjBXSyj0AwEBg1liLI5M3Pq+fv+cdNUwTeuC5ST6bUBAF9 8/2IcEYgRjrQKyR1u194HetkUG0T46Vjmia2ofkZiBuiquTmREBA3i7E2QBZY1po DuUkNN9NgxQIOhhqJsoqcn1imp7r5qGpt1BI9dOmLVb70++sy7nIDP/LbLCV/Mbu MdbXV3M+lRBMjPkL0MJShwQYB9Xm6NhJC36PHipTuX8wApiUkj7jHPiw+aQZGHXN iCW1NwA2viG8QNCN7bBzfa5Sqi4kaFpmzZh2xIKDdlMwIfPn+AtSKxqzbqYSTrXJ yvRpkKh2nkUV6JW/b/RQWBYc6BgVlWgoK4PCIVhjKJfQWdD5c7CEkfn0QOtBULk4 FQtTLIwVv9i5fdX7pyKiSNXN0kBr

Shengjing Zhu <zhsj@debian.org> writes:

On Sun, Oct 2, 2022 at 10:53 PM Steve McIntyre <steve@einval.com> wrote:

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper tool?

For upgrading, people already need to edit their source list to change
the suite name, why would it hurt to add one more manual step to change
the section name?

I think the difference is that if you don't update your sources.list to
point to the new suite, your system won't upgrade and so the problem will
be very obvious. But if you currently have non-free configured but don't
add the new firmware section, everything will appear to work but you won't
get new firmware, so the problem may go unnoticed.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 2022-10-02 at 10:52 -0700, Russ Allbery wrote:

Shengjing Zhu <zhsj@debian.org> writes:

On Sun, Oct 2, 2022 at 10:53 PM Steve McIntyre <steve@einval.com>
wrote:

So this is the one bit that I don't think we currently have a
good
answer for. We've never had a specific script to run on upgrades
(like
Ubuntu do), so this kind of potentially breaking change doesn't
really
have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper
tool?

For upgrading, people already need to edit their source list to
change
the suite name, why would it hurt to add one more manual step to
change
the section name?

I think the difference is that if you don't update your sources.list
to
point to the new suite, your system won't upgrade and so the problem
will
be very obvious.  But if you currently have non-free configured but
don't
add the new firmware section, everything will appear to work but you
won't
get new firmware, so the problem may go unnoticed.

In Bullseye we changed the name/syntax for the security repository, and
for that a mention in the release notes was enough, no? Isn't this a
very similar situation? Is it truly necessary to do more than mention
this in the release notes?

--
Kind regards,
Luca Boccassi

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErCSqx93EIPGOymuRKGv37813JB4FAmM51PoACgkQKGv37813 JB5vNRAAzNYnVipnvSrEnc/OIBUPGYM/yj6kSf7jjL4zNFEhXqNbPBtleYO+Y1EH ye6TS526EL3UTC0Y1G+svFfNUumoVTudALSHrW70lrMNCIxY65W7+vMrToZrD1iD E19KJ7qOr97pobRSFRylpSx6PFYfgvSXzTliqWqzWM/jlkQei1HfF6d3U+t5AFBg HwoPoUo1hvgB4w5WbmYkMISiYgCFKQW4BqH89UnoRqS48jtTlukvFqnoED2xFRAf PLe33BB4NxPn2Fhhb71TdDucJe5IkaPJadm82eo3QIJVQpaLQRujht7GYcCUH64Q +oUcEf1pqWCkLH6Ye3GHF76lVkCn/HAPLAWFoqeqbqUs6XSyOFO4spAPf7pE/3JI vbxQ3V+3RjMwmvb5ChwQdm2qb/7WGUNGZt8PKoO0KnUR96eGODTVSR+2JUVPNVGL rRpYT1Ci/qufYNq74B2UM8o6bXnxR2jvOvc5tDg6KUJfjOhTPPiEzUbMiXGp5c1x lVLbqgfRBCqR0vH24n9nz4RrKJIh+wpiQlYAL9gdw0V60mucupZH0yGG309OV/Vk XAuCfslBP6mMsKM03wYH1S8DAbGKraj/eSKEqgT/vVwDetgjaOBNc28NxbTL82OT 6RXfFYubbdoGghVfeRPopB/FMmzk3kElPGqI1nrFBzwoB/1N5XI=
=zZm4
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------P7fdADbJ6EijTjT76D2sq8Rt
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

DQpBbSAwMi4xMC4yMiB1bSAyMDoxNCBzY2hyaWViIEx1Y2EgQm9jY2Fzc2k6DQo+IE9uIFN1 biwgMjAyMi0xMC0wMiBhdCAxMDo1MiAtMDcwMCwgUnVzcyBBbGxiZXJ5IHdyb3RlOg0KDQo+ PiB3aWxsDQo+PiBiZSB2ZXJ5IG9idmlvdXMuwqAgQnV0IGlmIHlvdSBjdXJyZW50bHkgaGF2 ZSBub24tZnJlZSBjb25maWd1cmVkIGJ1dA0KPj4gZG9uJ3QNCj4+IGFkZCB0aGUgbmV3IGZp cm13YXJlIHNlY3Rpb24sIGV2ZXJ5dGhpbmcgd2lsbCBhcHBlYXIgdG8gd29yayBidXQgeW91 DQo+PiB3b24ndA0KPj4gZ2V0IG5ldyBmaXJtd2FyZSwgc28gdGhlIHByb2JsZW0gbWF5IGdv IHVubm90aWNlZC4NCj4gDQo+IEluIEJ1bGxzZXllIHdlIGNoYW5nZWQgdGhlIG5hbWUvc3lu dGF4IGZvciB0aGUgc2VjdXJpdHkgcmVwb3NpdG9yeSwgYW5kDQo+IGZvciB0aGF0IGEgbWVu dGlvbiBpbiB0aGUgcmVsZWFzZSBub3RlcyB3YXMgZW5vdWdoLCBubz8gSXNuJ3QgdGhpcyBh DQo+IHZlcnkgc2ltaWxhciBzaXR1YXRpb24/DQoNClRoZSBtYWluIGRpZmZlcmVuY2UgaXMs IHRoYXQgdGhlIHJlbmFtaW5nIGNhdXNlZCBhbiBlcnJvciBtZXNzYWdlIGJ5IA0KYXB0LCBz byB5b3Uga25ldyBzb21ldGhpbmcgbmVlZGVkIHRvIGJlIGZpeGVkLg0KDQpGb3IgdGhpcyBw YXJ0aWN1bGFyIGNoYW5nZSwgdGhlcmUgd2lsbCBiZSBubyBlcnJvci4gU28geWVzLCBJIGhh dmUgdGhlIA0Kc2FtZSBmZWFyIGFzIFJ1c3MgdGhhdCB0aGlzIHBhcnRpY3VsYXIgY2hhbmdl IG1pZ2h0IGdvIHVubm90aWNlZC4NCg0KDQpSZWdhcmRzLA0KTWljaGFlbA0K

--------------P7fdADbJ6EijTjT76D2sq8Rt--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmM527IFAwAAAAAACgkQauHfDWCPItxR mg//dDeXxfpNHrZnjU3gLmoRrYD6VGHDq4XyE/avnwRY1xx2aPK3FNcZSnG0ukELc5xEZXun2p/h rmg8wDCnxlR827ks8H2Nw25PhIjnNZAvqrmtGhpVSAWP55mkIBJiZv9ayRLr8GpG4+pqzjMm6ZEY nTJ/q1vwrpdSmk3JmxoFEeoBkaGrWRGOgUW68xH400iPqVgbEKF2EO4gQMNf7rmFpJvWcRZMVv/8 oCKhxGewTdKiwDulhjX6AFt0WvvKc4VT6POIOvd44tqYY1Olxa9+BqM+GRO7VH+f2vptS/0Mcqv/ fYTKc/+totQKIW2Kuw3ElGGI8brAH+6xZH8q9zqUEAF9CBl1XBw1RvxkpVGuE2+ROltTsmFJsGja L4gYaZqGEWNlBq+SWpQUk5MvPMvp56sXYJnlCiWG2OX+caMeyGC1BAdg5xnY6aQIqLeWnAndhnu4 i9C1Z2A/1mX9ufboco3ZCETcDfViZiI+OYtMzbYiu32dWrpz4tKoNRdkf8xju+0CAzupfHugmCrl rIUSSSSxytLJxBlrGmBVZxjN5ln3TxbaUc3gM4HfIqDdcSaXuiPD1weKNxFQHSOR27o1+VFUpLyk Xdcwwx4DWiWVLyi9BnmCrIFcNLyd9hIp8qHCJsyTgFsDcfOXzawT9qeIRdcbkrM24iOZFk3C+eWP RAs=
=KVCk
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 05:31:16PM +0200, Cyril Brulebois wrote:

Steve McIntyre <steve@einval.com> (2022-10-02):

* Extra d-i code to inform users about what firmware blobs have been
loaded and the matching non-free-firmware packages. Plus information
about the hardware involved. Maybe a new d-i module / udeb for this?
Exact details here still TBD. Probably the biggest individual piece
of work here.

Not just blobs that were loaded, but also those which might get loaded
in the installed system (since we don't have all modules around), see >hw-detect.post-base-installer.d/50install-firmware in hw-detect (udevadm
vs. modalias stuff).

ACK.

* Tweaks to add the non-free-firmware section in the apt-setup module
if desired/needed.

* An extra boot option (a debconf variable) to disable loading extra
firmware automatically, then exposed as an extra option through the
isolinux and GRUB menus. d-i "expert mode" can also be used to tweak
this behaviour later, except (obviously) for things like audio
firmware that *must* be loaded early if they're going to be useful
at all.

The option/variable looks easy enough (once we decide what to call it)…
Not sure what would be best to expose it to users: bootloader menus
already have many options (text vs. graphical, normal vs. rescue, >accessibility settings, etc.), and don't get internationalization
support anyway. On the flip side, having to go through a full expert >installation is very nice.

Maybe start by documenting the option (probably installation guide plus >release notes), and of course implementing it; then see if/how we expose
it?

Yup. Very much in that order... :-)

--
Steve McIntyre, Cambridge, UK. steve@einval.com You lock the door
And throw away the key
There's someone in my head but it's not me

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 11:08:47AM -0400, Michael Stone wrote:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was >> > enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Is there a reason to not continue to make the packages available in non-free? >I don't see a reason to force any change on existing systems.

Two things:

1. I'm worried what bugs we might expose by having packages be in two
components at once.
2. I really don't like the idea of leaving two different
configurations in the wild; it'll confuse people and is more
likely to cause issues in the future IMHO.

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

--
Steve McIntyre, Cambridge, UK. steve@einval.com You raise the blade, you make the change... You re-arrange me 'til I'm sane...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list. >Will the new n-f-f section added on upgrades automatically(if non-free was >enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper tool?

I heartily endorse ubuntu-release-upgrader, it has been useful in addressing uncounted upgrade issues over the years and I think something like this
would be a nice addition to Debian as well. Two caveats:

- Despite this being the sanctioned upgrade path in Ubuntu for over a
decade, every single cycle we get bug reports from users who have run
into issues because they have bypassed it and done the manual sed
/etc/apt/sources.list && apt dist-upgrade. So in Debian where this has
been the norm for /two/ decades, I would not expect this to substantially
reduce the error rate in the first release where such a mechanism is
introduced. (After all, whether telling users to use a new upgrader tool
or telling them to manually add a component to sources.list, they will
have to read the release notes to know about it!)

- There are always some users that end up with buggy systems after upgrade
despite using the supported interface because they upgrade to the devel
release, and the release-upgrader is still under development up until
release so they miss out on quirks being applied - and there is no
interface for users to replay the quirks that they missed out on. Don't
repeat the same design mistake.

In the absence of a release-upgrader, the only way I see to automate this on upgrade would be to handle it in the maintainer scripts of either base-files (which I don't think the base-files maintainer would like) or apt.

--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmM55d4ACgkQVo0w8yGy Ez0eBBAAohq7W5tvduiM1EEVYH9GCEjqz2kxckLaW8W8OzhmcPDma5jF0EKsqBXq rQfCvdbBH0j+LH8XKeGzDuZ0XVW+yMeOWpW0bTTEZ6NUs2QxneiOaMB4UE4sRDLG VGIiETxf91/8dc0skYI2bPvLp8CI2UpAFLQmqKbuEja54i+R/qraGYK1F6KyLDLK FIh+RG5Y0wo+F79PZaYxktYgGCcGDCLmWFp1EfebrpD9gNoKJar3K8VdBGOnlIQj SEdj+aVxzNHoSI7nCwRW4E3h9uj6krVvjzL8fc3IoiZrtJ1/gdi8A3KtLPvdKa8B MYwAKNP7KUhWENvnF7vhT9ihnT3hjflxdhjJhoy1UxkWMJUc94uGuUzcTQ7HhxRK Dd4lzkjd/qu4bg1+TDFgcTD/2veLKteSDQtaUEueq0mYYQThtAIz338ghGXwh4me dyK/WX9CrmKlvKbUFpr1f6Ci1Yy4Lk78oTQmVCoxfsX5XRRP219DLL1xE57aCQtG +rjZM8RPX9mb/qgKnLVjd09tG0DvrjoEV32Rt3HTBbwvse5YVOPmdKLxxktvpYFX XyNdaleamt4LK5GFMfVB

Michael Biebl <biebl@debian.org> writes:

The main difference is, that the renaming caused an error message by
apt, so you knew something needed to be fixed.

One could argue that having non-free but not non-free-firmware is
sufficiently strange that it would be worth a suppressable apt warning
(that you could turn off in apt.conf). I have no idea how easy that would
be to implement, though.

--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

Hi Steve,

On 10/2/22 21:26, Steve Langasek wrote:

I heartily endorse ubuntu-release-upgrader, it has been useful in addressing uncounted upgrade issues over the years and I think something like this
would be a nice addition to Debian as well. Two caveats:

- Despite this being the sanctioned upgrade path in Ubuntu for over a
decade, every single cycle we get bug reports from users who have run
into issues because they have bypassed it and done the manual sed
/etc/apt/sources.list && apt dist-upgrade. So in Debian where this has
been the norm for /two/ decades, I would not expect this to substantially
reduce the error rate in the first release where such a mechanism is
introduced. (After all, whether telling users to use a new upgrader tool
or telling them to manually add a component to sources.list, they will
have to read the release notes to know about it!)

- There are always some users that end up with buggy systems after upgrade
despite using the supported interface because they upgrade to the devel
release, and the release-upgrader is still under development up until
release so they miss out on quirks being applied - and there is no
interface for users to replay the quirks that they missed out on. Don't
repeat the same design mistake.

I very much dislike the Ubuntu approach, but not only because of the
above. Also because this approach forgets the fact that we also maintain
2 rolling-updates distro (testing and unstable).

In the absence of a release-upgrader, the only way I see to automate this on upgrade would be to handle it in the maintainer scripts of either base-files (which I don't think the base-files maintainer would like) or apt.

If the base-files maintainer (ie: Santiago Vila) doesn't like doing
things like this in "his" package, maybe we could have base-file >> 12.2
depend on another package (called non-free-upgrade?) that would do the
work instead. We could even have only base-file to depend on that
package for a single release (ie: only for the lifetime of bookworm, and
we get rid of the package after the release).

I think that's an even better approach than having this done in
base-files itself.

Your thoughts?

Cheers,

Thomas Goirand (zigo)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 10/2/22 22:02, Russ Allbery wrote:

Michael Biebl <biebl@debian.org> writes:

The main difference is, that the renaming caused an error message by
apt, so you knew something needed to be fixed.

One could argue that having non-free but not non-free-firmware is sufficiently strange that it would be worth a suppressable apt warning
(that you could turn off in apt.conf). I have no idea how easy that would
be to implement, though.

Hi!

I would very much prefer having this implemented in the base_files
package. This is *the* package that follows releases, so that's IMO the
best location.

I would hate having to use an upgrade program like in Ubuntu. :/

An easy check could be:
1/ are we upgrading from base-files << 12.3 (we're currently at 12.2 in Sid) AND
2/ is there the non-free repo installed in the default sources.list
AND
3/ non-free-firmware repo isn't installed

THEN

warn user with debconf.

Checking the configuration of a non-free and non-free-firmware is kind
of hard, because just reading/parsing source.list and source.list.d that
could be filled with non-debian repos can be quite hard. Though we could imagine tricks, like where both repo would include a special package
present only for that test, and we just see if it is available with
apt-cache policy for example (this is just an idea... not sure if
there's better options).

Eventually, and propose automatically adding the n-f-f repo, if some of
you really want to, but I'd prefer if at least this could be the
non-default debconf answer (because on non-interactive setup, without
access to internet (only to a local mirror), this could really mess
things up).

Your thoughts everyone?
Cheers,

Thomas Goirand (zigo)

P.S: I'm unfortunately *not* volunteering for implementing the above as
I wont have enough time to do it properly, though I just hope my above suggestion helps...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

Hello,

вс, 2 окт. 2022 г. в 22:36, Steve Langasek <vorlon@debian.org>:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was >enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper tool?

I heartily endorse ubuntu-release-upgrader, it has been useful in addressing uncounted upgrade issues over the years and I think something like this
would be a nice addition to Debian as well. Two caveats:

I'd kindly ask against additional upgrade scripts. It is too easy to
miss them, especially if one has been using Debian for ages with bare
apt-get update && apt-get dist-upgrade.
Moreover such a script will not help people that are already using testing.

For the past few decades, updating the setup was always a job of the
package scripts. Thus we potentially can have an addon in the apt's
postinstall script that will check if the user is running bookworm,
the non-free repo is enabled and non-free-firmware is not. In such
case postinst can present user with a choice of ignoring n-f-f,
attempting automatic '/bookworm/s/non-free/non-free
non-free-firmware/' or letting user to fix setup. This way the user
will be present with such choice whichever path he uses to update to
bookworm.


--
With best wishes
Dmitry

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

Two things:

1. I'm worried what bugs we might expose by having packages be in two
components at once.
2. I really don't like the idea of leaving two different
configurations in the wild; it'll confuse people and is more
likely to cause issues in the future IMHO.

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

People that just have 'stable' in their sources.list haven't had to
do anything. I can't think of ever having had to add anything, only
change the release name.

This will get missed and it will get missed a lot.

--
Len Sorensen

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Mon, Oct 03, 2022 at 01:18:55AM +0300, Dmitry Baryshkov wrote:

вс, 2 окт. 2022 г. в 22:36, Steve Langasek <vorlon@debian.org>:

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like Ubuntu do), so this kind of potentially breaking change doesn't really have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper tool?

I heartily endorse ubuntu-release-upgrader, it has been useful in addressing
uncounted upgrade issues over the years and I think something like this would be a nice addition to Debian as well. Two caveats:

I'd kindly ask against additional upgrade scripts. It is too easy to
miss them, especially if one has been using Debian for ages with bare
apt-get update && apt-get dist-upgrade.
Moreover such a script will not help people that are already using testing.

For the past few decades, updating the setup was always a job of the
package scripts.

This is getting OT in this thread, but I agree with the many that are
against such upgrading script.

I consider even the need for such thing a bug, as each package should
take care of its own quirks.

Besides, if something wants to mess with my system configuration, that's
an even greater bug for me (something that IME ubuntu has been doing
more and more over the last years).


I can live with an APT hook warning me if I have non-free but not non-free-firmware, but I would prefer to even do without that.

For stable→stable updates there are the release notes for this tiny
change.
For testing/unstable users, they should really read d-d-a, and this
change be announced there (if it hasn't already).

--
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmM6EasACgkQCBa54Yx2 K63sYA//fqZDDW4LAAv5SaNEImPwN3ymccIDcg2icyTAuh1IDC+OuxKhG18d6Lws Td+IrIbd67xFbnjSr3SCb3Op1PHr8XcSi07Kcv/lmHIyZs51CMvZiDLFOnrSRoV2 xR51YORhtBnOZKi6H2VzquKUOib8GBcMRqhsHs3muYmwRCsnFRhTmekFyNAOfEr7 XZec9tmF1rsvnrGq2j7I2s9ZuhuiIew7snTKB0U4NVqFvDzk4k55M+05mNB8d/QB 0J5gw/CWS/t18kVxkbi5Zxa1ss9mBgdibcNImVya80+Fqdaz0tfIngrEn1vxJfog K0HAKFSIuFaBrhW1mh+RqLT6G0U/n6zX1SWP6Z7mFejyIHDb+7Nzb1sFJwIo26tR //Tfu5bD3Fm9K4+tsZHOlgA/HQY/AtV43erzn77zyo2wX/bV6rIFXYOy/NRakDqN chkM6LbxNmqMFC9X4fb+C34m7ye53bZD54srAMh2/l0XTtL+l4DP31XQXlPX1OJR AbLc9jInV9ILpQ6f3z9I6YoA/LFM4Pw/kIw4PsVuKEDWbWD08+3

XPost: linux.debian.maint.boot

Le Mon, Oct 03, 2022 at 12:33:20AM +0200, Mattia Rizzolo a �crit :

I can live with an APT hook warning me if I have non-free but not non-free-firmware, but I would prefer to even do without that.

In addition, how about distributing the firmware in both 'non-free' and 'non-free-firmware' at the same time for a release or two ?

Cheers,

--
Charles Plessy Nagahama, Yomitan, Okinawa, Japan Tooting from work, https://mastodon.technology/@charles_plessy Tooting from home, https://framapiaf.org/@charles_plessy

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

Hi,

Le 03/10/2022 à 01:00, Lennart Sorensen a écrit :
[…]

I can't think of ever having had to add anything, only
change the release name.

You’ll change your mind when you’ll upgrade to stable.

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information#security-archive

Regards

David

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Oct 02, 2022 at 11:47:42PM +0200, Thomas Goirand wrote:

On 10/2/22 22:02, Russ Allbery wrote:

Michael Biebl <biebl@debian.org> writes:

The main difference is, that the renaming caused an error message by
apt, so you knew something needed to be fixed.

One could argue that having non-free but not non-free-firmware is sufficiently strange that it would be worth a suppressable apt warning (that you could turn off in apt.conf). I have no idea how easy that would be to implement, though.

Hi!

I would very much prefer having this implemented in the base_files package. This is *the* package that follows releases, so that's IMO the best
location.

I would hate having to use an upgrade program like in Ubuntu. :/

An easy check could be:
1/ are we upgrading from base-files << 12.3 (we're currently at 12.2 in Sid) AND
2/ is there the non-free repo installed in the default sources.list
AND
3/ non-free-firmware repo isn't installed

THEN

warn user with debconf.

Checking the configuration of a non-free and non-free-firmware is kind of hard, because just reading/parsing source.list and source.list.d that could be filled with non-debian repos can be quite hard. Though we could imagine tricks, like where both repo would include a special package present only
for that test, and we just see if it is available with apt-cache policy for example (this is just an idea... not sure if there's better options).

Really all you need is

if [ -n "$(apt-get indextargets 'Component: non-free' 'Origin: Debian')" ] &&
[ -z "$(apt-get indextargets 'Component: non-free-firmware' 'Origin: Debian')" ]; then
debconf prompt
fi

I mean you could filter on codenames too but meh.

(CC me if you want me to get a reply in my INBOX, I may not see it
otherwise, I'm not subscribed, just receiving via NNTP gateway :D)
--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 03:27:36PM +0100, Steve McIntyre wrote:

* Check/add support for the non-free-firmware section in various
places:
+ debmirror (?)

Done in debmirror 1:2.37. I guess we need to cherry-pick this to
bullseye too? I know bullseye doesn't have non-free-firmware (which is
fine, the new debmirror doesn't object), but most people running mirrors probably run stable rather than testing.

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

Colin Watson <cjwatson@debian.org> (2022-10-03):

Done in debmirror 1:2.37. I guess we need to cherry-pick this to
bullseye too? I know bullseye doesn't have non-free-firmware (which
is fine, the new debmirror doesn't object), but most people running
mirrors probably run stable rather than testing.

Thanks for patching and verifying the extra component's presence on a
per-suite basis isn't an issue, that was on my to-do list.

And yes, it looks like bullseye-proposed-updates material to me; esp.
given that tiny diff…


Cheers,
--
Cyril Brulebois (kibi@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmM60FkACgkQ/5FK8MKz VSCKpA/+J9PvgCGWfJkMJIuRDKzphDxqk2jQgpywMZX9ignHYVk/KpGQcXchETnW x3UZDVOkOJSYEIbnswjy0G3u0OHgCabg/Lzo0UgbYMZvRJxyQljLLl7uy2yxsQFW SqdI2xH1wk6bdrOc+rmwclJsyUZboizvkZLFU4XxNzo2S+9z8NOua8raiB8+4KZr AhG0YLgE5ZR25X1Cyt8T6wF6FOUA0lrxsFeJUInBQ8UuxXzlEAFIfrq1vnpNgyGv nli/FN2lXQgKjqxeP0F5ECW/lf+6w/X2vPU2P13OOBrvcl4crc3KGdgBJUqJ+ckk dKssFcOquBrjWPw6dF1asGveXfgWkXEiGEWRutERlPFhQ5ekTeAbWu8UZE2aaNuV BFWqLVeSk6qVRnXuPqB8EmLxZ5iVAWLkfQUz3R7hnrieAmg5libD6nShKzdCavdf YilzmNdmC5Mxyi66jOI0JJfvVx6TYwrUAwQNuP9T+BZ01+Gt4ju7Xz5nR2lIeqD3 8TyhGM2ABq5kFPS9UrPrtl9RROP/EP18D7JR0goZP5wp4mr8fNeqg39bhgRp2Mpp PQUUwNY0krrvDLVZUh5lXfm8PfZm7dXU+x7M0fZQ27Q5+AQi5MdUs6IZYb61y/ie 3kt6o9JPr9I0EFCMQ7KlBuKJMMSL4ElMJ2IUsERKEUaL9rqmEW8=
=Xh9u
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
*

XPost: linux.debian.maint.boot

Steve McIntyre <steve@einval.com> (2022-10-02):

+ ftpsync (?)

I don't think that's needed. Using buster's and more recently bullseye's version, I have this locally:

drwxr-xr-x 4 mirror mirror 4096 Jul 19 04:16 /srv/mirrors/debian/dists/bookworm/non-free-firmware/by-hash/

which matches when dak's config got updated with that extra component.

The git tree has a bin/archive_release that lists components explicitly
but it doesn't end up in any binary packages (there's a single ftpsync,
and it's not shipped there). Furthermore the 'non-free' string doesn't
appear in any of the files below debian/ftpsync/ after a build, so the
package doesn't look like it needs an update for that (even though a lot
of work happened in master since the last tag/release).


Cheers,
--
Cyril Brulebois (kibi@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmM601gACgkQ/5FK8MKz VSBmcA//aGe18mr/c0TyPLh/nERIKBjj+49oToepQNxLjDMnuq8v+AjUBM+cnJtP 6ymCZLbjjm2wMG/PAgPvsx8OuW7YQPvlTqyHy9C+Mmu1VlXRzEc/rj2LPMFKwuw+ nUz5XjW5DDkp5TA1Dug04NufINDFDQsba/wbBPk2Qvu9NLyVsVIyR8sNjNvJB4Sy RgKAzWrSQrXCriuy8f/MCHPUD1XSAZ76udHZoSoMW3uH8pkakDeAB+Q5IiX6qyVT ezzwLfGTDMoFtRQBf138thXYf+G62Vmu/S8IE7+Gqjc/R1jwkzUDySj6E07V2Haf 1cNptdaBZ1YWKupNOcZAOojp0SywPaQGhF1YbgF1XlQQubjk5iAonW+8JBCzoz4t X04MVVRJp4IxDJbayctg4Ln9++vo+iXGBqWYNK33Z/1kE3fQ4LLEuDVgFxE+W8dn 3wVKjLmdzye+bd0NxBiXLRP636zNWqkJVttWa9KDamtWNJN78QSN/FboVc9iGDPY qCTZsENdU30BA8HVEUCs/F7bm5ajrxamPpxGT8+YGhICHpdcizAWKsd7dFOI4zic FBiW1K4oYAr0mwJ/h2mjyIH85tUufRSmfj8nG6lRaEq2cT0AUpD/mewDV3/+lek6 bLhEogvKjY0P/KNnyWUendNtxLb31m/Twqq6ekjKEhBUp4kmQbk=
=hd/D
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
*

XPost: linux.debian.maint.boot

On 03/10/2022 at 01:00, Lennart Sorensen wrote:

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

People that just have 'stable' in their sources.list haven't had to
do anything. I can't think of ever having had to add anything, only
change the release name.

Not even replace "stable/updates" with "stable-security" during the
upgrade from buster to bullseye ?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Mon, Oct 03, 2022 at 02:47:33PM +0200, Pascal Hambourg wrote:

Not even replace "stable/updates" with "stable-security" during the upgrade from buster to bullseye ?

Hmm I don't recall but I suppose it just wasn't very memorable to do it.
At least it would have given an error fetching the list if you didn't
do it. Not adding a new entry on the other hand will not.

--
Len Sorensen

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

We also try to avoid silent install problems that might or might not
result in a system that doesn't boot properly.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On 10/3/22 02:23, Charles Plessy wrote:

Le Mon, Oct 03, 2022 at 12:33:20AM +0200, Mattia Rizzolo a écrit :

I can live with an APT hook warning me if I have non-free but not
non-free-firmware, but I would prefer to even do without that.

In addition, how about distributing the firmware in both 'non-free' and 'non-free-firmware' at the same time for a release or two ?

How about being smarter than this? :)

Cheers,

Thomas Goirand (zigo)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 12:26:29PM -0700, Steve Langasek wrote:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was >enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Obviously we'll need to mention this in the release notes for
bookworm. Should we maybe talk about adding an upgrade helper tool?

We have already talked about apt release-upgrade for a couple of times,
but no time to implement it yet and the design needs to be talked
through how the target release can hook into apt to provide quirks.

We want apt release-upgrade too

1. rewrite sources for you if you want to
2. upgrade the system in three steps equivalent to

apt safe-upgrade --without-new-pkgs
apt safe-upgrade --with-new-pkg
apt full-upgrade

3. Hooks to customize the dependency solving (adding/removing packages),
and potentially arbitrary quirks.

Where things get awkard is that (1) we'd like declarative hooks where
possible, a deb822 file of hooks, but (2) we also need to perhaps add
new logic.

So there was an idea to build a binary package that ships a module that
can be loaded at runtime by apt. So apt would install that package first
before it can upgrade. Or you can make it be a shell script and have
hooks of Type: Shell. Or just add Depends to release file that requires
users to install a newer version of apt before they can use the
repository and then ship that in (old)stable-updates with the additional
types of hooks.

I heartily endorse ubuntu-release-upgrader, it has been useful in addressing uncounted upgrade issues over the years and I think something like this
would be a nice addition to Debian as well. Two caveats:

- Despite this being the sanctioned upgrade path in Ubuntu for over a
decade, every single cycle we get bug reports from users who have run
into issues because they have bypassed it and done the manual sed
/etc/apt/sources.list && apt dist-upgrade. So in Debian where this has
been the norm for /two/ decades, I would not expect this to substantially
reduce the error rate in the first release where such a mechanism is
introduced. (After all, whether telling users to use a new upgrader tool
or telling them to manually add a component to sources.list, they will
have to read the release notes to know about it!)

- There are always some users that end up with buggy systems after upgrade
despite using the supported interface because they upgrade to the devel
release, and the release-upgrader is still under development up until
release so they miss out on quirks being applied - and there is no
interface for users to replay the quirks that they missed out on. Don't
repeat the same design mistake.

That makes sense. So the idea for apt release-upgrade is to have a list
of quirks and each quirk can then have a test to see if it ran already.

--
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer i speak de, en

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmM68tgACgkQb6RY3R2w P3Et9w//ZsW/wJ2VwARRZ/7rqNW8D8AzVK1cJDjVSyofGPESFyjKUWIAERwZAx/p yfCeoNrQDRQjAmswXtf4ewTU8pd+2A9unLqtxX8Ot18+gwQw1LWCsFSkZYm1B3Hc 2Fnd3PsU0Yrdf7S2LD8DtnWr1BmdJ42rbCBrJ78jcJGlGHvzerkST56WCjBiM4Y1 4ngNPDwDyFtAbfANPF9x9s1VdpHRV2iJVggGypuWXb9r/mLSxd0RJpaz6Jpgh/7I Nn9+9MxETaziGM0/6lsVUTmYaieWMvbWdUr2o7kA6xcsKYJEvwx05t3hVmm0r8aS zzT6ykQxkeC+wAaWbH1UVBxAbJo4FkiAgI0MG80CcxKtHPfiPPUT2b+OwpRkMOL8 lamIhNqwSq62UZDOUNMk+qf2JQWhBwAsiheVfyQa0rW1nFbPrhA/dbl38SYZ/o72 qDdZfW9fjV3IrOpxz1WJjmJWhvyRXcj3PupIC3Poz/cvLjiYhuYATYfE6s+brTlI GsKuucvh/jvF61V5mSZcgdjf6TxvgGxEO4gH+NHnjAELwS0DyXbbA/jLSgHTjqwP uSDqxcH/+uDVpRAioe6RdTDNdOVHZRP1xvEaqPTlm4wXIEL9wUn3T/oN9Gb6FgvX EwtoR4J3I8Eq/mlkJ4/tzxWAe/rfgcCb8yTjQ0121r23kzyaT4U=
=iU8n
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Ori

XPost: linux.debian.maint.boot

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 11:08:47AM -0400, Michael Stone wrote:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was
enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Is there a reason to not continue to make the packages available in non-free?
I don't see a reason to force any change on existing systems.

Two things:

1. I'm worried what bugs we might expose by having packages be in two
components at once.
2. I really don't like the idea of leaving two different
configurations in the wild; it'll confuse people and is more
likely to cause issues in the future IMHO.

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

I think in the absence of a release upgrade script (which I very much
doubt will happen, and be tested, and we can rely will be used, for
bookworm), Michael's suggestion seems like a reasonable way forward. I
imagine we'll need to patch dak to allow that, but it seems like it
should be tractable?

Cheers,
Julien

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Wed, Oct 05, 2022 at 10:11:27PM +0200, Julien Cristau wrote:

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 11:08:47AM -0400, Michael Stone wrote:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was
enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Is there a reason to not continue to make the packages available in non-free?
I don't see a reason to force any change on existing systems.

Two things:

1. I'm worried what bugs we might expose by having packages be in two
components at once.
2. I really don't like the idea of leaving two different
configurations in the wild; it'll confuse people and is more
likely to cause issues in the future IMHO.

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

I think in the absence of a release upgrade script (which I very much
doubt will happen, and be tested, and we can rely will be used, for >bookworm), Michael's suggestion seems like a reasonable way forward. I >imagine we'll need to patch dak to allow that, but it seems like it
should be tractable?

I'm also worried what effect this will have on other tools that have
to grok the archive (mirror tools, debian-cd, etc.). I'm not going to
try and veto having things in more than one component, but (ugh!) I
really think it's ugly. Actually, I think I'd much prefer Santiago's
idea:

Couldn't we handle this via transitional firware* non-free packages,
that depend on bookworm non-free-firmware packages?

We'd need to add some transitional binary packages for the small
number of n-f-f source packages. That way people would get errors from
apt if they don't read our warnings and update. Maybe this is a way
forward?

--
Steve McIntyre, Cambridge, UK. steve@einval.com
Armed with "Valor": "Centurion" represents quality of Discipline,
Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
concord the digital world while feeling safe and proud.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Thu, Oct 6, 2022 at 15:45:25 +0100, Steve McIntyre wrote:

On Wed, Oct 05, 2022 at 10:11:27PM +0200, Julien Cristau wrote:

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 11:08:47AM -0400, Michael Stone wrote:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was
enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like >> >> Ubuntu do), so this kind of potentially breaking change doesn't really >> >> have an obvious place to be fixed.

Is there a reason to not continue to make the packages available in non-free?
I don't see a reason to force any change on existing systems.

Two things:

1. I'm worried what bugs we might expose by having packages be in two
components at once.
2. I really don't like the idea of leaving two different
configurations in the wild; it'll confuse people and is more
likely to cause issues in the future IMHO.

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

I think in the absence of a release upgrade script (which I very much
doubt will happen, and be tested, and we can rely will be used, for >bookworm), Michael's suggestion seems like a reasonable way forward. I >imagine we'll need to patch dak to allow that, but it seems like it
should be tractable?

I'm also worried what effect this will have on other tools that have
to grok the archive (mirror tools, debian-cd, etc.). I'm not going to
try and veto having things in more than one component, but (ugh!) I
really think it's ugly. Actually, I think I'd much prefer Santiago's
idea:

Couldn't we handle this via transitional firware* non-free packages,
that depend on bookworm non-free-firmware packages?

We'd need to add some transitional binary packages for the small
number of n-f-f source packages. That way people would get errors from
apt if they don't read our warnings and update. Maybe this is a way
forward?

I don't think that will work well, the packages will likely just be held
at the old version if the new ones are uninstallable because the new
component isn't enabled.

Cheers,
Julien

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Thu, Oct 06, 2022 at 05:03:20PM +0200, Julien Cristau wrote:

On Thu, Oct 6, 2022 at 15:45:25 +0100, Steve McIntyre wrote:

On Wed, Oct 05, 2022 at 10:11:27PM +0200, Julien Cristau wrote:

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 11:08:47AM -0400, Michael Stone wrote:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was
enabled before)?

So this is the one bit that I don't think we currently have a good
answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Is there a reason to not continue to make the packages available in non-free?
I don't see a reason to force any change on existing systems.

Two things:

1. I'm worried what bugs we might expose by having packages be in two >> components at once.
2. I really don't like the idea of leaving two different
configurations in the wild; it'll confuse people and is more
likely to cause issues in the future IMHO.

Plus, as Shengjing Zhu points out: we already expect people to manage
the sources.list anyway on upgrades.

I think in the absence of a release upgrade script (which I very much >doubt will happen, and be tested, and we can rely will be used, for >bookworm), Michael's suggestion seems like a reasonable way forward. I >imagine we'll need to patch dak to allow that, but it seems like it >should be tractable?

I'm also worried what effect this will have on other tools that have
to grok the archive (mirror tools, debian-cd, etc.). I'm not going to
try and veto having things in more than one component, but (ugh!) I
really think it's ugly. Actually, I think I'd much prefer Santiago's
idea:

Couldn't we handle this via transitional firware* non-free packages,
that depend on bookworm non-free-firmware packages?

We'd need to add some transitional binary packages for the small
number of n-f-f source packages. That way people would get errors from
apt if they don't read our warnings and update. Maybe this is a way forward?

I don't think that will work well, the packages will likely just be held
at the old version if the new ones are uninstallable because the new component isn't enabled.

Maybe and idea would to do something like isa-support does for e.g sseX-support on CPUs that does not have that feature: It fails on installation with an debconf message, IIRC.
So that would allow something like "new package" | "you-need-to-enable-nonfree-firmware-reminder-package"

Cheers,
Julien

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

El 06/10/22 a las 17:13, Tobias Frost escribi�:

On Thu, Oct 06, 2022 at 05:03:20PM +0200, Julien Cristau wrote:

On Thu, Oct 6, 2022 at 15:45:25 +0100, Steve McIntyre wrote:

On Wed, Oct 05, 2022 at 10:11:27PM +0200, Julien Cristau wrote:

On Sun, Oct 02, 2022 at 08:21:31PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 11:08:47AM -0400, Michael Stone wrote:

On Sun, Oct 02, 2022 at 03:53:00PM +0100, Steve McIntyre wrote:

On Sun, Oct 02, 2022 at 04:43:47PM +0200, Michael Biebl wrote:

What's the plan for upgraded systems with an existing /etc/apt/sources.list.
Will the new n-f-f section added on upgrades automatically(if non-free was
enabled before)?

So this is the one bit that I don't think we currently have a good >> >> answer for. We've never had a specific script to run on upgrades (like
Ubuntu do), so this kind of potentially breaking change doesn't really
have an obvious place to be fixed.

Is there a reason to not continue to make the packages available in non-free?
I don't see a reason to force any change on existing systems.

Two things:

1. I'm worried what bugs we might expose by having packages be in two >> components at once.
2. I really don't like the idea of leaving two different
configurations in the wild; it'll confuse people and is more
likely to cause issues in the future IMHO.

Plus, as Shengjing Zhu points out: we already expect people to manage >> the sources.list anyway on upgrades.

I think in the absence of a release upgrade script (which I very much >doubt will happen, and be tested, and we can rely will be used, for >bookworm), Michael's suggestion seems like a reasonable way forward. I >imagine we'll need to patch dak to allow that, but it seems like it >should be tractable?

I'm also worried what effect this will have on other tools that have
to grok the archive (mirror tools, debian-cd, etc.). I'm not going to
try and veto having things in more than one component, but (ugh!) I really think it's ugly. Actually, I think I'd much prefer Santiago's idea:

Couldn't we handle this via transitional firware* non-free packages, that depend on bookworm non-free-firmware packages?

We'd need to add some transitional binary packages for the small
number of n-f-f source packages. That way people would get errors from apt if they don't read our warnings and update. Maybe this is a way forward?

I don't think that will work well, the packages will likely just be held
at the old version if the new ones are uninstallable because the new component isn't enabled.

Good point!

Maybe and idea would to do something like isa-support does for e.g sseX-support
on CPUs that does not have that feature: It fails on installation with an debconf message, IIRC.
So that would allow something like "new package" | "you-need-to-enable-nonfree-firmware-reminder-package"

And this could solve the issue, indeed. Picking up my other mail in the
thread, the transitional packages could be summarised like this:

bullseye:
firmware-linux-nonfree (non-free)
bookworm:
firmware-linux-nonfree (non-free) - empty
Depends: firmware-linux-nonfree-bookworm* (non-free-firmware) |
non-free-firmware-needed-warning-package
trixie:
firmware-linux-nonfree-bookworm (non-free-firmware) - empty
Depends: firmware-linux-nonfree (non-free-firmware)
trixie+1 (forky):
firmware-linux-nonfree (non-free-firmware)
and so on.

* find a better name/suffix

Would this make sense?

I could volunteer to test this and propose the needed new package,
unless someone else wants to do it.

Cheers,

-- Santiago

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQRZVjztY8b+Ty43oH1itBCJKh26HQUCY0gmEgAKCRBitBCJKh26 HTukAQCBUKGCA4oI8YvfUFsvYQW1ZiW2/fI+YUMIj1DbAcdzIAD/Zk+hFTO46lyL Tj7iKmi8zAOgqVgOnwJjIH+KlYTrrg8=
=j59t
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Thu, Oct 06, 2022 at 05:13:22PM +0200, Tobias Frost wrote:

Maybe and idea would to do something like isa-support does for e.g sseX-support
on CPUs that does not have that feature: It fails on installation with an debconf message, IIRC.
So that would allow something like "new package" | "you-need-to-enable-nonfree-firmware-reminder-package"

Failing on installation is a terrible user experience, let's not, pretty please.

Cheers,
Julien

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Thu, Oct 13, 2022 at 05:08:57PM +0200, Julien Cristau wrote:

On Thu, Oct 06, 2022 at 05:13:22PM +0200, Tobias Frost wrote:

Maybe and idea would to do something like isa-support does for e.g sseX-support
on CPUs that does not have that feature: It fails on installation with an debconf message, IIRC.
So that would allow something like "new package" | "you-need-to-enable-nonfree-firmware-reminder-package"

Failing on installation is a terrible user experience, let's not, pretty please.

I'd prefer failing loudly to failing silently.

Cheers,
Julien

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Thu, Oct 13, 2022 at 05:08:57PM +0200, Julien Cristau wrote:

On Thu, Oct 06, 2022 at 05:13:22PM +0200, Tobias Frost wrote:

Maybe and idea would to do something like isa-support does for e.g sseX-support
on CPUs that does not have that feature: It fails on installation with an debconf message, IIRC.
So that would allow something like "new package" | "you-need-to-enable-nonfree-firmware-reminder-package"

Failing on installation is a terrible user experience, let's not, pretty >please.

It's not great, no. Do you have a better suggestion for making sure
people update sources.list?

--
Steve McIntyre, Cambridge, UK. steve@einval.com "Since phone messaging became popular, the young generation has lost the
ability to read or write anything that is longer than one hundred and sixty
characters." -- Ignatios Souvatzis

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Thu, Oct 13, 2022 at 04:13:57PM +0100, Steve McIntyre wrote:

On Thu, Oct 13, 2022 at 05:08:57PM +0200, Julien Cristau wrote:

On Thu, Oct 06, 2022 at 05:13:22PM +0200, Tobias Frost wrote:

Maybe and idea would to do something like isa-support does for e.g sseX-support
on CPUs that does not have that feature: It fails on installation with an debconf message, IIRC.
So that would allow something like "new package" | "you-need-to-enable-nonfree-firmware-reminder-package"

Failing on installation is a terrible user experience, let's not, pretty >please.

It's not great, no. Do you have a better suggestion for making sure
people update sources.list?

We can display a debconf error (which debconf tries really really hard
to show to the user) and then succeed?

Alternatively, the package could install an apt hook that nags the user
every time they run "apt update" or equivalent, and that turns silent if
the updated firmware packages are installed (because of the difference
between "purge" and "remove").

--
w@uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}

I will have a Tin-Actinium-Potassium mixture, thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Thu, 2022-10-13 at 17:35 +0200, Julien Cristau wrote:

I'd prefer if we could make things work vs making things fail,
however loudly.

There seem to be a few ways to deal with this transition:

1. Document it in the release notes and let users handle it. This means
lots of users won't get security updates for firmware (which are mostly
only issued for x86 CPU microcode), since lots of folks won't read the
release notes. This also means lots of support requests when users
can't find the firmware package they wanted.

2. Add some code somewhere to automatically modify the apt sources,
somehow ensure that code is run by all Debian users and hope that other automated processes (like ansible/puppet) don't overwrite those changes
and hope that users aren't storing apt sources config in packages,
which would mean conffile prompts after the modification happens.

3. Add some code to apt to download non-free-firmware when non-free is available in the sources and the downloaded Release files. This would
solve the issue for Debian and all other derivatives too, if they
decide to add a new non-free-firmware component too. This might not
be accepted by apt developers as it is kind of a hack to special-case
Debian component semantics in apt, although maybe a component mapping
config option would be accepted. This might result in extra Debian
support requests when users notice the new component in `apt update`.
This might not work for users of tools not based on apt, like cupt?
This wouldn't result in users without non-free getting any non-free
firmware though, which maybe we want since it is the new default?

4. Keep all non-free-firmware packages in non-free too. This would be
backwards compatible, but may expose bugs in dak, debian-cd, apt and
other tools, so IIRC this has been vetoed by the archive and CD teams.
This also wouldn't result in users without non-free getting any of the
non-free firmware, which maybe we want since it is the new default?

Personally I would choose 4 first, I expect any potential issues could
be easily fixed before the freeze. Next I would choose 3. Next I would
choose 1 because I think /etc belongs to the sysadmin not packages.

--
bye,
pabs

https://wiki.debian.org/PaulWise

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEYQsotVz8/kXqG1Y7MRa6Xp/6aaMFAmNI9HkACgkQMRa6Xp/6 aaNKLQ//XKEGmdB7cGff2DEp7Q2HeE+RzTBga7h3qT3jL/QF4yVl/PJNgxJO6TRq uF94QtEpuTp8MVCuxMP+ZjNGzMa/bJkly5mZjhh9HJMDyOfDbY0AWxN5pcjraeVe HXV767JrSKIv3ycLrNH94dQoCG6nU29lwJIqkT1HhPYPhznjwQwqraD+pI4s1hWU zHnuQSIg4kRA7mLZ6ZUI/Eh6DxLC7xmf2Ek4SQzrySK8cBrEWEwY9C8QD4FGxiNa dL4e9t4LmGZtFbM0QBPx96KdFnGdV3HI5JvHP8MoizqKrBD0TaQsogOHguNFlHQN CzQ6PFUZjAZGhxCcNZCndT5hS7/Vi1qHZe7hpu61cC/7S25aQ+4Xu9e8aNTCZvgW RnBZh2JsmK2KizJySzo6UVhvCWefczB2I9Uba0TCUr9gSuPb31txTjf42DWpb1ZL 1hxr85LSy5cyOK5YLOiTtmahWLL3C5fO0M3ywAcFRfDsNZQUDe3BUEcWNS3WPuPj f24+A/dD+UCTdVyKx7DmWvIavxq3/HzgFFbgGyeIgdkhubWMRZCuNMPNYNxOoUQq luLVj9dUDJV8EYkL3h4lcNwGmyLZrsbNAfV0/+qwSgNYK9eWE6LGrPN2sgzW5iqP 5GLw/A7RkrxNmoSV8lPlzEnklYxb43J+6aitZfbumFYpTQY9rJ8=
=X5Hv
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

El 14/10/22 a las 13:32, Paul Wise escribi�:

On Thu, 2022-10-13 at 17:35 +0200, Julien Cristau wrote:

I'd prefer if we could make things work vs making things fail,
however loudly.

There seem to be a few ways to deal with this transition:

1. Document it in the release notes and let users handle it. This means
lots of users won't get security updates for firmware (which are mostly
only issued for x86 CPU microcode), since lots of folks won't read the release notes. This also means lots of support requests when users
can't find the firmware package they wanted.

2. Add some code somewhere to automatically modify the apt sources,
somehow ensure that code is run by all Debian users and hope that other automated processes (like ansible/puppet) don't overwrite those changes
and hope that users aren't storing apt sources config in packages,
which would mean conffile prompts after the modification happens.

3. Add some code to apt to download non-free-firmware when non-free is available in the sources and the downloaded Release files. This would
solve the issue for Debian and all other derivatives too, if they
decide to add a new non-free-firmware component too. This might not
be accepted by apt developers as it is kind of a hack to special-case
Debian component semantics in apt, although maybe a component mapping
config option would be accepted. This might result in extra Debian
support requests when users notice the new component in `apt update`.
This might not work for users of tools not based on apt, like cupt?
This wouldn't result in users without non-free getting any non-free
firmware though, which maybe we want since it is the new default?

4. Keep all non-free-firmware packages in non-free too. This would be backwards compatible, but may expose bugs in dak, debian-cd, apt and
other tools, so IIRC this has been vetoed by the archive and CD teams.
This also wouldn't result in users without non-free getting any of the non-free firmware, which maybe we want since it is the new default?

Personally I would choose 4 first, I expect any potential issues could
be easily fixed before the freeze. Next I would choose 3. Next I would
choose 1 because I think /etc belongs to the sysadmin not packages.

5. transitional packages along with a helper package (that fails or
success during install) to prompt the user so they add non-free-firmware section when needed.

Is there any reason why you are not considering 5.?

Cheers!

-- Santiago

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQRZVjztY8b+Ty43oH1itBCJKh26HQUCY0kjIQAKCRBitBCJKh26 HZGWAP4hwqPZeEd8A6i6uIecS0OD0IBq66QrCdA7jx1zxGctfQEA174MFuwylcKR fZjXHWhD7PuOd6D/6MYxIVZ+5dXXVA4=
=3MSP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Fri, Oct 14, 2022 at 10:52:01AM +0200, Santiago Ruano Rincón wrote:

El 14/10/22 a las 13:32, Paul Wise escribió:

On Thu, 2022-10-13 at 17:35 +0200, Julien Cristau wrote:

I'd prefer if we could make things work vs making things fail,
however loudly.

There seem to be a few ways to deal with this transition:

1. Document it in the release notes and let users handle it. This means lots of users won't get security updates for firmware (which are mostly only issued for x86 CPU microcode), since lots of folks won't read the release notes. This also means lots of support requests when users
can't find the firmware package they wanted.

2. Add some code somewhere to automatically modify the apt sources,
somehow ensure that code is run by all Debian users and hope that other automated processes (like ansible/puppet) don't overwrite those changes
and hope that users aren't storing apt sources config in packages,
which would mean conffile prompts after the modification happens.

3. Add some code to apt to download non-free-firmware when non-free is available in the sources and the downloaded Release files. This would
solve the issue for Debian and all other derivatives too, if they
decide to add a new non-free-firmware component too. This might not
be accepted by apt developers as it is kind of a hack to special-case Debian component semantics in apt, although maybe a component mapping config option would be accepted. This might result in extra Debian
support requests when users notice the new component in `apt update`.
This might not work for users of tools not based on apt, like cupt?
This wouldn't result in users without non-free getting any non-free firmware though, which maybe we want since it is the new default?

4. Keep all non-free-firmware packages in non-free too. This would be backwards compatible, but may expose bugs in dak, debian-cd, apt and
other tools, so IIRC this has been vetoed by the archive and CD teams.
This also wouldn't result in users without non-free getting any of the non-free firmware, which maybe we want since it is the new default?

Personally I would choose 4 first, I expect any potential issues could
be easily fixed before the freeze. Next I would choose 3. Next I would choose 1 because I think /etc belongs to the sysadmin not packages.

5. transitional packages along with a helper package (that fails or
success during install) to prompt the user so they add non-free-firmware section when needed.

Is there any reason why you are not considering 5.?

Do you mean having packages with the same names, but different versions
(even if only Debian revisions) and totally different contents, and also
built from different source packages, in different sections of the same
suite in the archive?... I'm... I'm not sure this would work... I think that others already expressed some doubts as to how dak would handle that.

G'luck,
Peter

--
Peter Pentchev roam@ringlet.net roam@debian.org pp@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAmNJMfoACgkQZR7vsCUn 3xOhmhAAiu0JMWhV7wN/40stioHneq+KKy7ONvMcfNYJDOrxqhk/2mGqNqjXT+53 qA0TR4iEa6FORH/ryXA+wIJWcA3vXjK4yBEKPEszMZ+ALBkWu8dfvgQwKz4KHhZo owjeqpm4wZ1OBCGMDmOfFmSrRVeFDYg2TLgLr+zangs2CZ9mc4vZoslxb4AvpSjo HGuVZhNDwkMiNyM2r2+KURtiwyvK4hgD4RLDCtNukWH17m0QD2OyL1FuRwoMz22p EhzQhN/X0C2sTtqvM7MEmB4pSvHYUvfaGvmSqiAq0tcI5njlV1BsZFGEqq5+SlMe 8e5Bh7v4yqaTxxW4B4niQKcgyUL16lVzegrHPkr01IONODuNsNc/ZnlTzgS6KNGN P9mmZmwEHNfw74fyftBOTApdwpprX4cZYTdat7MzZGp5Vid6ma+IWHnJEwu1xtan TAV8/0Xpgt10sdYQ5SxreSZ7niS6j7cb/peAWaFZBrkI5f7B+JTShiRBD7WqFZiv jJx1ZlWC9mbl8fnjS1ckagBxP5fQIua+ftt5ydWD6bU38iWAgQV/RNcYffqq8UJm eI6OyyYQ+ZFmDl0Nud8qmSHE42nlZ5Mgfmv1jeXlb//vLKGF31OVRJ4eIMVkA9O5 uiRScIZnL+kjxHos1+n7+SzxrsEhN491VjK23GGlQduC9QaBIls=
=uVfh
-

XPost: linux.debian.maint.boot

* Paul Wise <pabs@debian.org> [221014 01:35]:

On Thu, 2022-10-13 at 17:35 +0200, Julien Cristau wrote:

I'd prefer if we could make things work vs making things fail,
however loudly.

There seem to be a few ways to deal with this transition:

2. Add some code somewhere to automatically modify the apt sources,
somehow ensure that code is run by all Debian users and hope that other automated processes (like ansible/puppet) don't overwrite those changes
and hope that users aren't storing apt sources config in packages,
which would mean conffile prompts after the modification happens.

Actually, I think this would work really well. Do not modify any
existing sources.list; drop a new file in sources.list.d. This file can
have a default name that includes "firmware-nonfree" so is highly
unlikely to exist, but if it does, add "-NNN" suffix with the smallest
numeric NNN that does not exist.

Of course, the file would only be added if the current sources do not
include that component, which would _really_ decrease the probability of
a file name conflict to be about the same as the probability of the
earth being destroyed by an asteroid.

...Marvin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Fri, Oct 14, 2022 at 01:32:41PM +0800, Paul Wise wrote:

4. Keep all non-free-firmware packages in non-free too. This would be backwards compatible, but may expose bugs in dak, debian-cd, apt and
other tools, so IIRC this has been vetoed by the archive and CD teams.
This also wouldn't result in users without non-free getting any of the non-free firmware, which maybe we want since it is the new default?

Personally I would choose 4 first, I expect any potential issues could
be easily fixed before the freeze.

but what would you then propose after the release, where we would have
exactly the same situation as we would have now. carry this on forever?


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

When this virus is over, I still want some of you all to stay away from me.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmNJU4AACgkQCRq4Vgaa qhy9aBAAiiJ+pibWURKiw6vEqeMRn7/Dwi6W/qXNuGpmV5BNRy/MEmzsYujVEHmM Jb5S+y7Mq65M7PtQXexX6i6pnoeEk8xj1hlbie1O6dmme+vcC+CuBMNYpRMfilsm nRc53UXrfIa+vshIn1z9Mss1WpZtweKf393QwNEWUM8Lt8ht5PCrtFsKF3wUtlZl FAwbnEEND2X1F45hdLZZRQpib/jRHxFUpUsvvwj0avpPZz4bPhlEP+n/sctM8IGI IgTQg1wcTPLzHMJBQQ6wR6peaorG2ZLtNbWvWNdtYSMXpkH3Nq1X3Ru2TfI2pHps 3alGgcGONEp5YGKm3NHHUenxlklWTTTf2npOsXgkDBHeEuycDrDepMFTGAJnePUA 8GTZ8p+lbN/Zew7D6+DySrGmRzfhmywVYCvqPfJWpzqX1MOSJ3USzk7D45Va1Ggp HnXrwwCmHjvXM5LLRkKAzPPjP41hdczC2YL3a/dtq5rV9oMzxEmsHSKfobqxpl/1 kzHa3OV3qZ+qDwV3HO6yxdMkHQeYsoiorTzy1GtmyLN9+VsKfUQcGN6+oKRBwvKb rvcpdC5tewKz/yjehEVwIxzWKKrjDSvMoh8y/

XPost: linux.debian.maint.boot

On Fri, Oct 14, 2022 at 01:32:41PM +0800, Paul Wise wrote:

On Thu, 2022-10-13 at 17:35 +0200, Julien Cristau wrote:

I'd prefer if we could make things work vs making things fail,
however loudly.

There seem to be a few ways to deal with this transition:

(quotes reordered in Pauls preference order mentioned at the end)

4. Keep all non-free-firmware packages in non-free too. This would be backwards compatible, but may expose bugs in dak, debian-cd, apt and
other tools, so IIRC this has been vetoed by the archive and CD teams.
This also wouldn't result in users without non-free getting any of the non-free firmware, which maybe we want since it is the new default?

libapt or probably most user-facing client are no concern in this as
packages coming from multiple sources is normal. If you have e.g.
unstable and testing in your sources.list it is happening all the time,
or you have multiple mirrors, … only by the virtue of having packages installed and somewhere online a client needs a way to figure out if the version installed is the same as (one of) the versions online and which
online sources talk about the same version (naively, you would think
version number is enough, but libapt actually goes beyond that).

I assume through that in servers and other tools who are not usually
exposed to packages in multiple versions or multiple sources in general
have a harder time with this, so I can understand them being reluctant.

There are also a lot of tools… most user-facing clients will be based
on libapt or at least directly inspired by it, but if clients like (c)debootstrap expect a package name to be no longer unique in their
world view (after all, they don't even do multi-sources like -updates
and -security …) I honestly don't know and fear the worst.


It is also that if we decide that, we basically decide that it will stay
that way forever. Its also an (arguably tiny) waste of diskspace and
such for everyone who has both components configured.

It is the only solution treating everyone equal though. All the others
talk only about sources.list with no idea if and how e.g. debootstrap
needs to understand that non-free-firmware is a thing now. Does it?

3. Add some code to apt to download non-free-firmware when non-free is available in the sources and the downloaded Release files. This would
solve the issue for Debian and all other derivatives too, if they
decide to add a new non-free-firmware component too. This might not
be accepted by apt developers as it is kind of a hack to special-case
Debian component semantics in apt, although maybe a component mapping
config option would be accepted. This might result in extra Debian
support requests when users notice the new component in `apt update`.
This might not work for users of tools not based on apt, like cupt?
This wouldn't result in users without non-free getting any non-free
firmware though, which maybe we want since it is the new default?

The problem with this within libapt is that libapt wants to look at the sources.list entry and produce a list of files which could possibly
belong to this entry. The Release file is just one of those files.
It is consulted later to remove entries from the file list (e.g. in an 'update'), but files aren't added at that stage.

Think of 'apt update --print-uris': What would that print if it would
need to look at the Release first? If you look closely, you will notice
e.g. a line talking about 'binary-all/Packages'. The Release file will
later tell apt to not download it for Debian. Similar, depending on your
locale environment apt talks about downloading Translation files here
which don't exist or perhaps even of Contents files which are in an
other location than in reality for some distros (hello Ubuntu).

So, if we wanted that, I could hardcode in apt that it should look for non-free-firmware, too, if it sees non-free as a component configured
and decide later on not to download that component if it doesn't exist –
on the upside (depending on your view) that isn't Debian specific.
In practice it would probably turn out to be a medium sized patch as
so far apt doesn't have the concept of an implicit component, but it
shouldn't be rocket science and easily done ahead of the freeze.
It would probably be too big for a backport through and even if very
unlikely in practice a behaviour change as suddenly grabbing an existing non-free-firmware component and upgrades from it after an unattended
upgrade in an unattended upgrade is… that rules out availability of
the bookworm-version of firmware packages in the upgrade to bookworm.
They would be installed only with the first 'update && upgrade' cycle
on the upgraded bookworm system, potentially unattended. Most other
"solutions" have the same "problem" – I would hope that for firmware
packages it isn't really one in practice as they should be very light on (rev-)dependencies and demands upon them.

We are potentially burning one component name forever, but I suppose
we can live with that.


The question is if we should do that through as it would be libapt-
specific magic. I suppose as we are only talking about sources.list
I guess we can do whatever as after all, that file is libapt-specific
as well, but:

Alice as an upgrader has non-free in its sources.list and gets non-free-firmware implicitly as a service from apt.

Bob installs Debian on a fresh system and gets non-free-firmware
in its sources.list as a service from d-i.

Cecile is an upgrader, too, but she has non-free in her sources.list
only for the firmware, so she would happily switch out non-free
for non-free-firmware, if only she would know.


All of them go online, read stuff potentially decades old about Debian, firmware and non-free. Their software center GUIs talk about four
components now (do they?) they can enable (or not) in these funny little dialogs…

As much as I would like apts sources.list to be apt-specific, I fear
a bunch of things read and even write it, which potentially need
to implement apt's magic as well to make sense to the user. Alice and
Cecile will be confused if e.g. the GUI says they don't have
non-free-firmware enabled, but they are getting packages from it…

That is not to say no, I just want to highlight that other places would
need some work as well and it could be confusing if we miss some –
but then, what change isn't confusing.


(That apt does things this way is due to historic grow. I entertain some
changes which if they would exist would make similar split-offs work
better, but those I would classify as requiring enormous patches.
Absolutely not going to happen soon, if at all)

1. Document it in the release notes and let users handle it. This means
lots of users won't get security updates for firmware (which are mostly
only issued for x86 CPU microcode), since lots of folks won't read the release notes. This also means lots of support requests when users
can't find the firmware package they wanted.

'apt update' still has the code which detected Debian sources accessed
via ftp, which told users that ftp will be shut down and points to
a press release about it. [0]

I didn't implement something similar for the security change as
I somehow got the memo way too late and it would have been harder given
in that case I would have no data to go by, but that is water under the
bridge by now.


We could do something similar to ftp here, detecting non-free but not non-free-firmware for a Debian source and point users to a press release explaining what this is all about (not the release notes, as e.g. sid
users would somewhat rightly not expect to need to look there for
information). That is somewhat trivial to do, we might even be able to
convince the stable managers to allow backport this, so a bullseye user
running 'apt update' while upgrading to bookworm would see that message
already or otherwise be bugged about it IF they later interact with apt
(which isn't a guarantee. So ideally other front ends would talk about
this, too).

That would be entirely Debian specific and hard-coded in apt (and in
other front ends) though. I am not an enormous fan of producing an index
of all repositories wanting to opt-in within apt source code. So moving
that to an external hook might be better from a backport sense (as
I suppose in the lifetime of stable, repositories will adapt. Not all
prepare for stable while we do but against the finished product).


I don't really want to rank either of the mentioned options as either
could work, they all have their benefits and drawbacks and most
importantly: while I am happy to impose work upon myself, I don't want
to decide what others should work on. I also have a bad track-record of
judging what is acceptable to bother users with…

If I completely ignore the work aspect, for me personally I would favour
3 as it has the hint of introducing the concept of a hierarchy in
components which might come in handy later if we want to split off other sections in other components as well. But as said, either works and
I would be willing to support them from the apt side of things at least.

With one exception:
I rank any option even remotely considering a postinst failure well
below NOTA as that is a horrible user experience. isa-support is a hack,
not a role model. It is barely acceptable only because it effects only
a tiny fraction of our user base so far. And even for those, I would
like apt to help not installing broken packages (but that is another
topic).


So, who is gonna take the blame for deciding this for everyone?


Best regards

David Kalnischkies

[0] https://salsa.debian.org/apt-team/apt/-/blob/main/apt-private/private-update.cc#L88-106

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE5sn+Q4uCja/tn0GrMRvlz3HQeIMFAmNJX1sACgkQMRvlz3HQ eINlZQ//YPyxod74HiidWv8qh9wgFgR9tGGyRZLGFVLblrLW5w30OipHAO/a1dmn 1tVK+kalGySRx1cya4QB+dmgDuO3SAXUj5FYfs0afvq19CLN7/TurjB47qBfnN+Y FdA0dBKyc9r27drTwd73QYI7Euz9zVaJxyUojTmLanll7wFXudZeGARVxi4NI01x wCCW8YuhgPb6GsqNnG5orfYZKlrU7Ha1t+r2eLkjEXAagdNaVyvjesU7K2Oxj/Ao QAnoHFwWZnkg2zoFB3vC7SX3aYQX4tzTAVI+tf8u7Om2sZv4jipTT4V5aeRJCI/k 7mQBy3+DTT0TnA0AvqkLVtibbf13AaqTFFxjlBJhDxHgllvK3qBbdRToCT3dZupV s0Mw4vKinfdD7JNnTTsRerT/Vd4Tvfgw59LbC3zgzbNjVfSTOdXsu0mBpEkxYUip YGvM00rVrQfflQxiiFb8MHpcWbX6QHnvpr6SyIHTN3255J6Vm3daNHfM6Msz6sU3 umX0SJS5SjJSSC8UHy3Z4U/6Wg2eqJblELnNlaobElhfqVmGcozYRakfaB3l9w/y k+UCx2gS0MnzY8+lm1NRMD4YoF05DR9A5QhKfWyArEtvNl8TCIehKq4wY7Trgv6x DExXeDLqu6ylG+6qLvll4StvFlbvtQKePRfAeB3NVA5TZk374fM=
=DDLt
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Sun, 2022-10-02 at 12:26 -0700, Steve Langasek wrote:

I heartily endorse ubuntu-release-upgrader, it has been useful in addressing uncounted upgrade issues over the years and I think something like this
would be a nice addition to Debian as well. Two caveats:

That thing is actually one of the main reasons I'm not using Ubuntu.

I expect properly maintained and upgradable packages, and not a hacky thing.


--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.maint.boot

On Fri, Oct 14, 2022 at 10:52:01AM +0200, Santiago Ruano Rinc�n wrote:

5. transitional packages along with a helper package (that fails or
success during install) to prompt the user so they add non-free-firmware >section when needed.

Is there any reason why you are not considering 5.?

The danger we're trying to avoid is that a system with a working
"something" (say, networking) gets upgraded, user reboots (or machine
crashes, or there's a power failure, etc, etc.), the working "something"
is now a not-working "something", and fixing it is really hard for the
user who has no idea what happened and maybe doesn't have a network or a console or whatever any more. A package that fails during install will
prevent the upgrade from completing, but will leave things in an
in-between state until some action is taken, the upgrade restarted, and
the upgrade manages to finish successfully. What happens if the reboot/crash/powercycle/etc happens during that in-between state? How do
you make a firmware helper package that reliably prevents a kernel
installation when the kernel doesn't have any dependencies on the
firmware package, and also doesn't yank out the old working firmware,
etc. I'm sure you can make the install explode, but making it reliably
explode at just the right time seems harder. I guess this could all
work, but I'm seeing a lot of potential for partial installs/failures
with this approach and I suspect this would require transition code in a
number of packages' preinsts, not a discrete "helper package".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)