[pve-devel] [RFC qemu-server] apt hook: warn against using 'upgrade' command

Fiona Ebner f.ebner at proxmox.com
Fri Sep 6 12:40:19 CEST 2024 

Many people will use 'upgrade' instead of 'full-upgrade' or
'dist-upgrade' (e.g. [0][1]) despite the documentation explicitly
mentioning 'dist-upgrade' [3]. Proxmox VE uses different packaging
guarantees than Debian and using 'upgrade' can lead to a broken
system [2].

The match is kept simple, to not accidentally catch things like
> -o 'foo=bar upgrade baz'
and trip up advanced users.

It does not catch invocations with '-y' either, making it less likely
to break automated user scripts. Although they should not use
'upgrade' either, it still would be bad to break them. If the risk is
still considered too high, this change should wait until a major or
at least point release.

To avoid false positives, it would be necessary to properly parse
options, which is likely not worth the effort.

A downside is that the hook is only invoked after the user confirms
the upgrade, but there doesn't seem to be an early enough hook entry
(DPkg::Pre-Invoke is also too late). Since this is just an additional
safety warning to guide new users, it should still be good enough.

[0]: https://forum.proxmox.com/threads/150217/post-680158
[1]: https://forum.proxmox.com/threads/140580/post-630419
[2]: https://www.reddit.com/r/Proxmox/comments/ujqig9/use_apt_distupgrade_or_the_gui_not_apt_upgrade/
[3]: https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#system_software_updates

Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
 debian/apthook/pve-apt-hook | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/debian/apthook/pve-apt-hook b/debian/apthook/pve-apt-hook
index 47629bc..b41d0fe 100755
--- a/debian/apthook/pve-apt-hook
+++ b/debian/apthook/pve-apt-hook
@@ -55,6 +55,14 @@ my $blank;
 while (my $line = <$fh>) {
   chomp $line;
 
+  if ($line && $line =~ m/^CommandLine::AsString=apt(-get)?%20upgrade$/) {
+    $log->("!! WARNING !!\n");
+    $log->("Using 'upgrade' can violate packaging assumptions made by Proxmox VE. Use 'dist-upgrade' instead.\n");
+    $log->("\n");
+    $log->("Press enter to continue, or C^c to abort.\n");
+    $cleanup->(0, 1);
+  }
+
   if (!defined($blank)) {
     $blank = 1 if !$line;
     next;
-- 
2.39.2

More information about the pve-devel mailing list