[pve-devel] [RFC qemu-server] apt hook: warn against using 'upgrade' command

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Sep 9 09:48:11 CEST 2024


> Thomas Lamprecht <t.lamprecht at proxmox.com> hat am 06.09.2024 18:58 CEST geschrieben:  
> Am 06/09/2024 um 12:40 schrieb Fiona Ebner:
> > Many people will use 'upgrade' instead of 'full-upgrade' or
> > 'dist-upgrade' (e.g. [0][1]) despite the documentation explicitly
> > mentioning 'dist-upgrade' [3]. Proxmox VE uses different packaging
> > guarantees than Debian and using 'upgrade' can lead to a broken
> > system [2].

just a slight nit here: you should only end up with a broken system if we miss properly tracking some inter-package relationship. it can happen happen (and probably does, from time to time), but in the vast majority of cases "apt[-get] upgrade" should at most leave you stuck with an outdated system (with APT telling you that there are still packages to be upgraded), not a broken one. we did get a lot better about accounting for these things over the past few years (but of course, we don't have anywhere close to the infrastructure that Debian has for automated tracking and testing).

> > The match is kept simple, to not accidentally catch things like
> >> -o 'foo=bar upgrade baz'
> > and trip up advanced users.
> > 
> > It does not catch invocations with '-y' either, making it less likely
> > to break automated user scripts. Although they should not use
> > 'upgrade' either, it still would be bad to break them. If the risk is
> > still considered too high, this change should wait until a major or
> > at least point release.
> > 
> > To avoid false positives, it would be necessary to properly parse
> > options, which is likely not worth the effort.
> > 
> > A downside is that the hook is only invoked after the user confirms
> > the upgrade, but there doesn't seem to be an early enough hook entry
> > (DPkg::Pre-Invoke is also too late). Since this is just an additional
> > safety warning to guide new users, it should still be good enough.
> > 
> > [0]: https://forum.proxmox.com/threads/150217/post-680158
> > [1]: https://forum.proxmox.com/threads/140580/post-630419
> > [2]: https://www.reddit.com/r/Proxmox/comments/ujqig9/use_apt_distupgrade_or_the_gui_not_apt_upgrade/
> > [3]: https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#system_software_updates
> > 
> 
> yeah, it's something I considered here and then but never pulled through,
> as it just somehow doesn't feel right...
> 
> But it's definitively a real problem, and so I surely won't block this on
> the basis of some gut feeling, I'd rather like to hear Fabian's opinion on
> it.

given that I also use `apt upgrade` from time to time (habit from being an unstable user ;)), and that it might alienate power users coming from Debian, I'd prefer this to be a non-interactive warning with the text "disarmed" a bit?

something like

!! WARNING !!
Since Proxmox VE follows a rolling release model, using 'upgrade' can lead to a system being stuck on outdated versions, or in rare cases, break upon upgrading. Use 'dist-upgrade' or 'full-upgrade' instead.
!! WARNING !!

with or without a prompt (it's a pity that the hook is not executed with the config before the regular confirmation prompt, else we could just depend on that)?




More information about the pve-devel mailing list