ISO icon indicating copy to clipboard operation
ISO copied to clipboard

Published 20 hours ago verified publisher icon helloSystem

Installing Firefox pkg removes 116 packages

Open probonopd opened this issue 2 years ago • 7 comments

image

What is causing this?

Installing an app should NEVER mess with the base system.

probonopd avatar Feb 24 '22 18:02 probonopd

I think what is happening here is the following:

  • The base system was updated to have newer libraries than what the helloSystem repository contains
  • Installing Firefox from the helloSystem repository draws in those older libaries, and a result the package manager uninstalls everything that needs the newer versions of those libraries

I suspect that icu library is the culprit. It changes its major version number all the time...

Does this mean we need to remove the helloSystem pkg repository?

Or can we make sure that the helloSystem pkg repository ONLY contains the applications but NONE of the libraries? And use a patch similar to this?

probonopd avatar Feb 24 '22 18:02 probonopd

Point in case why the package manager for the operating system is a dangerous tool mainly intended for tech-savvy people (read: operating system developers) and should be totally separate from whatever is used to install end-user facing applications.

Linus Tech Tips ran into a similar issue using Linux, but Linux distributions have since reacted: https://twitter.com/linustech/status/1461748623926988808?lang=en

So it seems like if we add an external repo, then that external repo must always be updated whenever the FreeBSD repo is updated (e.g., quarterly). Since we don't want the burden to do this, we'll most likely need to do without a non-FreeBSD repo. The risk is just too high.

Unless someone shows us a way to mitigate the risk.

probonopd avatar Feb 27 '22 12:02 probonopd

Another example of this: https://github.com/helloSystem/hello/issues/161#issuecomment-1236103233

It seems like that after 1-2 quarters, installing new software with pkg can lead to pkg suggesting to REMOVE packages instead of pulling in the required upgrades. This is highly dangerous and makes pkg unsuitable for non-technical users imho.

probonopd avatar Sep 03 '22 11:09 probonopd

It seems like that after 1-2 quarters, installing new software with pkg can lead to pkg suggesting to REMOVE packages instead of pulling in the required upgrades.

There's not enough information to draw a conclusion.

grahamperrin avatar Sep 03 '22 14:09 grahamperrin

There's not enough information to draw a conclusion.

I never seem to have this information. How exactly can I gather the information needed?

probonopd avatar Sep 03 '22 16:09 probonopd

pkg -d install firefox

pkg -dd install firefox

pkg -ddd install firefox

– try increasing verbosity of debug output until you gain something that might help to understand the behaviour.

grahamperrin avatar Sep 03 '22 17:09 grahamperrin

Wow, this is useful to see what is going on inded. Thanks!

probonopd avatar Sep 03 '22 18:09 probonopd

We are now locking the hellosystem-essential-packages package, which depends on all packages that are installed by default on the Live ISO. This should hopefully prevent this kind of situations.

probonopd avatar Nov 25 '22 20:11 probonopd

Please: closed with which commits?

https://github.com/helloSystem/ISO/commit/8630218644d2a1d4f3ad1b7849b865f90f577c98 plus subsequent commits to https://github.com/helloSystem/ISO/blob/experimental/overlays/uzip/hello/files/usr/local/libexec/lock-hellosystem-essential-packages and the chroot "${uzip}" pkg lock line of https://github.com/helloSystem/ISO/blob/experimental/settings/script.hello?

grahamperrin avatar Nov 26 '22 09:11 grahamperrin

Exactly.

probonopd avatar Nov 26 '22 12:11 probonopd