From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7146503320914362368 X-Received: by 2002:a05:600c:1da2:b0:3b4:856a:162c with SMTP id p34-20020a05600c1da200b003b4856a162cmr20392445wms.28.1664176183259; Mon, 26 Sep 2022 00:09:43 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:490a:0:b0:225:6559:3374 with SMTP id x10-20020a5d490a000000b0022565593374ls10899239wrq.2.-pod-prod-gmail; Mon, 26 Sep 2022 00:09:42 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7U00Y8mAdkURa3fvI5xyGIlbtAoxQTN8MbzMDYnwHcXhj3fi2/KY2nOqkqNk/b2fvOtuWI X-Received: by 2002:a5d:6d0f:0:b0:228:e075:b148 with SMTP id e15-20020a5d6d0f000000b00228e075b148mr11818150wrq.156.1664176182070; Mon, 26 Sep 2022 00:09:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1664176182; cv=pass; d=google.com; s=arc-20160816; b=f/w6Hnnyh/4o5c2t0cGPE74e4JCOS3OsH/X21EkjZxQY9XuQCTG6+LGS5jyRr1BwSW VfYhqhODyYjWSvHU28IN1wHo0fy8Dd8UxQn9NKf0JfaWMktbdZTsbx/6buLaGJGlE5ER H/LSJpjvpaKDjHd0THkYyuv16HhNgVcEncvaDoIB8aFVnYynPZOPfrHthvHqnWegZWMD 5aZH7lIaYdSnBXGKKNfcR7n+TArbkb3Rr6jOYoil4RWToW1F/E+8VZ5zGGQDr9b01Z7d j4DfH/VpYL2vOinmct5AsEObaj0EOKppCU4oYNNK29V4n8zqoX4+csxc2kXLtSTPXo9x 7WoA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:subject:cc:to:from:date:dkim-signature; bh=dF081DhUhb6xl2ESIOKlsD8D3kBI35F10voqPkINSN4=; b=DhlffkWuTHMgQ6elejaWLpAr3js9DV4+FdFMEL5S8I54FOt2JMwsRBAYJ1k/bYVRZa z8APi5pwM9vitvWu3liTzrKmIbEnvoDsKKdoMy6jO2CUzTZHF/Ai5wgnrYH6EhOFGsh/ 1zE3wkpIfYYMVYhbEcQyqNE+z0E9sSjrmNWkfBDCGmkzA105oFhxXZYZdmKNisO4XmJ6 QtUYK2z7tDg+EfRikR5tkMDyaZq+nFwE32KEk3iQfdn5HJxgnXhaqzwDZUegU5buDr7z xwVsQWEvLj65HXnAyS0jbr1sIfACFt6QcoZLaHE0PhpMfrfeGl0huef1UiNONBqk4zW4 9T8Q== ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=PvJgjvwR; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.7.84 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70084.outbound.protection.outlook.com. [40.107.7.84]) by gmr-mx.google.com with ESMTPS id m188-20020a1ca3c5000000b003a6787eaf57si460226wme.2.2022.09.26.00.09.41 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Sep 2022 00:09:42 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 40.107.7.84 as permitted sender) client-ip=40.107.7.84; Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=PvJgjvwR; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of henning.schild@siemens.com designates 40.107.7.84 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NnUan1I24XyF4Fcqg1q+wfKcxSAwo+WGp2JyY9gpb4xcmH+g+emCNxanMm0BxjUztTiRowTpNdiXlyxnFOHM8KsHAlKAsbOLLEgN6tMQ6X7AePGYj2ujox703BI3NuOp12/63ynAG2BSHgZ0tkKtFpwRyBX5h21XD5qyV5fQeqrstlFE9uuKoh9JLkEc3wB/1PqK0bDQAkRRdX0PRaJYFLlHrP27UD88yZk06oL483gQNJ4rzwBlEp0AZvJLoynrmNB2mNkJrUPN5l6nfB/XhToWlf8N0L0thqsLkpuCUqPSLJMBYpMj2a+Aej4C/GvJ0P5j3nH2ecZ3N578I3pxgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dF081DhUhb6xl2ESIOKlsD8D3kBI35F10voqPkINSN4=; b=Xk5htlKRr63CSjVWV4wvw4faZi7jOhZ5JAHId4KDg6X8IRKcIN5fEiJgI7ncWtKSqKd2m01f8GoK2tyPU4n5Mf3ukT1GpJrQOPNOLGALCxzzV5d8SX+3y4OHBehIZnr9ppt4/AlEpAZHTyvVO3UqbfldhYEobi5ye6ioaIw1J3Y2pMUYk9H+hO2JRovf+rqmGbr8EqSd+WNnrHe/Qx5di+IL2OUVlqAqVHM3yNTCnw+SEs+p9UM2xqnPSD4H818pA2vJSP9HBvQdTZAeepbvJr8l0dLudUZP1u7qDKMQKs4cPzTKFoFFkFyjcdTeo/w7spwe89QE0Vkbzv0K4NUPig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dF081DhUhb6xl2ESIOKlsD8D3kBI35F10voqPkINSN4=; b=PvJgjvwRMjkUR8aoLGGJcQV8YoBvX9nqZR/0vKoSeE59fFPd3tpy52GCEbvlSV3gKhFPMcqx/CL5IlAWgPfkU0pQ5FZsX6ud1xadPiDqs5MvAMtVZKoRGYE8zBnxyMaQlUAPrg48wJmRDEEH6M2QOvFmTM1KbtusbTiYrmL8oxBwNVPVzQkzvDmdfrCDGQVVHekS1bqxl2mMYBycBKs3v08lpRYbWlExhZ6GnD/4eTwcp/CYHM6iwkZ4CY+PLcjxdMNcEzVv2mdZBU+6i3+PWcSNxcmDFGAuNwG+oLnjWd4UXySH4afI635/SM1KcdVpFuRkOR6RCSJoEZRoWpF0/Q== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com; Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) by DB9PR10MB6353.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:3c7::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.25; Mon, 26 Sep 2022 07:09:40 +0000 Received: from PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::e4a0:49e4:2152:11b1]) by PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM ([fe80::e4a0:49e4:2152:11b1%7]) with mapi id 15.20.5654.024; Mon, 26 Sep 2022 07:09:40 +0000 Date: Mon, 26 Sep 2022 09:09:36 +0200 From: Henning Schild To: "Roberto A. Foglietta" Cc: isar-users@googlegroups.com Subject: Re: apt-mark hold package within postinst Message-ID: <20220926090936.73382d26@md1za8fc.ad001.siemens.net> In-Reply-To: References: <20220923125648.798e010a@md1za8fc.ad001.siemens.net> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.34; x86_64-pc-linux-gnu) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ClientProxiedBy: FR0P281CA0069.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:49::22) To PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:269::8) Return-Path: henning.schild@siemens.com MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PA4PR10MB5780:EE_|DB9PR10MB6353:EE_ X-MS-Office365-Filtering-Correlation-Id: d9a48eae-9deb-4f15-974b-08da9f8e1494 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: titY0q8aKNfgBUSFVE7u6nEGCHxor+VcRZEfRXL8VNqMDxv88NUsZTu+HblpGcM9xQ5hbneXhMJkui7k1tlBPUO/6NjmZPRMTVIliza+d0vEpuVxPkpC8MM6X+6Fkao/HDisy0sAhamOp5lA3HmnbZGonYOq7bqpswyvs6FvqdA4OcKziY1ag0cOzukMvj+f5YGauUSRxT30zg6GdSqYI7jGUBN5fprRz+xdEKsIb4uqhLbGFIuwd5dD7mx4V29t3PDOQToPvQdjBpsMvi5zvTFZpolcuozti8JCf7TML2mRsidgEETRQaIxrxkOPpnr90NfxERyfCn+l+81/BpAgigOyIMqsaHDZ2qv3kJGu1a08ofNALJ5cBKA0pLdKSK/i+Lv7bsJ7allP5EyEVOrgQxRRsXOwm7RVAu8nqDNIYEA0mT4GnVlIRHuVDqOgLwoMSc+6b5OMZ0sbzSNAJJbdKZaKzt/Gf9mcu7+KPxEr4/jF3aJyc892+iXvEpVnHwonA7BLt/5bBwcixG2xDWShpAEiBpVCXL6aikUowt7yRRDEuROTTPVjtlx2hBJhZM7GfH/X1Wv4yyk4qwiR1fgAmZvK/kT1e2bGiqMAS52YLMbJtj/Lcwu7B62JSDlasLXu+OzVOoP925ic6oQq9uDMTx0oqcgOoqB3QNrAOZ+P73TkdvUdEJ23azbYb7JywshUbAQSoXJuwpz3rYCPhxwtQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230022)(4636009)(136003)(39860400002)(376002)(366004)(396003)(346002)(451199015)(478600001)(6506007)(6486002)(41300700001)(6666004)(83380400001)(9686003)(186003)(1076003)(5660300002)(2906002)(6512007)(44832011)(6916009)(66476007)(8936002)(66556008)(66946007)(4326008)(8676002)(316002)(66899012)(82960400001)(38100700002)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?z5gim+IraZwICf2+kTR0YacC6priL0hWe4qzAL7twU3deEInRAMqgymzIAXN?= =?us-ascii?Q?YIsSrdfxaKlQXix3VV+Qyps/OgmyGHtWRK8yjgY5am3M93KDQCkRJ+mFWEm2?= =?us-ascii?Q?z0FwmPbBIi8ZbgyJ42hbXXeSZ4Hop96LsgIpJx5cRW3Nj/eaXMCFMA9fZ2wW?= =?us-ascii?Q?VPEzAs+wCYeovU8vLye+mQBKJFybIbHCPXvwYNCfoeNVaom+yU93/CIljmyv?= =?us-ascii?Q?ATzPiFFO7SS3jBWJwkmFx5tRC64I5qNsThiCrGOVUREcfNaI5NyByPtsMZin?= =?us-ascii?Q?1s7/fg8x1vC14a/AHsyJtsnZOl1VLRiXmBorZdZor5XtVCkdp+R0LRMsCGhT?= =?us-ascii?Q?R5YF1iO/21eO60I8hH6vTBmkjcrik+k6cAXyKbyD0sHLaBicqCGwI0VDTcap?= =?us-ascii?Q?UKz6TXF177POC0xyDFiyIIGFqz9jZSbtrtM3o0RB0uJaR9VISQOxEpP4iB+Q?= =?us-ascii?Q?QmylUjpGr1OhsXbNvsNQ6tWEgqif9Md2NxwVlsDo+9wpeJASxb7xFaCYmENM?= =?us-ascii?Q?bqTAthLbvk1bxlx60n9vu7CgFMZo4JXaE8zfyi5p7dDQQFG0SRXP2K6ngqYT?= =?us-ascii?Q?ZgB3GqcvJKw8pBvw7JOr/5JGvnlWl76gU9rb1pxCtRv0f3CS5NtUsnVk/73S?= =?us-ascii?Q?ORQuzPdTOKFG7WU2+Yb8bcrQPUSFQ3priGDIdj6jKuHEAVSNpJKYSiZIDvQf?= =?us-ascii?Q?1pPnOmp4LghCGG80ubvWizqFW/bCj+QBKefLrDH+VEiiDv1xUzzYFSPgy2bC?= =?us-ascii?Q?R+zyb9YBUsI+VLxSAdc/pzFqDSB2pMkrF5AqCA2KiqVWHOMLI7e47fLseD4S?= =?us-ascii?Q?uNM4jOIBVYNZJvF4x0XAkBFXFulgfOF36M0p7zDQF9e4KSUnAuzwQ5qAebok?= =?us-ascii?Q?TGEPCWOWb1R+zMk6TQlA4KBJUfTEOSeGdKwhQ6zI1CcQD6frgCc9SMTvCuD3?= =?us-ascii?Q?sokE9oleBshGR4c1wqFtsnBmn49tXSdztr3EaHfkuFz/iorRa94fDD9C/GPo?= =?us-ascii?Q?toj18w9R91v2xJ6jRCB8BQFQ5KhBPwLnIqIATsc0uGc0bRXmiiDOE+wFnW6k?= =?us-ascii?Q?qmkDyHfEoQY/wr/GfaNdLi8IBqarQqnm0L1J2G3nL+q/cJa4V+VMFjn1P3aH?= =?us-ascii?Q?VYRTLch8T/Ga9KeHmAGUvKHI3TZq4mALI/t3n4pGeGnVFsHpjOKvlVnNo4sI?= =?us-ascii?Q?hQGsrGjdz0P8AaRnO7OphK49BYIxdM0/0NOGkjqktc1xBRwpTSUJ003RAnUZ?= =?us-ascii?Q?aEN8flhGjlxQRKs/iaTYOOEOpNaN7ohYYiwrPVCucCjqxGlXZc9vCdTDOMMe?= =?us-ascii?Q?wqBkEeHbppJHW6+cNSDDTlzuSUWzeO809bYKhpCDtQO2t8xyxMghC8p+fd+P?= =?us-ascii?Q?oyDh40SIcRueQbJF8UB86Q1wPrKbaWffW5DlTBVTyStw9rMR9cIx902/dzsp?= =?us-ascii?Q?q46ORI3iOhCOjsWtHIolKP1u6S0u+SNih36KoERGKM7I8fRbTyYybNlzJnxd?= =?us-ascii?Q?AN6yn0G0mbnv+oyKJOmSbHiBmaqToU8i03dWTuNLT/O30xQTPNHQcvq7NzIC?= =?us-ascii?Q?3HcfB+DnmAAE4K6r50Y8829FMsut18wn1VRP615QUYunbAesRK4VzcyG44ny?= =?us-ascii?Q?HH9Twp+b1A/dq3xjdPj4TaDm/IEzB1YXXJJOFatkRjysJDgGFtLxp/xeQ9cz?= =?us-ascii?Q?KKPipQ=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d9a48eae-9deb-4f15-974b-08da9f8e1494 X-MS-Exchange-CrossTenant-AuthSource: PA4PR10MB5780.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Sep 2022 07:09:40.7988 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: VkWYMogG53FxpA6qOTW7RtBtUELmf/yktKjY+Qg8S46X96Q3dg/LiabDMI0Z0QXVQ3XdrLUXkmz4MgiBcYFh8Yijgi4m9fhiPRUg4VZL3s0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR10MB6353 X-TUID: bKRVkQCDgW5R Am Sat, 24 Sep 2022 22:53:22 +0200 schrieb "Roberto A. Foglietta" : > Il Ven 23 Set 2022, 12:56 Henning Schild > ha scritto: > > > Am Fri, 23 Sep 2022 11:58:53 +0200 > > schrieb "Roberto A. Foglietta" : > > > > > Il Ven 23 Set 2022, 11:22 Roberto A. Foglietta > > > ha scritto: > > > > > > > Hi all, > > > > > > > > .deb repackaged should not upgrade with any external source so > > > > they should marked on hold. Easy but not possible to do within > > > > postinst obviously. Not in a straight way, at least. Am I wrong? > > > > > > > > I you rebuild you should add some suffix to PV > > > > CHANGELOG_V ?= "${PV}+roberto" > > > > During installation of isar itself your rebuilt package will win > > anyways. Make sure to add it to IMAGE_INSTALL instead of > > PREINSTALL, or make sure to have a bitbake DEPENDS if it comes in > > via a debian dep chain. > > > > But during lifetime any apt-get upgrade could replace yours when > > debian brings an update. To deal with that it is best to deploy a > > preferences file with some dpkg-raw configuration package. > > > > roberto-pin_0.1.bb: > > inherit dpkg-raw > > do_install() { > > echo -e "Package: *\nPin: version *+roberto*\nPin-Priority: 1000" > > > ${D}/etc/apt/preferences.d/${PN} > > } > > > > With this all packages that have the roberto suffix will become > > non-replaceable ... unless someone uses that same suffix. > > > > Generally you want to try and mainline all your changes to avoid > > local rebuilds. > > > > Another trick would be an empty package that conflicts with anything > > greater than "${PV}+roberto", that should also prevent updates. Not > > sure which way is better. > > > > We mostly build images that are replaces as a whole and will not get > > much "apt-get" during their life. Note that kernel updates with > > apt-get will not easily work in an isar built image. It will depend > > on your bootloader whether it might work, and you might have to add > > scripts that update bootloader configs after kernel install. > > > > Dear Henning, > > first of all, thank you for your explanation. I think about it and I > arrived to the conclusion that your solution is good but top > definitive for my need/goals. > > The problem is 1. that even wintout any update available the original > packages are seen as updates and That should not happen, if it really does we need to fix that. When the rootfs gets its packages installed all the ones build with isar should have higher prio even if one is a rebuild that did not increase the PV. Maybe you can send an example where that does not work as expected. > 2. I wish to avoid that the user > upgrade the repackaged packages installing the dependencies I removed. > > However, I am not interested in make their upgrade difficult. > Probably, I will keep only hold the packages at the installation but > even remove the holding as configuration. If you system is really closed/embedded but somehow open for someone to install updates and additional stuff ... i would again like to really stress that rdep removal is a really bad idea. You will not know what people do and you seriously break their assumptions if they think they deal with debian/ubuntu. Do only modify that debian for a really good reason! You could see with the removed man-pages and than "jre" can not be installed anymore. > Just a way to avoid that kids break up the system just with a basic > admin operation without further complications. That sounds like security might be your reasoning to remove some packages. Installing less naturally decreases the attack surface, but the removal also can have a negative impact on the availability ... also security. Software stacks are simply large and keep growing. You might want to consider apparmor or selinux instead of ripping out bits without a concrete problem. Debian will handle CVEs just fine for you, if you mess with it you rather risk that their updates will not fit on your modified system. Henning > Best regards, R-