Debian packages can run arbitrary code via “maintainer scripts” (sometimes shortened into “maintscripts”) during installation/removal etc. While they certainly have their use cases, their failure modes causes “exciting” bugs like “fails to install” or the dreaded “fails to remove”.
They also have other undesirable effects such as:
- Bugs in/Updates to auto-generated snippets require a rebuild of all packages (not to mention the obvious code-duplication in all packages).
- In case of circular dependencies[1] all having “postinst” scripts, dpkg will have to guess which package to configure first.
- They require forking a shell at least once for each maintscript.
- They complicate the implementations of e.g. detached chroot creation.
Accordingly, I think we should aim for a more declarative packaging style. To help facilitate this, I have implemented 3 tracking tags in Lintian.
- no-ctrl-scripts in 2.5.44
- ctrl-script in 2.5.44
- debhelper-autoscript-in-maintainer-scripts in 2.5.45
With these, we were able to learn that 73.5% of all packages do not have any of these scripts. But I can now also produce a list of helpers that insert the most maintainer script snippets. The current top 15 is:
- “dhpython” with 3775 instances
- This is an umbrella for all helpers using dh-python’s python module, see #827774.
- dh_installmenu with 1861 instances
- This will presumably drop as menu files should be replaced with desktop files.
- dh_makeshlibs with 1396 remaining instances
- This should be in rapid decline since we decided to replace its scripts with a dpkg trigger. Unfortunately, it can take quite a while until all of them have been rebuilt with a new version of debhelper
- dh_installinit with 1224 instances
- dh_python2 with 1168 instances
- dh_installdebconf with 772 instances
- dh_installdeb with 754 instances
- These are the dpkg-maintscript-helper snippets for “rm_conffile”, “mv_conffile” etc. Hopefully in the near future, dpkg will support these directly.
- dh_systemd_enable with 447 instances
- dh_installemacsen with 179 instances
- dh_icons with 165 instances
- dh_installtex with 137 instances
- dh_apache2 with 117 instances
- dh_installudev with 98 instances
- dh_installxfonts with 87 instances
- dh_systemd_start with 79 instances
With this list, it seems to me that some obvious focus areas would be:
- Replacing the python scripts (I presume it is the byte-code handling, but I have not looked at this at all)
- Migrating away from menu files
- Support enabling + starting/stopping/restarting a service declaratively.
- This might have a “hidden” requirement on declaratively creating service users if we want these packages to become truly “maintscript-less”.
Eventually we will also have to dig through all the “manual” maintainer scripts. But I think we got plenty to start with.
[1] For some, circular dependencies in itself is an issue. I can certainly appreciate them as being suboptimal, but most of the issues we have are probably caused by insufficient tooling rather than a theoretical issue (that is, if we remove all postinst scripts).
Filed under: Debhelper, Debian, Lintian
