Installing Firefox pkg removes 116 packages

[probonopd]

What is causing this?

Installing an app should NEVER mess with the base system.

[probonopd]

I think what is happening here is the following:

• The base system was updated to have newer libraries than what the helloSystem repository contains
• Installing Firefox from the helloSystem repository draws in those older libaries, and a result the package manager uninstalls everything that needs the newer versions of those libraries

I suspect that icu library is the culprit. It changes its major version number all the time...

Does this mean we need to remove the helloSystem pkg repository?

Or can we make sure that the helloSystem pkg repository ONLY contains the applications but NONE of the libraries? And use a patch similar to this?

[probonopd]

Point in case why the package manager for the operating system is a dangerous tool mainly intended for tech-savvy people (read: operating system developers) and should be totally separate from whatever is used to install end-user facing applications.

Linus Tech Tips ran into a similar issue using Linux, but Linux distributions have since reacted: https://twitter.com/linustech/status/1461748623926988808?lang=en

So it seems like if we add an external repo, then that external repo must always be updated whenever the FreeBSD repo is updated (e.g., quarterly). Since we don't want the burden to do this, we'll most likely need to do without a non-FreeBSD repo. The risk is just too high.

Unless someone shows us a way to mitigate the risk.

[probonopd]

Another example of this: https://github.com/helloSystem/hello/issues/161#issuecomment-1236103233

It seems like that after 1-2 quarters, installing new software with pkg can lead to pkg suggesting to REMOVE packages instead of pulling in the required upgrades. This is highly dangerous and makes pkg unsuitable for non-technical users imho.

[grahamperrin]

It seems like that after 1-2 quarters, installing new software with pkg can lead to pkg suggesting to REMOVE packages instead of pulling in the required upgrades.

There's not enough information to draw a conclusion.

[probonopd]

There's not enough information to draw a conclusion.

I never seem to have this information. How exactly can I gather the information needed?

[grahamperrin]

pkg -d install firefox

pkg -dd install firefox

pkg -ddd install firefox

– try increasing verbosity of debug output until you gain something that might help to understand the behaviour.

[probonopd]

Wow, this is useful to see what is going on inded. Thanks!

[probonopd]

We are now locking the hellosystem-essential-packages package, which depends on all packages that are installed by default on the Live ISO. This should hopefully prevent this kind of situations.

[grahamperrin]

Please: closed with which commits?

https://github.com/helloSystem/ISO/commit/8630218644d2a1d4f3ad1b7849b865f90f577c98 plus subsequent commits to https://github.com/helloSystem/ISO/blob/experimental/overlays/uzip/hello/files/usr/local/libexec/lock-hellosystem-essential-packages and the chroot "${uzip}" pkg lock line of https://github.com/helloSystem/ISO/blob/experimental/settings/script.hello?

[probonopd]

Exactly.