retire options support

[anarcat]

unattended-upgrades does not need special configuration to dpkg
for proper operation. It handles those itself. All this does is
changes the dpkg configuration for other dpkg runs.

This will, for example, affect major upgrades, typically done by hand,
and not unattended-upgrades, which was not designed for that
purpose. In those cases, unsuspecting users will see their old
configuration file versions silently kept in place, which most
definitely will break things on upgrade, rather noisily in the
end.

People unfamiliar with this mechanism will have a hard time figuring
out what has happened, and while recovery is possible, it is tricky
without special tooling. I wrote such a tool here:

https://gitlab.com/anarcat/koumbit-scripts/-/blob/master/vps/clean_conflicts

... but it not well known and definitely not shipped with Debian by
default.

While it is nice that the unattended-upgrades module allows users to
change dpkg options, this can be more easily (and directly) done with
the apt::conf parameter in the first place.

This reverts commit 3a4abe4 and
possibly later ones when the options type was introduced.

This Pull Request (PR) fixes the following issues

Reverts #52.

[anarcat]

one problem with that PR is that it doesn't cleanup after itself: the options code is removed but the 10options file itself is kept in place, so it won't actually have any effect.

A better approach might be to deprecate the setting, and change the default. Then, eventually, that code could be ripped out.

I mostly opened this as a basis for discussion. To really have the changes take effect, something like:

file { '/etc/apt/apt.conf.d/10options':
    ensure => absent,
}

... would be required.

[anarcat]

another alternative here is, of course, to override the default options:

class unattended_upgrades {
      options                => {
        # default in debian is "true", but is implicit
        # puppet module upstream defaults this to true, excplicitely
        'force_confdef'  => false,
        # default in debian not in puppet module upstream
        'force_confold'  => false,
        # default in debian and puppet module upstream
        'force_confnew'  => false,
        'force_confmiss' => false,
      },
}

... and this could be a more minimalist PR to restore proper behavior here. but it has the disadvantage of forcing that policy change on people. this, arguably, would be better than silently stopping to manage a file.

it could be a stepping stone towards deprecating the code as well.

[kenyon]

Agreed that this module should not be messing with these dpkg options.

[anarcat]

Opinions on how best to roll it back?

[kenyon]

On 2021-08-15 17:19:16, Kenyon Ralph wrote: Agreed that this module should not be messing with these dpkg options.
Opinions on how best to roll it back?

I haven't looked into it too much, but the revert you have here seems good to me, plus removal of /etc/apt/apt.conf.d/10options.

[anarcat]

another alternative here is, of course, to override the default options:

i rolled this out alongside a deprecation in #191. please review. this PR can be kept for the future deprecation...

[anarcat]

should i revive this now that the deprecated options has been around for a while?

[kenyon]

should i revive this now that the deprecated options has been around for a while?

Yes I think so. It would mean another major release, so it would be good to combine with other breaking changes if possible. At least rebasing and resolving the conflicts at this point would be good, so this can be ready to merge.

[anarcat]

i've rebased this and i think it's basically ready to ship as soon as CI is up.