Bug#924662: marked as done (apt: vendor/getinfo can misdetect parent of Ubuntu derivatives, causing unsatisfiable dependency)

To: Julian Andres Klode <jak@debian.org>
Subject: Bug#924662: marked as done (apt: vendor/getinfo can misdetect parent of Ubuntu derivatives, causing unsatisfiable dependency)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 18 Jun 2019 14:15:10 +0000
Message-id: <[🔎] handler.924662.D924662.156086716719128.ackdone@bugs.debian.org>
Reply-to: 924662@bugs.debian.org
References: <E1hdEqq-000GGM-7Y@fasolo.debian.org> <20190315152142.GA19347@espresso.pseudorandom.co.uk>

Your message dated Tue, 18 Jun 2019 14:12:44 +0000
with message-id <E1hdEqq-000GGM-7Y@fasolo.debian.org>
and subject line Bug#924662: fixed in apt 1.9.0
has caused the Debian Bug report #924662,
regarding apt: vendor/getinfo can misdetect parent of Ubuntu derivatives, causing unsatisfiable dependency
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
924662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924662
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apt: vendor/getinfo can misdetect parent of Ubuntu derivatives, causing unsatisfiable dependency
From: Simon McVittie <smcv@debian.org>
Date: Fri, 15 Mar 2019 15:21:42 +0000
Message-id: <20190315152142.GA19347@espresso.pseudorandom.co.uk>

Package: apt
Version: 1.6~rc1
Severity: normal
Tags: patch

Steps to reproduce:

* Configure base-files for an Ubuntu derivative
* Don't add your Ubuntu derivative to apt's vendor/ (in my case this was
  done to minimize the number of packages with delta, so that we can pull
  in apt security updates more easily)
* Build apt on a filesystem with non-deterministic readdir() order

Expected result:

* The first loop in getcurrent(), looking for an exact match, doesn't find
  our derivative
* The second loop in getcurrent(), looking for an ancestor that's neither
  Debian nor Ubuntu, doesn't find an ancestor for our derivative
* The fallback test for Ubuntu returns "ubuntu"
* My apt depends on ubuntu-archive-keyring

Actual result:

* The first loop behaves as expected
* The second loop behaves as expected
* In my case, the fallback test for Ubuntu returns "tanglu"
* My apt depends on tanglu-archive-keyring, which isn't in my derivative

This can fail for two reasons:

* find(1) doesn't guarantee to list distros in alphabetical order;
* in future there might be a distro that sorts later than ubuntu,
  although right now there is no such distro

I actually found this bug in Ubuntu 18.04's apt 1.6.8, but this script
seems to be identical in 1.8.0, so I'm reporting it as present in their
newest common ancestor.

Proposed patches: https://salsa.debian.org/apt-team/apt/merge_requests/55
or attached.

Regards,
    smcv

--- End Message ---

--- Begin Message ---

To: 924662-close@bugs.debian.org
Subject: Bug#924662: fixed in apt 1.9.0
From: Julian Andres Klode <jak@debian.org>
Date: Tue, 18 Jun 2019 14:12:44 +0000
Message-id: <E1hdEqq-000GGM-7Y@fasolo.debian.org>

Source: apt
Source-Version: 1.9.0

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 924662@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 17 Jun 2019 11:36:56 +0200
Source: apt
Binary: apt apt-dbgsym apt-doc apt-transport-https apt-utils apt-utils-dbgsym libapt-pkg-dev libapt-pkg-doc libapt-pkg5.90 libapt-pkg5.90-dbgsym
Architecture: source amd64 all
Version: 1.9.0
Distribution: experimental
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - transitional package for https support
 apt-utils  - package management related utility programs
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.90 - package management runtime library
Closes: 275379 439121 905141 924662
Changes:
 apt (1.9.0) experimental; urgency=medium
 .
   [ Julian Andres Klode ]
   * CMakeLists.txt: Bump C++ standard version to C++14
   * debian: Update to debhelper-compat (= 12)
   * debian/rules: Do not use dh_install --list-missing (dh 12 porting)
   * Remove all the deprecated bits, merge various function prototypes together
   * prepare-release: Add merge-translations command
   * Use system-provided triehash
   * CI: Use unstable for now, as we need triehash package
   * Tighten dependencies from apt and apt-utils on libs
   * Add test case for local-only packages pinned to never
   * acq: worker: Move CurrentSize, TotalSize, ResumePoint to CurrentItem
   * apt-helper: Support multiple hashes for a file
   * Add 'explicit' to most single argument constructors
   * Get rid of pkgExtract and pkgFLCache
   * Merge libapt-inst into libapt-pkg
   * Use debDebFile to get control file instead of dpkg-deb
   * prepare-release: Add bump-abi command
   * Change soname to libapt-pkg.so.5.90
   * CMake: Enforce "override" use on overriden methods
   * debmetaindex: Use isspace_ascii() variant to normalize Signed-By
   * README.md: Quote -j <count> as code with backticks
   * apt-mark: Add hidden showheld alias for showhold
   * Mnor wording improvements in documentation
   * Make APT::StringView public, replace std::string with it in various places
   * Introduce apt satisfy and apt-get satisfy (Closes: #275379)
   * Run unifdef -DAPT_{8,9,10,15}_CLEANER_HEADERS
   * Adjust code for missing includes, and using std::string
   * Bump cache MajorVersion to 16
 .
   [ Corentin Noël ]
   * Add pkg-config files for the apt-pkg and apt-inst libraries
     (Closes: #439121)
 .
   [ Simon McVittie ]
   * vendor/getinfo: Iterate through vendors in lexicographic order
     (Closes: #924662)
   * vendor/getinfo: Don't assume that Ubuntu is the last vendor
     (Closes: #924662)
 .
   [ Martin Michlmayr ]
   * Perform minor copy-editing on the docs
 .
   [ Ivan Krylov ]
   * Mark apt-transport-https as M-A:foreign (Closes: #905141)
 .
   [ David Kalnischkies ]
   * Don't limit cpu-limited queues to at most 10
 .
   [ Stephen Kitt ]
   * apt-cache: only show solutions if displayed
 .
   [ Brian Murray ]
   * Do not include squashfs file systems in df output. (LP: #1756595)
 .
   [ Simon Körner ]
   * http: Fix Host header in proxied https connections
Checksums-Sha1:
 d3336d9054d151284f9cec27df236b34e307f1d5 2734 apt_1.9.0.dsc
 e0d0ab99d27d235b00269ef5e3b9e3a5030ef459 2162280 apt_1.9.0.tar.xz
 11851adb5acfa9d4ee6a70d1b94e4f4d079e7efb 6592624 apt-dbgsym_1.9.0_amd64.deb
 f3e951e88661c5050068560194aea80f02835069 379204 apt-doc_1.9.0_all.deb
 9741b56fae0f9c8c32c4358e125365e204f5d961 149888 apt-transport-https_1.9.0_all.deb
 729a0c4c11432e205031773dcd3ac1701d7c0214 1777380 apt-utils-dbgsym_1.9.0_amd64.deb
 8ada5867d7ed53519cde5b0780d4e3eedf6aaf8b 421928 apt-utils_1.9.0_amd64.deb
 5cffa25475fcc2a4ab17c316e7ef0f843fe54454 11336 apt_1.9.0_amd64.buildinfo
 9b89aa931b35b14ab0c7f609d10a8d9489d8ba6d 1422016 apt_1.9.0_amd64.deb
 2f5eda61be0ec5cc143a707f2af98ca582b386d3 241312 libapt-pkg-dev_1.9.0_amd64.deb
 f3e3ee7af36847e13b44f9d1014b56efea0ede13 1009204 libapt-pkg-doc_1.9.0_all.deb
 f2421ffbf22809be070fe3e42a1b48a9abd6aa58 9179732 libapt-pkg5.90-dbgsym_1.9.0_amd64.deb
 ba157c7860d20be3a5bacd80e88db913cab107c2 966748 libapt-pkg5.90_1.9.0_amd64.deb
Checksums-Sha256:
 e2025401d093aed69c9c860a7791d8f7244fbdc26e6751747b670d5134053b2d 2734 apt_1.9.0.dsc
 a77d9b24eebe980ee6612549d9994ecc4cc91a525bd42e0d8f4755a2140105ae 2162280 apt_1.9.0.tar.xz
 0df80b5a9d7ddda846cfb46a14d3f1334505cd4a844e2b594cc5a41c5599251f 6592624 apt-dbgsym_1.9.0_amd64.deb
 1af6379342c3eeae0f89a428ea732e1015e2c9b2b226f70acda851316ee87a0b 379204 apt-doc_1.9.0_all.deb
 80fe3528eac9d68d3be1da8de0648c346eab23ec1a10517dffb1e895f5db01aa 149888 apt-transport-https_1.9.0_all.deb
 0bcfa4a4f40409cf7de0219a5aaa5c37434a2d2b0802c6de45133bac14fdde62 1777380 apt-utils-dbgsym_1.9.0_amd64.deb
 9a21c0a0540e948fce03956c0eb48842f0341bdc7afd98f1610d30b465ae63f8 421928 apt-utils_1.9.0_amd64.deb
 1aada4769cded93b8517c6f776b70283c935e50c3317674d2f7327dfe9c9af7b 11336 apt_1.9.0_amd64.buildinfo
 051af9d36e805fc6ab9b188c2e1e7e8eef1a4b65af68f001bb1fc94e17f62995 1422016 apt_1.9.0_amd64.deb
 960deb23a21c42101456ea34a2ec976f845b91a2393f082b6114076716f3b6d3 241312 libapt-pkg-dev_1.9.0_amd64.deb
 6018e7814e6095d4c87fa3732b4680b4cfe7522207acb34cae2b32524fddc571 1009204 libapt-pkg-doc_1.9.0_all.deb
 7db77915209516cfcb25c5751a6959215d89519c89f23a183177f0bc388074e8 9179732 libapt-pkg5.90-dbgsym_1.9.0_amd64.deb
 14cf5659a6eae21915af9eddbb80224e6134a2d2ee2d4d3ecbe065e72fc250cb 966748 libapt-pkg5.90_1.9.0_amd64.deb
Files:
 6263c017e8cece73b55bb1c573e17d68 2734 admin important apt_1.9.0.dsc
 999df9a2c0e3f89cfecf301f7a30262b 2162280 admin important apt_1.9.0.tar.xz
 574e33fe451431dc1b6156b044fc24be 6592624 debug optional apt-dbgsym_1.9.0_amd64.deb
 b7f8f34a3a4cbcb66d8d482790622434 379204 doc optional apt-doc_1.9.0_all.deb
 f746f669e986eb54d8a1d37a9b58449f 149888 oldlibs optional apt-transport-https_1.9.0_all.deb
 cc1ed06b080827d5ccd7e0859d71184b 1777380 debug optional apt-utils-dbgsym_1.9.0_amd64.deb
 015bf6118f1b277ea499e2c9951ecb0e 421928 admin important apt-utils_1.9.0_amd64.deb
 c72a271d399290bd380fb07f317512d4 11336 admin important apt_1.9.0_amd64.buildinfo
 366ddd6763e3027e74beb15bf5b0e6a0 1422016 admin important apt_1.9.0_amd64.deb
 ec27078cbf01437d50fa74fec579bf48 241312 libdevel optional libapt-pkg-dev_1.9.0_amd64.deb
 cf155d5a8d4e6e62ff73cbe13e2d895c 1009204 doc optional libapt-pkg-doc_1.9.0_all.deb
 0989b5079546b917dadf6b3e92693d50 9179732 debug optional libapt-pkg5.90-dbgsym_1.9.0_amd64.deb
 968a427f34083cc85364dd3121ea7942 966748 libs optional libapt-pkg5.90_1.9.0_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAl0HaqYPHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9x2/0P/137TWm2oLPrQatYdZ+fRfRRo3N4IF/W2RwX
7934oXO5U8aOCRlKYlAUIyMyk/a/6mowddOZwz4z1dIj5HOEs4Ji87vEswh3YLtq
17+WfEk9CfVVaca/4eNrdYi3jGOf3o/6NX96zMb6jVvIC5v7ISV4n3Ehr1ptl0ar
ut0KgWCGHcRedlEQYAWC0abtS5096L5p2YKZTwSnoD75bcG2TjVWeGWXZtrda45K
2jpNps3Kj29DAqOwv+hKqxgIqGlE6Ya0M22xq8aPgZ9ZN7tby4k5qHqudnrFb6hm
+Ne8Z/pDmjUZbeVzQ6Qt/fDaPd5b9H5KsYIjvzryX/R2Q9DRhmeCVv23CLZIjjt7
Q8kKLltokn/ug8fWypIdRmMJqW/6Z1kK/rDEesjI0J0Z0uf65PdcrSTvD3UGYhK/
dBaKafQqKZNME0zA+USEcp01An3Iow4wgEmli1DMIct2Jh5E7KqQIcCdHxOHi2jG
IZ8klT/C18wKx7BIiu2Ox527dgDE5D8qTk9HiT50DfKH4Uforc9MwxUKBZX2IiJv
OMrIrWicgwULGaLhvt8PfWk8GMaImVlaHjHuK5ihAbIt6gT9JYe5Yhog6X6wBLCy
T/ab0FmLAFY61wvIBAqxLWKRupmWGDJSsRUnhglK1vY20WDUG8c2fhovtS9Kkdrw
UK4wKhep
=luqy
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#905141: marked as done (apt-transport-https: Mark apt-transport-https as Multi-Arch: foreign)
Next by Date: apt_1.9.0_amd64.changes ACCEPTED into experimental, experimental
Previous by thread: Bug#905141: marked as done (apt-transport-https: Mark apt-transport-https as Multi-Arch: foreign)
Next by thread: apt_1.9.0_amd64.changes ACCEPTED into experimental, experimental
Index(es):
- Date
- Thread