Bug#1017060: python3-apt: Candidate version returned does not respect policy
Package: python3-apt
Version: 2.2.1
Severity: normal
X-Debbugs-Cc: nicolas@karolak.fr
Dear Maintainer,
I have an internal APT repository proxy/cache (Nexus) that is configured
with a high priority. When i try to install packages with Ansible, that
leverage this library, it tries to install the latest package found
overall my repos instead of the one with the highest priority.
Here are the steps to reproduce.
Add MariaDB repository:
```
# apt-get install apt-transport-https curl ; curl -o /etc/apt/trusted.gpg.d/mariadb_release_signing_key.asc 'https://mariadb.org/mariadb_release_signing_key.asc' ; sh -c "echo 'deb https://mirror.netweaver.uk/mariadb/repo/10.5/debian bullseye main' >>/etc/apt/sources.list.d/mariadb.list"
```
Policy without pinning:
```
# apt policy mariadb-server
mariadb-server:
Installed: (none)
Candidate: 1:10.5.16+maria~bullseye
Version table:
1:10.5.16+maria~bullseye 500
500 https://mirror.netweaver.uk/mariadb/repo/10.5/debian bullseye/main arm64 Packages
1:10.5.15+maria~bullseye 500
500 https://mirror.netweaver.uk/mariadb/repo/10.5/debian bullseye/main arm64 Packages
1:10.5.15-0+deb11u1 500
500 http://deb.debian.org/debian bullseye/main arm64 Packages
1:10.5.13+maria~bullseye 500
500 https://mirror.netweaver.uk/mariadb/repo/10.5/debian bullseye/main arm64 Packages
```
Setup pinning to priorize another origin than MariaDB one:
```
# cat /etc/apt/preferences.d/90pin
Package: *
Pin: origin deb.debian.org
Pin-Priority: 1000
```
Updated policy:
```
# apt policy mariadb-server
mariadb-server:
Installed: (none)
Candidate: 1:10.5.15-0+deb11u1
Version table:
1:10.5.16+maria~bullseye 500
500 https://mirror.netweaver.uk/mariadb/repo/10.5/debian bullseye/main arm64 Packages
1:10.5.15+maria~bullseye 500
500 https://mirror.netweaver.uk/mariadb/repo/10.5/debian bullseye/main arm64 Packages
1:10.5.15-0+deb11u1 1000
1000 http://deb.debian.org/debian bullseye/main arm64 Packages
1:10.5.13+maria~bullseye 500
500 https://mirror.netweaver.uk/mariadb/repo/10.5/debian bullseye/main arm64 Packages
```
Installing pin-compliant package through `apt` works fine:
```
# apt install mariadb-common --dry-run
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
mysql-common
The following NEW packages will be installed:
mariadb-common mysql-common
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Inst mysql-common (5.8+1.0.7 Debian:11.4/stable [all])
Inst mariadb-common (1:10.5.15-0+deb11u1 Debian:11.4/stable [all])
Conf mysql-common (5.8+1.0.7 Debian:11.4/stable [all])
Conf mariadb-common (1:10.5.15-0+deb11u1 Debian:11.4/stable [all])
```
However `apt_pkg` Python lib return wrong candidate version:
```
# python3
>>> import apt, apt_pkg
>>> cache = apt_pkg.Cache()
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
>>> policy = apt_pkg.Policy(cache)
>>> policy.get_candidate_ver(cache['mariadb-common'])
<apt_pkg.Version object: Pkg:'mariadb-common' Ver:'1:10.5.16+maria~bullseye' Section:'database' Arch:'all' Size:4452 ISize:19456 Hash:2194990488 ID:58302 Priority:4>
```
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (1000, 'stable-updates'), (1000, 'stable-security'), (1000, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 5.10.104-linuxkit (SMP w/2 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_RANDSTRUCT
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages python3-apt depends on:
ii distro-info-data 0.51+deb11u2
ii libapt-pkg6.0 2.2.4
ii libc6 2.31-13+deb11u3
ii libgcc-s1 10.2.1-6
ii libstdc++6 10.2.1-6
ii python-apt-common 2.2.1
ii python3 3.9.2-3
Versions of packages python3-apt recommends:
ii iso-codes 4.6.0-1
ii lsb-release 11.1.0
Versions of packages python3-apt suggests:
ii apt 2.2.4
pn python-apt-doc <none>
pn python3-apt-dbg <none>
-- no debconf information
Reply to: