Re: Debootstrap and package versions

To: debian-boot@lists.debian.org
Subject: Re: Debootstrap and package versions
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 25 Sep 2019 13:43:30 +0200
Message-id: <[🔎] 17552ce7f6d0a587d1d659ea7260cd8d23820cde.camel@decadent.org.uk>
In-reply-to: <[🔎] CH2PR21MB14134D58BE21BF79CB89AD72BD840@CH2PR21MB1413.namprd21.prod.outlook.com>
References: <[🔎] CH2PR21MB14134D58BE21BF79CB89AD72BD840@CH2PR21MB1413.namprd21.prod.outlook.com>

On Tue, 2019-09-24 at 22:06 +0000, Matt Bearup wrote:
[...]
> 5. From looking at the official metadata for buster and buster-
> updates, it seems like the convention is to *remove* the old package
> versions. And indeed, doing this in our repo caused debootstrap to
> fetch our new package versions and run successfully.

The Packages file for a given Debian suite and architecture usually
only has one entry for a given name.  I believe this is always the case
for stable suites.  It is certainly *not* true for unstable or for
security suites.  As I understand it, the FTP team must invoke a
"decruft" process to remove old versions periodically:
https://nthykier.wordpress.com/2015/06/22/introducing-dak-auto-decruft/

> So my questions...
> 1. Is it intended that debootstrap only grabs the first package
> version it finds, then neglects to fetch the newer version if it's
> needed for a pre-dependency? Is it worth scraping the rest of the
> metadata for newer package versions?

This was probably intentional, as it is simple to implement and
normally works.  Perhaps taking the last package version would be
better, but I don't know if it is safe to assume that packages will be
sorted in version order.

> 2. I'm fairly certain I've installed "old" package versions before
> (e.g. apt install foo=n-1). Are the conditions for old packages being
> removed or retained described anywhere? Looking at the
> PointReleaseChecklist (
> https://wiki.debian.org/Teams/ReleaseTeam/PointReleaseCheckList) and
> bullet #5 above it looks like old packages do in fact get removed,
> but are there situations where they are retained?

If you're referring to "List of packages … that need to be removed",
that actually means completely removing packages which are very buggy,
not just removing old versions.

Old versions may still be available in a different suite that you have
as an APT source, or might not have been decrufted yet.

Ben.

-- 
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Debootstrap and package versions
  - From: Matt Bearup <mbearup@microsoft.com>

Prev by Date: Debootstrap and package versions
Next by Date: Debootstrap and package versions
Previous by thread: Debootstrap and package versions
Next by thread: Debootstrap and package versions
Index(es):
- Date
- Thread