[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1026858: marked as done (Dependency on debconf dropped prematurely)



Your message dated Sat, 31 Dec 2022 15:05:05 +0000
with message-id <E1pBdQ1-00G2lb-Qx@fasolo.debian.org>
and subject line Bug#1026858: fixed in cdebconf 0.266
has caused the Debian Bug report #1026858,
regarding Dependency on debconf dropped prematurely
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1026858: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026858
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: cdebconf
Version: 0.265
Severity: critical

cdebconf 0.265 dropped the "debconf" dependency, that Joey Hess
"temporarily" added in 2007 with cdebconf 0.123[1]. This was added to
"avoid anyone breaking their systems by removing debconf, which
dependencies now allow".

Unfortunately, that removal was premature, and indeed, it is now
possible for someone to install cdebconf 0.265, remove debconf from
their system (which apt will happily do), and for hundreds of unrelated
random packages to break, in the same way that was reported back then
with #443627.

Example steps to reproduce:
  # on a clean chroot or container, e.g. podman run -it --rm debian:sid
  apt install -y cdebconf
  apt purge -y debconf    # this was not previously possible, but now is
  # pick a random package that uses debconf, in this case tzdata
  apt purge -y tzdata     # in case this was already installed
  apt install tzdata      # kaboom

I believe the reporter of #1006492 misunderstood the original change and
therefore that bug is invalid. Additionally, I believe the resolution of
#328498 to be premature, given that cdebconf is clearly not the default :)

The underlying cause is that cdebconf Provides: debconf-2.0, to indicate
that it provides the debconf 2.0 protocol, because that was its original
intention. However, it does not do so; it only did transitively, because
of the debconf dependency. Packages in the archive depend on some
variation of "debconf | debconf-2.0" expecting certain facilities
(binaries, shell libraries, etc.). However, cdebconf does NOT currently
provide any of these.

At least these differences exist:
  * cdebconf provides its binaries under /usr/lib/cdebconf, not /usr/bin
    (presumably to avoid a Conflict with debconf), and thus standard
    binaries that maintainer scripts (and administrators) expect, cannot
    be found.
 
    For example, /usr/bin/debconf-set-selections,
    /usr/sbin/dpkg-preconfigure or /usr/sbin/dpkg-reconfigure.
 
  * cdebconf does not ship /usr/share/debconf/confmodule. Many
    maintainer scripts expect this. tzdata, mentioned above, is one of
    them.
 
  * cdebconf does not ship the Perl implementation of
    Debconf::Client::ConfModule, but the debconf package does. There are
    packages that expect that a "debconf-2.0" dependency will make this
    available to them. For example /usr/sbin/pam-auth-update from the
    libpam-runtime package uses it, but the package depends "just" on
    "debconf (>= 0.5) | debconf-2.0, debconf (>= 1.5.19) | cdebconf".
 
  * Finally, cdebconf does not include a debconf-apt-progress
    implementation. See #537523 for an old bug describing this, as well
    as a request for the passthrough frontend.

Going forward there are a few options:
  * Revert the change and depend on debconf again. This is the safest
    option, as this has been the status quo since 2007.
  
  * Remove the debconf-2.0 Provides from cdebconf. This is, arguably,
    the option that would maximize correctness, given cdebconf is not
    really providing the facilities expected by debconf-2.0. It's
    unclear to me what this could break, though.
  
  * Longer-term... actually create feature parity between cdebconf and
    debconf, potentially even switching to cdebconf by default, as Joey
    originally intended. This will likely include _at least_ the
    following:
    - Resolving the items in #537523 (debconf-apt-progress).
    - Splitting Debconf::Client::ConfModule from debconf to a
      libdebconf-client-confmodule-perl package, and either have
      cdebconf depend on it, or perform an MBF to ask downstream users
      to add this dependency explicitly. (Which of the two depends on
      whether one considers this Perl API part of the "debconf-2.0"
      protocol or not.)
    - Shipping /usr/share/debconf/confmodule by cdebconf, moving
      cdebconf's binaries to /usr/bin and /usr/sbin, adding a Conflict
      again, and deprecating DEBCONF_USE_CDEBCONF.

Regards,
Faidon

1: https://salsa.debian.org/installer-team/cdebconf/-/commit/b4dfa070d676917f12f58cc52fe46fe2f4094fc3

--- End Message ---
--- Begin Message ---
Source: cdebconf
Source-Version: 0.266
Done: Holger Wansing <hwansing@mailbox.org>

We believe that the bug you reported is fixed in the latest version of
cdebconf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1026858@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Wansing <hwansing@mailbox.org> (supplier of updated cdebconf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 31 Dec 2022 15:15:11 +0100
Source: cdebconf
Architecture: source
Version: 0.266
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Holger Wansing <hwansing@mailbox.org>
Closes: 1019919 1026858
Changes:
 cdebconf (0.266) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Holger Wansing ]
   * Fix missing GPL-2+ license in d/copyright. Closes: #1019919
   * Revert 'No longer depend on debconf' for now (Closes: #1026858).
 .
   [ Updated translations ]
   * Greek (el.po) by george kitsoukakis
   * Persian (fa.po) by Danial Behzadi
   * Kazakh (kk.po) by Baurzhan Muftakhidinov
   * Polish (pl.po) by Matthaiks
Checksums-Sha1:
 da6b522aef97b8cde2eab1786c82f120fa3c5b51 2707 cdebconf_0.266.dsc
 286c5982881d990fd259799e1db648c18c857aad 282380 cdebconf_0.266.tar.xz
 e6f3b42bad61e6f9c4a739d17a065a2111330a4a 15067 cdebconf_0.266_amd64.buildinfo
Checksums-Sha256:
 c3a832b3e02852aa223c8a79d06777dcb43e2e6e17e8271c26e83a4d513d2175 2707 cdebconf_0.266.dsc
 cabbc111ab1f3d1258252f04aa4313d2e2d6e0569001177717cfedc81641140b 282380 cdebconf_0.266.tar.xz
 7a7b4567ce3171a0820e2a43c4c566d737b80b3fd9a090536a7fe829616813ff 15067 cdebconf_0.266_amd64.buildinfo
Files:
 1b4ec7470e5a084536dfab46bd2d52e7 2707 utils optional cdebconf_0.266.dsc
 9e7764df60d3dc7c6e05871738663338 282380 utils optional cdebconf_0.266.tar.xz
 6236d5491439cea2d4eab58963d10acc 15067 utils optional cdebconf_0.266_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEESWrG6BRCSzSFCDUpWfGHyhVusHYFAmOwR8UVHGh3YW5zaW5n
QG1haWxib3gub3JnAAoJEFnxh8oVbrB2q2YQAKk0es8ZGMQO00xVhnA4x1c+g508
TRZstOiPP8a+nDq0ZfDjpYheL/Glulwxs7dUhY/IC0ysahU5GEvHQ7nguvyWo5Wy
uDbTJpB09Qjh06llg4jA5re01CT6gJNbWIaKsI0hGBt1XVn6fUtDSO38SJ+g0UlK
ObWMbH1vlfF7EchZpXQQ6ZOcPhq5NNKDMgYTB3BW+oauKB7SN2gRLQGshpEYzWQ0
gMFkjidKjjrkivzMvKPFnk96dRW93d5vUh/KCtHd0lbfUk/dpA5ndGvVihkwj8Ti
blymnwPisJBVhUAfc2GRFoh2pafXsm+m9bt8NEfU58w/64KXPpIgzQ8f2U+fHCsj
u+3GVQnKbXjaJ5c+JvMVdvZUcbRz4cbbeEoKeG3f9bl6lGOo3Vo6z62+faeCkIFJ
qzUGa2y7dNWnot6iceIirpqUaQTY3w4s598+7GK/tMHCwqVCjrnNwgldG6HFPf7Q
0a8XGivuQfqU0CqdA7Xg13bq8dxIJDi+7gGHoDK8haWNL+0dakrrBpwhfPqoLPj4
+eTeUgbbMeKBQ/eN91hCgOpPJOEV2FPZ7qpfi1HHYUh4CXILNpsRag2OF8GY5FC9
ubZJsxJ2VfPF/KHjA5gbXgdlwnaECnb/T3w/G4Db78pMd29hjAp3ePv38Q6RNezp
6j106hRksJqup186
=c50P
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: