--- Begin Message ---
Source: cdebconf
Version: 0.265
Severity: critical
cdebconf 0.265 dropped the "debconf" dependency, that Joey Hess
"temporarily" added in 2007 with cdebconf 0.123[1]. This was added to
"avoid anyone breaking their systems by removing debconf, which
dependencies now allow".
Unfortunately, that removal was premature, and indeed, it is now
possible for someone to install cdebconf 0.265, remove debconf from
their system (which apt will happily do), and for hundreds of unrelated
random packages to break, in the same way that was reported back then
with #443627.
Example steps to reproduce:
# on a clean chroot or container, e.g. podman run -it --rm debian:sid
apt install -y cdebconf
apt purge -y debconf # this was not previously possible, but now is
# pick a random package that uses debconf, in this case tzdata
apt purge -y tzdata # in case this was already installed
apt install tzdata # kaboom
I believe the reporter of #1006492 misunderstood the original change and
therefore that bug is invalid. Additionally, I believe the resolution of
#328498 to be premature, given that cdebconf is clearly not the default :)
The underlying cause is that cdebconf Provides: debconf-2.0, to indicate
that it provides the debconf 2.0 protocol, because that was its original
intention. However, it does not do so; it only did transitively, because
of the debconf dependency. Packages in the archive depend on some
variation of "debconf | debconf-2.0" expecting certain facilities
(binaries, shell libraries, etc.). However, cdebconf does NOT currently
provide any of these.
At least these differences exist:
* cdebconf provides its binaries under /usr/lib/cdebconf, not /usr/bin
(presumably to avoid a Conflict with debconf), and thus standard
binaries that maintainer scripts (and administrators) expect, cannot
be found.
For example, /usr/bin/debconf-set-selections,
/usr/sbin/dpkg-preconfigure or /usr/sbin/dpkg-reconfigure.
* cdebconf does not ship /usr/share/debconf/confmodule. Many
maintainer scripts expect this. tzdata, mentioned above, is one of
them.
* cdebconf does not ship the Perl implementation of
Debconf::Client::ConfModule, but the debconf package does. There are
packages that expect that a "debconf-2.0" dependency will make this
available to them. For example /usr/sbin/pam-auth-update from the
libpam-runtime package uses it, but the package depends "just" on
"debconf (>= 0.5) | debconf-2.0, debconf (>= 1.5.19) | cdebconf".
* Finally, cdebconf does not include a debconf-apt-progress
implementation. See #537523 for an old bug describing this, as well
as a request for the passthrough frontend.
Going forward there are a few options:
* Revert the change and depend on debconf again. This is the safest
option, as this has been the status quo since 2007.
* Remove the debconf-2.0 Provides from cdebconf. This is, arguably,
the option that would maximize correctness, given cdebconf is not
really providing the facilities expected by debconf-2.0. It's
unclear to me what this could break, though.
* Longer-term... actually create feature parity between cdebconf and
debconf, potentially even switching to cdebconf by default, as Joey
originally intended. This will likely include _at least_ the
following:
- Resolving the items in #537523 (debconf-apt-progress).
- Splitting Debconf::Client::ConfModule from debconf to a
libdebconf-client-confmodule-perl package, and either have
cdebconf depend on it, or perform an MBF to ask downstream users
to add this dependency explicitly. (Which of the two depends on
whether one considers this Perl API part of the "debconf-2.0"
protocol or not.)
- Shipping /usr/share/debconf/confmodule by cdebconf, moving
cdebconf's binaries to /usr/bin and /usr/sbin, adding a Conflict
again, and deprecating DEBCONF_USE_CDEBCONF.
Regards,
Faidon
1: https://salsa.debian.org/installer-team/cdebconf/-/commit/b4dfa070d676917f12f58cc52fe46fe2f4094fc3
--- End Message ---
--- Begin Message ---
Source: cdebconf
Source-Version: 0.266
Done: Holger Wansing <hwansing@mailbox.org>
We believe that the bug you reported is fixed in the latest version of
cdebconf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1026858@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Wansing <hwansing@mailbox.org> (supplier of updated cdebconf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 Dec 2022 15:15:11 +0100
Source: cdebconf
Architecture: source
Version: 0.266
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Holger Wansing <hwansing@mailbox.org>
Closes: 1019919 1026858
Changes:
cdebconf (0.266) unstable; urgency=medium
.
* Team upload.
.
[ Holger Wansing ]
* Fix missing GPL-2+ license in d/copyright. Closes: #1019919
* Revert 'No longer depend on debconf' for now (Closes: #1026858).
.
[ Updated translations ]
* Greek (el.po) by george kitsoukakis
* Persian (fa.po) by Danial Behzadi
* Kazakh (kk.po) by Baurzhan Muftakhidinov
* Polish (pl.po) by Matthaiks
Checksums-Sha1:
da6b522aef97b8cde2eab1786c82f120fa3c5b51 2707 cdebconf_0.266.dsc
286c5982881d990fd259799e1db648c18c857aad 282380 cdebconf_0.266.tar.xz
e6f3b42bad61e6f9c4a739d17a065a2111330a4a 15067 cdebconf_0.266_amd64.buildinfo
Checksums-Sha256:
c3a832b3e02852aa223c8a79d06777dcb43e2e6e17e8271c26e83a4d513d2175 2707 cdebconf_0.266.dsc
cabbc111ab1f3d1258252f04aa4313d2e2d6e0569001177717cfedc81641140b 282380 cdebconf_0.266.tar.xz
7a7b4567ce3171a0820e2a43c4c566d737b80b3fd9a090536a7fe829616813ff 15067 cdebconf_0.266_amd64.buildinfo
Files:
1b4ec7470e5a084536dfab46bd2d52e7 2707 utils optional cdebconf_0.266.dsc
9e7764df60d3dc7c6e05871738663338 282380 utils optional cdebconf_0.266.tar.xz
6236d5491439cea2d4eab58963d10acc 15067 utils optional cdebconf_0.266_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEESWrG6BRCSzSFCDUpWfGHyhVusHYFAmOwR8UVHGh3YW5zaW5n
QG1haWxib3gub3JnAAoJEFnxh8oVbrB2q2YQAKk0es8ZGMQO00xVhnA4x1c+g508
TRZstOiPP8a+nDq0ZfDjpYheL/Glulwxs7dUhY/IC0ysahU5GEvHQ7nguvyWo5Wy
uDbTJpB09Qjh06llg4jA5re01CT6gJNbWIaKsI0hGBt1XVn6fUtDSO38SJ+g0UlK
ObWMbH1vlfF7EchZpXQQ6ZOcPhq5NNKDMgYTB3BW+oauKB7SN2gRLQGshpEYzWQ0
gMFkjidKjjrkivzMvKPFnk96dRW93d5vUh/KCtHd0lbfUk/dpA5ndGvVihkwj8Ti
blymnwPisJBVhUAfc2GRFoh2pafXsm+m9bt8NEfU58w/64KXPpIgzQ8f2U+fHCsj
u+3GVQnKbXjaJ5c+JvMVdvZUcbRz4cbbeEoKeG3f9bl6lGOo3Vo6z62+faeCkIFJ
qzUGa2y7dNWnot6iceIirpqUaQTY3w4s598+7GK/tMHCwqVCjrnNwgldG6HFPf7Q
0a8XGivuQfqU0CqdA7Xg13bq8dxIJDi+7gGHoDK8haWNL+0dakrrBpwhfPqoLPj4
+eTeUgbbMeKBQ/eN91hCgOpPJOEV2FPZ7qpfi1HHYUh4CXILNpsRag2OF8GY5FC9
ubZJsxJ2VfPF/KHjA5gbXgdlwnaECnb/T3w/G4Db78pMd29hjAp3ePv38Q6RNezp
6j106hRksJqup186
=c50P
-----END PGP SIGNATURE-----
--- End Message ---