Bug#1066145: debootstrap: fails with multiversion repositories, including Debian’s

To: 1066145@bugs.debian.org
Subject: Bug#1066145: debootstrap: fails with multiversion repositories, including Debian’s
From: Luke Yasuda <jing@jing.rocks>
Date: Fri, 10 Oct 2025 18:13:42 +0900
Message-id: <[🔎] 7e138c08-b3ad-4674-a57d-eafbf91e2afe@jing.rocks>
Reply-to: Luke Yasuda <jing@jing.rocks>, 1066145@bugs.debian.org
In-reply-to: <20240313021006.15235.63310.reportbug@ara3.mirbsd.org>
References: <20240313021006.15235.63310.reportbug@ara3.mirbsd.org> <20240313021006.15235.63310.reportbug@ara3.mirbsd.org> <20240313021006.15235.63310.reportbug@ara3.mirbsd.org>

Control: retitle -1 debootstrap: fails with multiversion Packages filewhen predeps have multiple versions


On Wed, 13 Mar 2024 02:10:06 +0000 Thorsten Glaser <tg@mirbsd.de> wrote:

Package: debootstrap
Version: 1.0.134
Severity: important

There exist multiversion Packages files, e.g. they can be created
by dpkg-scanpackages -m but dak also occasionally seems to create
them.

I just had multiple attempts at creating a buildd chroot fail.

One was with debootstrap --variant=buildd where perl-modules-5.38
failed the bootstrap because the Packages file contains two versions
of it (5.38.2-3.2 (the one we want) followed by 5.38.2-3). According
to cbmuser, the arch:all part of debian-ports Packages files is an
identical embedded copy of binaries-all/Packages from dak for sid,
so this is not just a debian-ports or mini-dak problem.

Then I tried --variant=minbase which failed the cowbuilder --create
as well but only after the debootstrap stage: debootstrap installed
libaudit-common 1:3.1.2-2 instead of 1:3.1.2-2.1 so the chroot had
libaudit1’s dependency on libaudit-common unfulfilled, which made a
later apt-get dist-upgrade fail without manually running an apt-get
-f install first (which I thankfully could do in a pbuilder hook
script).

I was able to reproduce this, using a (multiversion) Packages filegenerated by reprepro 5.4.7-1 (in experimental). Allow me to elaborate.


The symptom: debootstrap fails with:

I: Unpacking the base system...

W: Failure trying to run: chroot "/tmp/u" dpkg --force-overwrite--force-confold --skip-same-version --install


In debootstrap.log:

dpkg: error: --install needs at least one package archive file argument

After "Unpacking the base system...", debootstrap resolve thedependencies of pre-dependencies manually by calling "dpkg--predep-package". When the dependencies of a pre-dependency aresatisfied and the pre-dependency is installed, "dpkg --predep-package"returns the next predep. However, if we have a multiversion Packagesfile, and the pre-dependency has multiple versions, because debootstraponly fetches the oldest version, the oldest version of pre-dependency isinstalled, and "dpkg --predep-package" keeps return the same package.This is a problem because in "debian-common", this line filters outpredeps that are already installed:

predep=$(without "$(without "$(resolve_deps $predep)" "$required")""$done_predeps")


so as a result, $predep will be empty, so this line will fail:

in_target dpkg --force-overwrite --force-confold --skip-same-version--install $(debfor $predep)


The problem happened to me when systemd in unstable has multiple versions.

So, the ideal solution would be to make debootstrap fetch the latestversion of deb packages. The Packages file would need to be sortedsomehow. I found a solution in bug #690210, but the thenmaintainer/uploaders did not like the patch as it had too much perlcode. I don't know if there is a good way to do version comparing inshell instead of (libdpkg-)perl.

This is a real problem affecting real-world scenarios (such as
buildd maintainers frantically trying to stay on top of t64), and
apparently at least arch:all packages can have multiple versions
show up in the Packages file in Debian sid.

The two failure modes are that debootstrap either results in a
chroot in which packages are installed that don’t meet each other’s
dependencies (which a real-world dpkg call would need --force-depends)
or that debootstrap itself even aborts.

The fix is of course to consider all versions of all packages,
though this will be very hard; apt seems to normally only consider
the latest version (unless another is installed or pinned), so
doing that would be another option, which while not being helpful
in situations of nōn-arch:all packages lagging would fix this bug
just as well.


-- System Information:
Debian Release: stretch/sid
  APT prefers unreleased
  APT policy: (500, 'unreleased'), (500, 'unstable')
Architecture: m68k

Kernel: Linux 6.6.15-m68k


(This is the first time I see anyone who use m68k)

Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages debootstrap depends on:
ii  wget  1.16.3-3

Versions of packages debootstrap recommends:
pn  arch-test               <none>
ii  debian-archive-keyring  2014.3


--
Luke Yasuda
About me: https://jing.rocks/about/
GPG Fingerprint: 4E09 8D19 00AA 3F72 1899 2614 09B3 316E 13A1 1EFC

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#1066145: debootstrap: fails with multiversion repositories, including Debian’s
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Processed: Re: debootstrap: fails with multiversion repositories, including Debian’s
Next by Date: Bug#1066145: debootstrap: fails with multiversion repositories, including Debian’s
Previous by thread: Processed: Bug #690210: debootstrap: please support multiple suites
Next by thread: Processed: Re: debootstrap: fails with multiversion repositories, including Debian’s
Index(es):
- Date
- Thread