Bug#1003664: fwupd: Too loose dependency on libfwupdN

To: 1003664@bugs.debian.org
Subject: Bug#1003664: fwupd: Too loose dependency on libfwupdN
From: Jonas Andradas <jonas@alternativaslibres.es>
Date: Thu, 20 Jan 2022 12:55:07 +0100
Message-id: <[🔎] 1919355.qKonMUIyAU@darkstar>
Reply-to: Jonas Andradas <jonas@alternativaslibres.es>, 1003664@bugs.debian.org
References: <[🔎] YeASAeKnv9T20nSi@thunder.hadrons.org>

On Thu, 13 Jan 2022 12:50:25 +0100 Guillem Jover <guillem@debian.org> wrote:
> Package: fwupd
> Version: 1.5.7-5
> Severity: serious
> 
> Hi!
> 
> This package seems to use a too loose dependency on at least
> libfwupdN, but I suspect the same applies to libfwupdpluginM (or even
> libfwupdN from libfwupdpluginM).
> 
> These are encoded as >=, which causes them to be upgradable on new
> upstream releases, and do break partial upgrades. Right now I've got
> fwupd held due to the signed version not being yet available, and
> libfwupdplugin1 is not upgraded as that bumped its SONAME, but libfwupd2
> did, and now the daemon is segfaulting. This is not the first time
> this has happened, but I guess I forgot to file the other time, which
> means this seems to be consistent behavior as with requiring exact
> versions of the library:
> 
>   fwupd[108906]: 21:12:16:0092 GLib-GIO             g_file_new_for_path: 
assertion 'path != NULL' failed
>   fwupd[108906]: 21:12:16:0092 GLib-GIO             g_file_query_file_type: 
assertion 'G_IS_FILE(file)' failed
>   fwupd[108906]: 21:12:16:0092 GLib-GIO             g_file_monitor_file: 
assertion 'G_IS_FILE (file)' failed
>   kernel: fwupd[108906]: segfault at 8 ip 0000559242c78109 sp 
00007ffe4df24910 error 4 in fwupd[559242c73000+26000]
>   kernel: Code: ff 85 c0 0f 85 97 02 00 00 48 8b 7c 24 30 e8 5e d5 ff ff e9 67 
01 00 00 48 8b 44 24 28 48 8d 3d dc 14 02 00 41 be 01 00 00 00 <48> 8b 70 08 
31 c0 e8 4c f4 ff ff 4d 85 e4 74 08 4c 89 e7 e8 5f db
> 
> So it looks like all the intra library dependencies should be changed
> to «libfwup.* (= <version>)».
> 
> Thanks,
> Guillem
> 

Hi, I am observing the same behaviour and, as Guillem, cannot yet update to 
fwupd version 1.7.4-1 because the signed binaries (e.g. fwupd-amd64-signed) 
are not yet available for that version, so upgrading would uninstall those and 
thus break the SecureBoot configuration.

Ensuring that libraries depended upon cannot be updated to a non-compatible 
version would prevent issues such as fwupd crashing in future updates.

Thanks,
Jonas.

Reply to:

References:
- Bug#1003664: fwupd: Too loose dependency on libfwupdN
  - From: Guillem Jover <guillem@debian.org>

Prev by Date: Bug#973715: fwupd-amd64-signed: Uninstallable; not binNMU-friendly
Next by Date: Bug#1004321: fwupd-amd64-signed-template: missing package name in files.json
Previous by thread: Bug#1003664: fwupd: Too loose dependency on libfwupdN
Next by thread: Asus H510M-E board Debian 11.2.0 not booting
Index(es):
- Date
- Thread