On 2021-09-14 at 18:56, craig duncan wrote: > I just installed Bullseye after -- as a long-time Debian user -- having > had my hard drive corrupted by USB devices. > I used to run testing, so i thought i would get there, but first i > wanted to install the apps i wanted, get things working, and then > migrate to testing. > During the install, i also enabled security-updates. In fact, i added > both sid and testing to my sources.list (after booting into new install). > > I'm seeing some strange behavior which i cannot figure out when i go to > upgrade or add packages... best demonstrated by the particular cases i > am puzzling over. >> # aptitude why libidn12 >> i gimp Depends libgs9 (>= 8.61.dfsg.1) >> p A libgs9 Depends libidn12 (>= 1.13) > >> # apt-cache policy libgs9 >> libgs9: >> Installed: 9.53.3~dfsg-7+deb11u1 >> Candidate: 9.53.3~dfsg-8 >> Version table: >> 9.53.3~dfsg-8 500 >> 500 http://deb.debian.org/debian sid/main amd64 Packages >> *** 9.53.3~dfsg-7+deb11u1 500 >> 500 http://security.debian.org/debian-security >> bullseye-security/main amd64 Packages >> 100 /var/lib/dpkg/status >> 9.53.3~dfsg-7+b1 500 >> 500 http://deb.debian.org/debian testing/main amd64 Packages >> 9.53.3~dfsg-7 990 >> 990 http://deb.debian.org/debian bullseye/main amd64 Packages > So, libidn11 is currently installed as a dependency of libgs9 from the > security source. But it wants to install libidn12, because it's going > to install libgs9 from sid! Notice that the currently-installed version of libgs9 is from bullseye-security/main, which has a priority of 500. sid also has a priority of 500, and the libgs9 package available in sid has a higher version. Since the priority of the higher-version package is not lower than that of the currently-installed package, apt decides it's OK to upgrade. This strikes me as perfectly fine. If you don't want it to happen, just adjust the relative priorities of those two repositories. > The other package it wanted to "upgrade" shows a similar issue: > >> # why libbotan-2-18 >> ___________________________ >> aptitude why... This invocation and output isn't a pattern I'm familiar with; is it a tool I just don't happen to have installed, or is it a local script or similar that you have in place? >> i lxde Suggests libreoffice >> p libreoffice Suggests firefox-esr | thunderbird | firefox >> p thunderbird Depends libbotan-2-18 (>= 2.18.1+dfsg) > >> # why libbotan-2-17 >> ___________________________ >> aptitude why... >> iB thunderbird Depends libbotan-2-17 (>= 2.17.3+dfsg) > > Why is this broken? I installed thunderbird from testing, it was > broken, reinstalled what had been originally installed, from security... > all broken. I'm not sure I see what's broken about the above; what I see there looks just fine. > It *works* perfectly fine. > >> # apt-cache policy thunderbird >> thunderbird: >> Installed: 1:78.14.0-1~deb11u1 >> Candidate: 1:78.14.0-1 >> Version table: >> 1:78.14.0-1 500 >> 500 http://deb.debian.org/debian sid/main amd64 Packages >> *** 1:78.14.0-1~deb11u1 500 >> 500 http://security.debian.org/debian-security >> bullseye-security/main amd64 Packages >> 100 /var/lib/dpkg/status >> 1:78.13.0-1 500 >> 500 http://deb.debian.org/debian testing/main amd64 Packages >> 1:78.12.0-1 990 >> 990 http://deb.debian.org/debian bullseye/main amd64 Packages Again, you'll notice that the installed package version is from bullseye-security/main and has priority 500, which is the same priority as the newer-version package available from sid. >> # apt-cache policy libbotan-2-17 >> libbotan-2-17: >> Installed: 2.17.3+dfsg-2 >> Candidate: 2.17.3+dfsg-2 >> Version table: >> 2.17.3+dfsg-3 500 >> 500 http://deb.debian.org/debian testing/main amd64 Packages >> 500 http://deb.debian.org/debian sid/main amd64 Packages >> *** 2.17.3+dfsg-2 990 >> 990 http://deb.debian.org/debian bullseye/main amd64 Packages >> 100 /var/lib/dpkg/status > >> # apt-cache policy libbotan-2-18 >> libbotan-2-18: >> Installed: (none) >> Candidate: 2.18.1+dfsg-3 >> Version table: >> 2.18.1+dfsg-3 500 >> 500 http://deb.debian.org/debian testing/main amd64 Packages >> 500 http://deb.debian.org/debian sid/main amd64 Packages In order to satisfy the dependencies of the newer same-priority package (thunderbird), apt is willing to install another package of that same priority (libbotan-2-18) at the expense of a higher-priority package (libbotan-2-17) which is no longer needed by the newer thunderbird version. (Honestly, I wouldn't be surprised if the priorities didn't have anything to do with it by the time we get down to this package, and the satisfying of dependencies for the other packages which are already going to be upgraded were the only factor.) > Again, it's trying to install thunderbird from sid! Which is the only > one that depends on libbotan-2-18. > > It's probably a bad idea to mix security updates and testing (i just > added sid to the sources because i want to know what's available, but > not install anything from there... yet). > But i'd like some insight into what it's doing and why. > Thanks for any insight. I hope the pointer to the matching priorities on the two different repositories was a helpful hint. -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Attachment:
signature.asc
Description: OpenPGP digital signature