Bug#216688: apt/preferences: pinning a single package version to prevent upgrades does not work

To: Debian Bug Tracking System <216688@bugs.debian.org>
Subject: Bug#216688: apt/preferences: pinning a single package version to prevent upgrades does not work
From: Marius Gedminas <mgedmin@b4net.lt>
Date: Wed, 17 Mar 2004 23:28:06 +0200
Message-id: <[🔎] 20040317212806.GA7874@perlas>
Reply-to: Marius Gedminas <mgedmin@b4net.lt>, 216688@bugs.debian.org
In-reply-to: <[🔎] 20040317202348.GA4200@perlas>
References: <[🔎] 20040317202348.GA4200@perlas>

On Wed, Mar 17, 2004 at 10:23:48PM +0200, Marius Gedminas wrote:
> I'm trying to prevent apt from upgrading mozilla-firefox to version
> 0.8-4 which is broken (#238318).

I've spent some time reading apt source code[1] and decided that this
was not doable with apt pins.

  [1] BTW what's the deal with those boolean comparisons that look like
      'if (a == true && b == false)'?

Here's more or less the algorithm that apt uses to choose a candidate
version (pkgPolicy::GetCandidateVer in apt-pkg/policy.cc):

  choices = []
  if there is a package pin for this package:
    choices.append(pin priority, package version matches the pin)
  for all available package versions do:
    for all available sources of this version do:
      choices.append(priority of the source, package version)
  from choices select the package version with the highest priority
  (and the highest version if the priorities are equal)

It is simplified (apt does not explicitly create a list of choices, and
it contains extra checks to prevent downgrades), but illustrates the
point:

  It is possible to *promote* a specific version of a package with a
  package pin, but it is not possible to *demote* one.

Was this a conscious design decision?

Note that there can be only one package-specific pin per package.  This
was not apparent to me when I read apt_preferences(5).  I thought it
would be possible to define pins for different versions of the same
package.

Was there a deeper reason behind limiting the number of package pins to
one per package (other than simplicity of implementation, that is)?

> Here's the output of apt-cache policy mozilla-firefox:
> 
>   mozilla-firefox:
>     Installed: 0.8-3
>     Candidate: 0.8-4
>     Package Pin: 0.8-4
>     Version Table:
>        0.8-4 -10
>           500 http://debian.balt.net unstable/main Packages
>    *** 0.8-3 -10
>           500 http://debina.ktu.lt testing/main Packages
>           500 http://debina.ktu.lt unstable/main Packages
>           500 http://debian.balt.net testing/main Packages
>           100 /var/lib/dpkg/status
> 
> Note that the priority -10 seems to be applied to version 0.8-3 as well
> for some reason (if it were just a display bug, apt wouldn't try
> upgrading, right?).

It is not a display bug.  The code displays exactly the same value for
every version because there is only one value defined per package.  It
also contributes to the wrong impression that you can override
priorities for specific versions.

I hope that this message will help other users understand what is going
on.

Personally I wish apt supported more than one pin for a package.

Marius Gedminas
-- 
Added mysterious, undocumented --scanflags and --fuzzy options.
	-- nmap 3.0 announcement

Reply to:

References:
- Bug#216688: apt/preferences: pinning a single package version to prevent upgrades does not work
  - From: Marius Gedminas <mgedmin@b4net.lt>

Prev by Date: Bug#238578: typo in "apt-cache" man page ("ment")
Next by Date: Bug#115953: Get Ciali*s ES 7.5 Fast
Previous by thread: Bug#216688: apt/preferences: pinning a single package version to prevent upgrades does not work
Next by thread: Bug#115953: Get Ciali*s ES 7.5 Fast
Index(es):
- Date
- Thread