Bug#245253: apt-get: claims it will upgrade a packages that should/will not be

To: Yann Dirson <ydirson@altern.org>, 245253@bugs.debian.org
Cc: Matt Zimmerman <mdz@debian.org>, Yann Dirson <dirson@debian.org>, APT Development Team <deity@lists.debian.org>
Subject: Bug#245253: apt-get: claims it will upgrade a packages that should/will not be
From: Jason Gunthorpe <jgg@debian.org>
Date: Fri, 23 Apr 2004 00:30:54 -0600 (MDT)
Message-id: <[🔎] Pine.LNX.3.96.1040423000606.14090A-100000@wakko.debian.net>
Reply-to: Jason Gunthorpe <jgg@debian.org>, 245253@bugs.debian.org
In-reply-to: <[🔎] 20040422181029.GA11615@bylbo.nowhere.earth>

On Thu, 22 Apr 2004, Yann Dirson wrote:

> You're right, it unpacked the version from the cache.  But then there is
> still a bug in apt, since unless I clean the cache, it will continuously
> unpack it, thinking it is the right deb.

This is how it is designed to work.. Undesirable, but you violated an
invarient it depends upon.

Once a package makes it out of the partial directory APT never rechecks
its md5sum. It assumes that the tuple (package,version,arch) is sufficient
to map metadata from the Packages file onto metadata from a cached deb.
It does a quick check of the .deb size against the Packages file and then
assumes it is the .deb that is described, even if it isn't.

It also CRCs the metadata and produces seperate internal representations
for (package,version,arch) tuples that have different CRCs.

So, whenever it goes to lookup something in the cache it internally could
think it is any one of the three 0.7.3-1 versions your APT knows about.

This whole fragile scheme is designed to seamlessly fix the common case of
this happening - someone locally compiling a package and not adjusting the
version number. APT will _always_ consider the non-local varient to be
newer when performing upgrade calculations and it will download and
install it. This is well aligned with APT's core goal - to bring your
system closer to the latest release.

Your case has 3 seperate versions, so the algorithm starts to become very
sensistive to things like sources.list order and you run into problems
with collisions in the cache directory. Basically it doesn't work very
well.

Cache collisions could be solved by, for instance, appending the md5sum to
the filename in the cache to disambiguate them, but people would complain
because the filenames become uglier than they already are..

> And above all, why if I comment out any one of the 2 source lines, would it
> think that the installed package is good ?

Well, I remember there is a bug here. I guess it was never fixed (Matt do
you know?)

Basically, when it found a CRC difference it didn't take the time to check
if another version matches the new CRC or not.

It is likely you have the unstable version installed and the wesnoth.org
version is different, so it makes 3 versions instead of 2. This makes it
very confused since it always thinks the unstable version is newer than
the installed version even though they are identical.

When you remove unstable, it works OK because it sees wesnoth.org and can
tell through the .deb size check that it needs to download a new .deb,
when you remove wesnoth.org it sees only 1 version.

Jason

Reply to:

Follow-Ups:
- Bug#245253: apt-get: claims it will upgrade a packages that should/will not be
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Bug#245253: apt-get: claims it will upgrade a packages that should/will not be
  - From: Yann Dirson <ydirson@altern.org>

Prev by Date: Bug#245250: apt-get source --tar-only should work with upstream version only
Next by Date: supersezx
Previous by thread: Bug#245253: apt-get: claims it will upgrade a packages that should/will not be
Next by thread: Bug#245253: apt-get: claims it will upgrade a packages that should/will not be
Index(es):
- Date
- Thread