Your message dated Wed, 08 May 2013 17:03:09 +0000 with message-id <E1Ua7ll-0005UW-6S@franck.debian.org> and subject line Bug#699759: fixed in apt 0.9.8 has caused the Debian Bug report #699759, regarding apt: score computation may prefer obsolete installed packages over their successors to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 699759: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699759 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: score computation may prefer obsolete installed packages over their successors
- From: Andreas Beckmann <anbe@debian.org>
- Date: Mon, 04 Feb 2013 18:58:40 +0100
- Message-id: <20130204175840.19922.20621.reportbug@cake.ae.cs.uni-frankfurt.de>
Package: apt Version: 0.9.7.7 Severity: serious Hi, there is a problem in apt's score computation (algorithms.cc, MakeScores()) w.r.t. to the negative scores for "optional" and "extra" packages. Adding abs(negative score) to some package may give in incorrect boost to that package. Setting severity to serious as this should be fixed (and this seems possible in a rather non-intrusive way) for wheezy, so that the fix will be available for the wheezy->jessie upgrades in the future. Note that I rebuilt (and slightly patched (to output non-boring packages with score 0)) apt/sid for squeeze to have the "new" apt perform the distupgrade from squeeze to wheezy - to see whether this works better than squeeze's old apt - and to find problems still existing. I consider any "kept back" during a distupgrade from any valid subset of squeeze packages to wheezy as a "problem". Or an attempt to remove the package to be tested if that still exists and is installable in wheezy. I have a local piuparts instance running for this setup, so I could easily check the effect of a fix on a large portion of the archive by testing it on squeeze->wheezy upgrades. One of the first problems I noticed was apt preferring to keep back libhangul-dev instead of kicking out libhangul0, libhangul0-data and installing libhangul1, libhangul-data. Setup is a minimal squeeze system with no recommends and libhangul-dev installed, there 'apt-get dist-upgrade' to wheezy is being run. >From the attached log: 2 liblzma2 [ amd64 ] < 5.0.0-2 > ( libs ) 1 uuid-runtime [ amd64 ] < none -> 2.20.1-5.3 > ( libs ) 1 libldap-2.4-2 [ amd64 ] < none -> 2.4.31-1 > ( libs ) 1 bsdmainutils [ amd64 ] < none -> 9.0.3 > ( utils ) 1 psmisc [ amd64 ] < none -> 22.19-1+deb7u1 > ( admin ) 1 apt-utils [ amd64 ] < none -> 0.9.7.7 > ( admin ) 1 awk [ amd64 ] < none > ( none ) * 1 libhangul0-data [ amd64 ] < 0.0.11-2 > ( libs ) 1 libgpm2 [ amd64 ] < none -> 1.20.4-6 > ( libs ) 1 libpng12-0 [ amd64 ] < none -> 1.2.49-1 > ( libs ) 1 bash-completion [ amd64 ] < none -> 1:2.0-1 > ( shells ) 1 libdb4.8 [ amd64 ] < 4.8.30-2 > ( libs ) 1 gnupg-curl [ amd64 ] < none -> 1.4.12-7 > ( utils ) * 0 libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs ) 0 gcc-4.4-base [ amd64 ] < 4.4.5-8 -> 4.4.7-2 > ( libs ) 0 libsemanage-common [ amd64 ] < none -> 2.1.6-6 > ( libs ) * 0 libhangul-dev [ amd64 ] < 0.0.11-2 -> 0.1.0-2 > ( libdevel ) 0 libustr-1.0-1 [ amd64 ] < none -> 1.0.4-3 > ( libs ) * 0 libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs ) * -1 libhangul0 [ amd64 ] < 0.0.11-2 > ( libs ) Starting 2 Investigating (0) libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs ) Broken libhangul-data:amd64 Conflicts on libhangul0-data [ amd64 ] < 0.0.11-2 > ( libs ) Considering libhangul0-data:amd64 1 as a solution to libhangul-data:amd64 0 Holding Back libhangul-data:amd64 rather than change libhangul0-data:amd64 Investigating (0) libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs ) Broken libhangul1:amd64 Depends on libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs ) (>= 0.1.0-2) Considering libhangul-data:amd64 0 as a solution to libhangul1:amd64 0 Holding Back libhangul1:amd64 rather than change libhangul-data:amd64 Investigating (1) libhangul-dev [ amd64 ] < 0.0.11-2 -> 0.1.0-2 > ( libdevel ) Broken libhangul-dev:amd64 Depends on libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs ) (= 0.1.0-2) Considering libhangul1:amd64 0 as a solution to libhangul-dev:amd64 0 Holding Back libhangul-dev:amd64 rather than change libhangul1:amd64 Try to Re-Instate (2) libhangul-dev:amd64 Done The following NEW packages will be installed: gcc-4.7-base libdb5.1 liblzma5 libmount1 libpam-modules-bin libsemanage-common libsemanage1 libtinfo5 libustr-1.0-1 multiarch-support The following packages have been kept back: libhangul-dev The following packages will be upgraded: The dependency chains are: squeeze: libhangul-dev -> libhangul0 -> libhangul0-data wheezy: libhangul-dev -> libhangul1 -> libhangul-data Let me try to compute the scores manually after reading algorithms.cc MakeScores(): First round (initialization): libhangul-dev => 0 -1 optional 1 installed and not obsolete libhangul0 => -1 -1 optional 0 installed but obsolete libhangul0-data => 0 -1 optional 0 installed but obsolete 1 rdepends (libhangul0) libhangul1 => 0 -1 optional 0 not installed 1 rdepends (libhangul-dev) libhangul-data => 0 -1 optional 0 not installed 1 rdepends (libhangul1) Second round (one level propagation): libhangul-dev => 0 0 round 1 0 no rdepends libhangul0 => -1 -1 round 1 0 no rdepends libhangul0-data => 1 0 round 1 1 libhangul0: abs(-1) libhangul1 => 0 0 round 1 0 libhangul-dev libhangul-data => 0 0 round 1 0 libhangul1 Oops, now libhangul0-data (1) is more valuable than libhangul-data (0) The flaw is here: Scores[I->ID] += abs(OldScores[D.ParentPkg()->ID]); as "optional" leaf packages will have a score of -1 - and even worse, "extra" leaf packages will have a score of -2. Running abs() on this gives a boost to the wrong packages. Suggestions for alternative propagation functions: // current and wrong Score += abs(RDepScore) // ignore negatives, they already contributed // PrioDepends/PrioRecommends to our score Score += max(0, RDepScore) // ignore negatives, but give another point for the rdep Score += max(1, RDepScore) // give a point for all rdeps, not only the low scoring ones Score += 1 + max(0, RDepScore) maybe replace 1 with PrioDepends/PrioRecommends as fitting Another possibility would be to add 3 to all scores to move them out of the negative area. (That would also distinguish scores initilized to 0 (i.e. boring packages) and scored that added up to 0 (i.e. interesting packages) because that can no longer happen). As I said above, I'd like to test your preferred choice :-) Andreas PS: The next interesting point to analyze are the problems with the libjpeg-dev transition (a virtual package that moved from libjpeg62-dev to libjpeg8-dev) that is currently solved miserably by apt/squeeze - usually preferring to keep libjpeg62-dev/squeeze instead of installing libjpeg8-dev/wheezy. So far I only have 12000 of of 28000 packages tested and the libjpeg-dev dependencies seem to come later ... and that problem could be related to the current one.Attachment: hangul.log.gz
Description: GNU Zip compressed data
--- End Message ---
--- Begin Message ---
- To: 699759-close@bugs.debian.org
- Subject: Bug#699759: fixed in apt 0.9.8
- From: Michael Vogt <mvo@debian.org>
- Date: Wed, 08 May 2013 17:03:09 +0000
- Message-id: <E1Ua7ll-0005UW-6S@franck.debian.org>
Source: apt Source-Version: 0.9.8 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699759@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt <mvo@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 08 May 2013 18:43:28 +0200 Source: apt Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all amd64 Version: 0.9.8 Distribution: unstable Urgency: low Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - commandline package manager apt-doc - documentation for APT apt-transport-https - https download transport for APT apt-utils - package managment related utility programs libapt-inst1.5 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg4.12 - package managment runtime library Closes: 154868 322074 620344 651640 699759 704653 704723 705087 705648 Changes: apt (0.9.8) unstable; urgency=low . [ Ludovico Cavedon ] * properly handle if-modfied-since with libcurl/https (closes: #705648) . [ Andreas Beckman ] * apt-pkg/algorithms.cc: - Do not propagate negative scores from rdepends. Propagating the absolute value of a negative score may boost obsolete packages and keep them installed instead of installing their successors. (Closes: #699759) . [ Michael Vogt ] * apt-pkg/sourcelist.cc: - fix segfault when a hostname contains a [, thanks to Tzafrir Cohen (closes: #704653) * debian/control: - replace manpages-it (closes: #704723) . [ David Kalnischkies ] * various simple changes to fix cppcheck warnings * apt-pkg/pkgcachegen.cc: - do not store the MD5Sum for every description language variant as it will be the same for all so it can be shared to save cache space - handle language tags for descriptions are unique strings to be shared - factor version string creation out of NewDepends, so we can easily reuse version strings e.g. for implicit multi-arch dependencies - equal comparisions are used mostly in same-source relations, so use this to try to reuse some version strings - sort group and package names in the hashtable on insert - share version strings between same versions (of different architectures) to save some space and allow quick comparisions later on * apt-pkg/pkgcache.cc: - assume sorted hashtable entries for groups/packages * apt-pkg/cacheiterators.h: - provide DepIterator::IsSatisfied as a nicer shorthand for DepCheck * apt-pkg/deb/debversion.cc: - add a string-equal shortcut for equal version comparisions . [ Marc Deslauriers ] * make apt-ftparchive generate missing deb-src hashes (LP: #1078697) . [ Yaroslav Halchenko ] * Fix English spelling error in a message ('A error'). Unfuzzy translations. Closes: #705087 . [ Programs translations ] * French translation completed (Christian Perrier) . [ Manpages translations ] * French translation completed (Christian Perrier) . [ Daniel Hartwig ] * apt-pkg/contrib/strutl.cc: - include port in shortened URIs (e.g. with apt-cache policy, progress display) thanks to James McCoy (Closes: #154868, #322074) - percent-encode username and password when writing URIs * methods/http.cc: - properly escape IP-literals (e.g. IPv6 address) when building Host headers and URIs (Closes: #620344) * methods/https.cc: - use https_proxy environment variable if present, falling back to http_proxy otherwise - use authentication credentials from proxy URI (Closes: #651640, LP: #1087512) - environment variables do not override an explicit no proxy directive ("DIRECT") in apt.conf - disregard all_proxy environment variable, like other methods Checksums-Sha1: 116360c77f1f8c54891b327d39acf363a41261bc 1682 apt_0.9.8.dsc 5b76a6358b11ab485dbef2bc16ba5328cdea7948 3500796 apt_0.9.8.tar.gz 89461f552f12ee6f0274855736a8a588bc47948a 290444 apt-doc_0.9.8_all.deb 3cb37e9e8382c3abb1525b9e3e891f15475b17c6 964930 libapt-pkg-doc_0.9.8_all.deb 4883ad8769334cec21be7b811ee4825860cd7ed7 896220 libapt-pkg4.12_0.9.8_amd64.deb 7f5f6ab632bb27d7ca22051c95588136c49ff9bd 168314 libapt-inst1.5_0.9.8_amd64.deb 43bc95f409d0e949506b759b78c638b746ad7d5e 1313098 apt_0.9.8_amd64.deb 0796669c1b3a13e0d78397e2351b35e2bcd6f146 189842 libapt-pkg-dev_0.9.8_amd64.deb 9d7dabe9ea311a2b7ae69d0cb63c5860e33755e8 389146 apt-utils_0.9.8_amd64.deb f1a5ca9a3a3e69786789da741549a24408a885a1 110600 apt-transport-https_0.9.8_amd64.deb Checksums-Sha256: e27e8507f97cc1a3e8f2cfd9a3a488fec1af4559a87c19b27eb950275c4db475 1682 apt_0.9.8.dsc 91937aff743892892949e54d0329496ddbfb6181d126406a05f6762cdbbab594 3500796 apt_0.9.8.tar.gz 1b266da0a5ddcd9015e4475507399371fee4b4b282a18f2c6ba004d4a5ce0af3 290444 apt-doc_0.9.8_all.deb 0864bba06d93ae00b65f469ed8a25b5d0562a50477515a1af0d640e7e562d521 964930 libapt-pkg-doc_0.9.8_all.deb adedd7b43c0eb542b7137071ecaf8a27c363618d483a6a9364ba73c5fa05baca 896220 libapt-pkg4.12_0.9.8_amd64.deb 899892c2bf8daac6da30da3be265c15a5e3959d94ec3be3a8352f047238d8562 168314 libapt-inst1.5_0.9.8_amd64.deb dbccf49f58e0d9de654566dd913a25db2bc5989cb356ed98be6450f7c0b9fcec 1313098 apt_0.9.8_amd64.deb a8e67828dd4426ea11943970e63908e5c435a9aac126ef8f4c076364e9933b44 189842 libapt-pkg-dev_0.9.8_amd64.deb fe2c2b0eb57e8cf0721f5c1075e01a81833a668331206628787ca12439b334af 389146 apt-utils_0.9.8_amd64.deb 9dc84186723b66b7b335b3e149fefe61b1c5b7c8e759633c09a262b784965fd3 110600 apt-transport-https_0.9.8_amd64.deb Files: ca35aee225910dec2e3cb19df376cd71 1682 admin important apt_0.9.8.dsc 90aa29992d8b8a43885c6a28ccf507d4 3500796 admin important apt_0.9.8.tar.gz bc44fced1b97e5ef24d807fcf777646a 290444 doc optional apt-doc_0.9.8_all.deb 71b09b35661f93f5c8e9f87e71fb10fd 964930 doc optional libapt-pkg-doc_0.9.8_all.deb 6a813bfe8a601fa320b936b0ee716efc 896220 libs important libapt-pkg4.12_0.9.8_amd64.deb e79d8e6799a69d8a9939629780109c3c 168314 libs important libapt-inst1.5_0.9.8_amd64.deb b627de5b3fe06182475120d008ad3773 1313098 admin important apt_0.9.8_amd64.deb 829606dd9ec7e0cdad7080232eabfc9d 189842 libdevel optional libapt-pkg-dev_0.9.8_amd64.deb 623d0730b1d36443a3341e79371ab67b 389146 admin important apt-utils_0.9.8_amd64.deb 09d97f139dba326bc8ba0412b3a0648b 110600 admin optional apt-transport-https_0.9.8_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGKgy4ACgkQliSD4VZixzSsWwCeILYp85ky0KJWPqr+W67M7uXq Hw0An2jzGjzbOQtOkiQA7+OGa5wQoIWC =tem2 -----END PGP SIGNATURE-----
--- End Message ---