Bug#699759: marked as done (apt: score computation may prefer obsolete installed packages over their successors)

To: Michael Vogt <mvo@debian.org>
Subject: Bug#699759: marked as done (apt: score computation may prefer obsolete installed packages over their successors)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 05 Jun 2013 23:21:10 +0000
Message-id: <[🔎] handler.699759.D699759.137047422621519.ackdone@bugs.debian.org>
References: <E1UkMwz-0004mF-Nn@franck.debian.org> <20130204175840.19922.20621.reportbug@cake.ae.cs.uni-frankfurt.de>

Your message dated Wed, 05 Jun 2013 23:17:05 +0000
with message-id <E1UkMwz-0004mF-Nn@franck.debian.org>
and subject line Bug#699759: fixed in apt 0.9.7.9
has caused the Debian Bug report #699759,
regarding apt: score computation may prefer obsolete installed packages over their successors
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
699759: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699759
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apt: score computation may prefer obsolete installed packages over their successors
From: Andreas Beckmann <anbe@debian.org>
Date: Mon, 04 Feb 2013 18:58:40 +0100
Message-id: <20130204175840.19922.20621.reportbug@cake.ae.cs.uni-frankfurt.de>

Package: apt
Version: 0.9.7.7
Severity: serious

Hi,

there is a problem in apt's score computation (algorithms.cc,
MakeScores()) w.r.t. to the negative scores for "optional" and "extra"
packages. Adding abs(negative score) to some package may give in
incorrect boost to that package.

Setting severity to serious as this should be fixed (and this seems possible
in a rather non-intrusive way) for wheezy, so that the fix will be
available for the wheezy->jessie upgrades in the future.

Note that I rebuilt (and slightly patched (to output non-boring packages
with score 0)) apt/sid for squeeze to have the "new" apt perform the
distupgrade from squeeze to wheezy - to see whether this works better
than squeeze's old apt - and to find problems still existing.

I consider any "kept back" during a distupgrade from any valid subset of
squeeze packages to wheezy as a "problem". Or an attempt to remove the
package to be tested if that still exists and is installable in wheezy.

I have a local piuparts instance running for this setup, so I could
easily check the effect of a fix on a large portion of the archive by
testing it on squeeze->wheezy upgrades.

One of the first problems I noticed was apt preferring to keep back
libhangul-dev instead of kicking out libhangul0, libhangul0-data and
installing libhangul1, libhangul-data.

Setup is a minimal squeeze system with no recommends and libhangul-dev
installed, there 'apt-get dist-upgrade' to wheezy is being run.

>From the attached log:

  2 liblzma2 [ amd64 ] < 5.0.0-2 > ( libs )
  1 uuid-runtime [ amd64 ] < none -> 2.20.1-5.3 > ( libs )
  1 libldap-2.4-2 [ amd64 ] < none -> 2.4.31-1 > ( libs )
  1 bsdmainutils [ amd64 ] < none -> 9.0.3 > ( utils )
  1 psmisc [ amd64 ] < none -> 22.19-1+deb7u1 > ( admin )
  1 apt-utils [ amd64 ] < none -> 0.9.7.7 > ( admin )
  1 awk [ amd64 ] < none > ( none )
* 1 libhangul0-data [ amd64 ] < 0.0.11-2 > ( libs )
  1 libgpm2 [ amd64 ] < none -> 1.20.4-6 > ( libs )
  1 libpng12-0 [ amd64 ] < none -> 1.2.49-1 > ( libs )
  1 bash-completion [ amd64 ] < none -> 1:2.0-1 > ( shells )
  1 libdb4.8 [ amd64 ] < 4.8.30-2 > ( libs )
  1 gnupg-curl [ amd64 ] < none -> 1.4.12-7 > ( utils )
* 0 libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs )
  0 gcc-4.4-base [ amd64 ] < 4.4.5-8 -> 4.4.7-2 > ( libs )
  0 libsemanage-common [ amd64 ] < none -> 2.1.6-6 > ( libs )
* 0 libhangul-dev [ amd64 ] < 0.0.11-2 -> 0.1.0-2 > ( libdevel )
  0 libustr-1.0-1 [ amd64 ] < none -> 1.0.4-3 > ( libs )
* 0 libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs )
* -1 libhangul0 [ amd64 ] < 0.0.11-2 > ( libs )
  Starting 2
  Investigating (0) libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs )
  Broken libhangul-data:amd64 Conflicts on libhangul0-data [ amd64 ] < 0.0.11-2 > ( libs )
    Considering libhangul0-data:amd64 1 as a solution to libhangul-data:amd64 0
    Holding Back libhangul-data:amd64 rather than change libhangul0-data:amd64
  Investigating (0) libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs )
  Broken libhangul1:amd64 Depends on libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs ) (>= 0.1.0-2)
    Considering libhangul-data:amd64 0 as a solution to libhangul1:amd64 0
    Holding Back libhangul1:amd64 rather than change libhangul-data:amd64
  Investigating (1) libhangul-dev [ amd64 ] < 0.0.11-2 -> 0.1.0-2 > ( libdevel )
  Broken libhangul-dev:amd64 Depends on libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs ) (= 0.1.0-2)
    Considering libhangul1:amd64 0 as a solution to libhangul-dev:amd64 0
    Holding Back libhangul-dev:amd64 rather than change libhangul1:amd64
   Try to Re-Instate (2) libhangul-dev:amd64
  Done
  The following NEW packages will be installed:
    gcc-4.7-base libdb5.1 liblzma5 libmount1 libpam-modules-bin
    libsemanage-common libsemanage1 libtinfo5 libustr-1.0-1 multiarch-support
  The following packages have been kept back:
    libhangul-dev
  The following packages will be upgraded:

The dependency chains are:

squeeze: libhangul-dev -> libhangul0 -> libhangul0-data
wheezy:  libhangul-dev -> libhangul1 -> libhangul-data

Let me try to compute the scores manually after reading algorithms.cc
MakeScores():

First round (initialization):

libhangul-dev => 0
  -1 optional
   1 installed and not obsolete

libhangul0 => -1
  -1 optional
   0 installed but obsolete

libhangul0-data => 0
  -1 optional
   0 installed but obsolete
   1 rdepends (libhangul0)

libhangul1 => 0
  -1 optional
   0 not installed
   1 rdepends (libhangul-dev)

libhangul-data => 0
  -1 optional
   0 not installed
   1 rdepends (libhangul1)

Second round (one level propagation):

libhangul-dev => 0
   0 round 1
   0 no rdepends

libhangul0 => -1
  -1 round 1
   0 no rdepends

libhangul0-data => 1
   0 round 1
   1 libhangul0: abs(-1)

libhangul1 => 0
   0 round 1
   0 libhangul-dev

libhangul-data => 0
   0 round 1
   0 libhangul1

Oops, now libhangul0-data (1) is more valuable than libhangul-data (0)

The flaw is here:

    Scores[I->ID] += abs(OldScores[D.ParentPkg()->ID]);

as "optional" leaf packages will have a score of -1 - and even worse,
"extra" leaf packages will have a score of -2. Running abs() on this
gives a boost to the wrong packages.

Suggestions for alternative propagation functions:

  // current and wrong
  Score += abs(RDepScore)

  // ignore negatives, they already contributed
  // PrioDepends/PrioRecommends to our score
  Score += max(0, RDepScore)

  // ignore negatives, but give another point for the rdep
  Score += max(1, RDepScore)

  // give a point for all rdeps, not only the low scoring ones
  Score += 1 + max(0, RDepScore)

  maybe replace 1 with PrioDepends/PrioRecommends as fitting

Another possibility would be to add 3 to all scores to move them out of
the negative area. (That would also distinguish scores initilized to 0
(i.e. boring packages) and scored that added up to 0 (i.e. interesting
packages) because that can no longer happen).

As I said above, I'd like to test your preferred choice :-)


Andreas

PS: The next interesting point to analyze are the problems with the
libjpeg-dev transition (a virtual package that moved from libjpeg62-dev
to libjpeg8-dev) that is currently solved miserably by apt/squeeze -
usually preferring to keep libjpeg62-dev/squeeze instead of installing
libjpeg8-dev/wheezy. So far I only have 12000 of of 28000 packages
tested and the libjpeg-dev dependencies seem to come later ... and that
problem could be related to the current one.

Attachment: hangul.log.gz
Description: GNU Zip compressed data

--- End Message ---

--- Begin Message ---

To: 699759-close@bugs.debian.org
Subject: Bug#699759: fixed in apt 0.9.7.9
From: Michael Vogt <mvo@debian.org>
Date: Wed, 05 Jun 2013 23:17:05 +0000
Message-id: <E1UkMwz-0004mF-Nn@franck.debian.org>

Source: apt
Source-Version: 0.9.7.9

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699759@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 04 Jun 2013 11:24:15 +0200
Source: apt
Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 0.9.7.9
Distribution: stable
Urgency: low
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description: 
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package managment related utility programs
 libapt-inst1.5 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg4.12 - package managment runtime library
Closes: 699759 705648
Changes: 
 apt (0.9.7.9) stable; urgency=low
 .
   [ Ludovico Cavedon ]
   * properly handle if-modfied-since with libcurl/https
     (closes: #705648)
 .
   [ Andreas Beckman ]
   * apt-pkg/algorithms.cc:
     - Do not propagate negative scores from rdepends. Propagating the absolute
       value of a negative score may boost obsolete packages and keep them
       installed instead of installing their successors.  (Closes: #699759)
Checksums-Sha1: 
 5ce1d659b835b45a0e1b6952124287a46420a8a2 1696 apt_0.9.7.9.dsc
 bcc38d7dd4e93f21f5e95bdc63b057f85b62cda1 3397270 apt_0.9.7.9.tar.gz
 f16195abfea61e088984af74a9216ff99825286c 262488 apt-doc_0.9.7.9_all.deb
 35230a59a197d2633d20ef42c09d99e102976608 960044 libapt-pkg-doc_0.9.7.9_all.deb
 6d9436914485986f7a8f21a66421ab07314fd91d 897002 libapt-pkg4.12_0.9.7.9_amd64.deb
 b8f44ae7c300d4d11895a0b0f14ff1c16c628965 166610 libapt-inst1.5_0.9.7.9_amd64.deb
 6a271487ceee6f6d7bc4c47a8a16f49c26e4ca04 1253524 apt_0.9.7.9_amd64.deb
 a25c18a083f23193ca069cb14974ed3b5b68fb09 186754 libapt-pkg-dev_0.9.7.9_amd64.deb
 57950f083a74849cb380bc6f1da4870a02702704 377312 apt-utils_0.9.7.9_amd64.deb
 b498a3e620f648b2d3b9901ee6a33565e2aeedb2 108550 apt-transport-https_0.9.7.9_amd64.deb
Checksums-Sha256: 
 f669d1e7a019446bda1aa370f667d0f23ada7c5f2b408d54d47d180426b235f1 1696 apt_0.9.7.9.dsc
 062084d8bde5e1ac7219e1de21342f1bc3c0a028e87ce0a4fa6efe845462e6b6 3397270 apt_0.9.7.9.tar.gz
 fffdf20273b98aa0c9f40bed8b1e560120d24be6289c4d36161b6f2800157b86 262488 apt-doc_0.9.7.9_all.deb
 36e8a1508cd74098cfeb7e41052bd1b3f46c7999ac965cec3d0893262941929a 960044 libapt-pkg-doc_0.9.7.9_all.deb
 32ac1e812247d716287b476513c475be7457d58ad85c77732c30ed001de48916 897002 libapt-pkg4.12_0.9.7.9_amd64.deb
 8f3bfa84d47fbb2983d5801b526102eb262742ca6a78c452c26e55025e605edc 166610 libapt-inst1.5_0.9.7.9_amd64.deb
 3bba3b15fb5ace96df052935d7069e0d21ff1f5b496510ec9d2dc939eefad104 1253524 apt_0.9.7.9_amd64.deb
 8eba032573f9a949e9e24715975af5839cadddcd11d872b07f4292114bf5e132 186754 libapt-pkg-dev_0.9.7.9_amd64.deb
 b7b12eb0e23c13da27a736718741d940d4e80c140e23c312e327d33c5561de5b 377312 apt-utils_0.9.7.9_amd64.deb
 b4de1480e324ce1dbbc695f8472882a1b4d9f86783ed3d619e6820e58a232fe6 108550 apt-transport-https_0.9.7.9_amd64.deb
Files: 
 ba017b6f709ef689efb8830ba8e3ae09 1696 admin important apt_0.9.7.9.dsc
 4b992b556ad179d51ab524befc09d182 3397270 admin important apt_0.9.7.9.tar.gz
 446954b76e7c45d9faddf9537a59accc 262488 doc optional apt-doc_0.9.7.9_all.deb
 c64cbd436eaf9194a68bc4621c9ceb6a 960044 doc optional libapt-pkg-doc_0.9.7.9_all.deb
 533c2811532dca6a643c061136096daf 897002 libs important libapt-pkg4.12_0.9.7.9_amd64.deb
 f33e9b2c342a376a973c763e8cd89075 166610 libs important libapt-inst1.5_0.9.7.9_amd64.deb
 00a128b2eb2b08f4ecee7fe0d7e3c1c4 1253524 admin important apt_0.9.7.9_amd64.deb
 e46ff3a3365ff751b7619046bf5718e9 186754 libdevel optional libapt-pkg-dev_0.9.7.9_amd64.deb
 dcdc35df8ee7b21564ca8bc30955cb01 377312 admin important apt-utils_0.9.7.9_amd64.deb
 d6fe788d79df8d147c61ef46db4c1ed9 108550 admin optional apt-transport-https_0.9.7.9_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAlGtwOsACgkQliSD4VZixzTxWgCYsm4tGD/MWTJxRQ0CUJ5zBSqb
LQCeOeKz+05LKShfXJyk7gdpVUjpYBk=
=GTFG
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: раскрутка сайта от 50 рублей
Next by Date: Bug#705648: marked as done (if-modfied-since undhandled case causes apt lists corruption)
Previous by thread: раскрутка сайта от 50 рублей
Next by thread: Bug#705648: marked as done (if-modfied-since undhandled case causes apt lists corruption)
Index(es):
- Date
- Thread