Your message dated Wed, 05 Jun 2013 23:17:05 +0000 with message-id <E1UkMwz-0004mF-Nn@franck.debian.org> and subject line Bug#699759: fixed in apt 0.9.7.9 has caused the Debian Bug report #699759, regarding apt: score computation may prefer obsolete installed packages over their successors to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 699759: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699759 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apt: score computation may prefer obsolete installed packages over their successors
- From: Andreas Beckmann <anbe@debian.org>
- Date: Mon, 04 Feb 2013 18:58:40 +0100
- Message-id: <20130204175840.19922.20621.reportbug@cake.ae.cs.uni-frankfurt.de>
Package: apt Version: 0.9.7.7 Severity: serious Hi, there is a problem in apt's score computation (algorithms.cc, MakeScores()) w.r.t. to the negative scores for "optional" and "extra" packages. Adding abs(negative score) to some package may give in incorrect boost to that package. Setting severity to serious as this should be fixed (and this seems possible in a rather non-intrusive way) for wheezy, so that the fix will be available for the wheezy->jessie upgrades in the future. Note that I rebuilt (and slightly patched (to output non-boring packages with score 0)) apt/sid for squeeze to have the "new" apt perform the distupgrade from squeeze to wheezy - to see whether this works better than squeeze's old apt - and to find problems still existing. I consider any "kept back" during a distupgrade from any valid subset of squeeze packages to wheezy as a "problem". Or an attempt to remove the package to be tested if that still exists and is installable in wheezy. I have a local piuparts instance running for this setup, so I could easily check the effect of a fix on a large portion of the archive by testing it on squeeze->wheezy upgrades. One of the first problems I noticed was apt preferring to keep back libhangul-dev instead of kicking out libhangul0, libhangul0-data and installing libhangul1, libhangul-data. Setup is a minimal squeeze system with no recommends and libhangul-dev installed, there 'apt-get dist-upgrade' to wheezy is being run. >From the attached log: 2 liblzma2 [ amd64 ] < 5.0.0-2 > ( libs ) 1 uuid-runtime [ amd64 ] < none -> 2.20.1-5.3 > ( libs ) 1 libldap-2.4-2 [ amd64 ] < none -> 2.4.31-1 > ( libs ) 1 bsdmainutils [ amd64 ] < none -> 9.0.3 > ( utils ) 1 psmisc [ amd64 ] < none -> 22.19-1+deb7u1 > ( admin ) 1 apt-utils [ amd64 ] < none -> 0.9.7.7 > ( admin ) 1 awk [ amd64 ] < none > ( none ) * 1 libhangul0-data [ amd64 ] < 0.0.11-2 > ( libs ) 1 libgpm2 [ amd64 ] < none -> 1.20.4-6 > ( libs ) 1 libpng12-0 [ amd64 ] < none -> 1.2.49-1 > ( libs ) 1 bash-completion [ amd64 ] < none -> 1:2.0-1 > ( shells ) 1 libdb4.8 [ amd64 ] < 4.8.30-2 > ( libs ) 1 gnupg-curl [ amd64 ] < none -> 1.4.12-7 > ( utils ) * 0 libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs ) 0 gcc-4.4-base [ amd64 ] < 4.4.5-8 -> 4.4.7-2 > ( libs ) 0 libsemanage-common [ amd64 ] < none -> 2.1.6-6 > ( libs ) * 0 libhangul-dev [ amd64 ] < 0.0.11-2 -> 0.1.0-2 > ( libdevel ) 0 libustr-1.0-1 [ amd64 ] < none -> 1.0.4-3 > ( libs ) * 0 libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs ) * -1 libhangul0 [ amd64 ] < 0.0.11-2 > ( libs ) Starting 2 Investigating (0) libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs ) Broken libhangul-data:amd64 Conflicts on libhangul0-data [ amd64 ] < 0.0.11-2 > ( libs ) Considering libhangul0-data:amd64 1 as a solution to libhangul-data:amd64 0 Holding Back libhangul-data:amd64 rather than change libhangul0-data:amd64 Investigating (0) libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs ) Broken libhangul1:amd64 Depends on libhangul-data [ amd64 ] < none -> 0.1.0-2 > ( libs ) (>= 0.1.0-2) Considering libhangul-data:amd64 0 as a solution to libhangul1:amd64 0 Holding Back libhangul1:amd64 rather than change libhangul-data:amd64 Investigating (1) libhangul-dev [ amd64 ] < 0.0.11-2 -> 0.1.0-2 > ( libdevel ) Broken libhangul-dev:amd64 Depends on libhangul1 [ amd64 ] < none -> 0.1.0-2 > ( libs ) (= 0.1.0-2) Considering libhangul1:amd64 0 as a solution to libhangul-dev:amd64 0 Holding Back libhangul-dev:amd64 rather than change libhangul1:amd64 Try to Re-Instate (2) libhangul-dev:amd64 Done The following NEW packages will be installed: gcc-4.7-base libdb5.1 liblzma5 libmount1 libpam-modules-bin libsemanage-common libsemanage1 libtinfo5 libustr-1.0-1 multiarch-support The following packages have been kept back: libhangul-dev The following packages will be upgraded: The dependency chains are: squeeze: libhangul-dev -> libhangul0 -> libhangul0-data wheezy: libhangul-dev -> libhangul1 -> libhangul-data Let me try to compute the scores manually after reading algorithms.cc MakeScores(): First round (initialization): libhangul-dev => 0 -1 optional 1 installed and not obsolete libhangul0 => -1 -1 optional 0 installed but obsolete libhangul0-data => 0 -1 optional 0 installed but obsolete 1 rdepends (libhangul0) libhangul1 => 0 -1 optional 0 not installed 1 rdepends (libhangul-dev) libhangul-data => 0 -1 optional 0 not installed 1 rdepends (libhangul1) Second round (one level propagation): libhangul-dev => 0 0 round 1 0 no rdepends libhangul0 => -1 -1 round 1 0 no rdepends libhangul0-data => 1 0 round 1 1 libhangul0: abs(-1) libhangul1 => 0 0 round 1 0 libhangul-dev libhangul-data => 0 0 round 1 0 libhangul1 Oops, now libhangul0-data (1) is more valuable than libhangul-data (0) The flaw is here: Scores[I->ID] += abs(OldScores[D.ParentPkg()->ID]); as "optional" leaf packages will have a score of -1 - and even worse, "extra" leaf packages will have a score of -2. Running abs() on this gives a boost to the wrong packages. Suggestions for alternative propagation functions: // current and wrong Score += abs(RDepScore) // ignore negatives, they already contributed // PrioDepends/PrioRecommends to our score Score += max(0, RDepScore) // ignore negatives, but give another point for the rdep Score += max(1, RDepScore) // give a point for all rdeps, not only the low scoring ones Score += 1 + max(0, RDepScore) maybe replace 1 with PrioDepends/PrioRecommends as fitting Another possibility would be to add 3 to all scores to move them out of the negative area. (That would also distinguish scores initilized to 0 (i.e. boring packages) and scored that added up to 0 (i.e. interesting packages) because that can no longer happen). As I said above, I'd like to test your preferred choice :-) Andreas PS: The next interesting point to analyze are the problems with the libjpeg-dev transition (a virtual package that moved from libjpeg62-dev to libjpeg8-dev) that is currently solved miserably by apt/squeeze - usually preferring to keep libjpeg62-dev/squeeze instead of installing libjpeg8-dev/wheezy. So far I only have 12000 of of 28000 packages tested and the libjpeg-dev dependencies seem to come later ... and that problem could be related to the current one.Attachment: hangul.log.gz
Description: GNU Zip compressed data
--- End Message ---
--- Begin Message ---
- To: 699759-close@bugs.debian.org
- Subject: Bug#699759: fixed in apt 0.9.7.9
- From: Michael Vogt <mvo@debian.org>
- Date: Wed, 05 Jun 2013 23:17:05 +0000
- Message-id: <E1UkMwz-0004mF-Nn@franck.debian.org>
Source: apt Source-Version: 0.9.7.9 We believe that the bug you reported is fixed in the latest version of apt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699759@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Vogt <mvo@debian.org> (supplier of updated apt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 04 Jun 2013 11:24:15 +0200 Source: apt Binary: apt libapt-pkg4.12 libapt-inst1.5 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https Architecture: source all amd64 Version: 0.9.7.9 Distribution: stable Urgency: low Maintainer: APT Development Team <deity@lists.debian.org> Changed-By: Michael Vogt <mvo@debian.org> Description: apt - commandline package manager apt-doc - documentation for APT apt-transport-https - https download transport for APT apt-utils - package managment related utility programs libapt-inst1.5 - deb package format runtime library libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst libapt-pkg-doc - documentation for APT development libapt-pkg4.12 - package managment runtime library Closes: 699759 705648 Changes: apt (0.9.7.9) stable; urgency=low . [ Ludovico Cavedon ] * properly handle if-modfied-since with libcurl/https (closes: #705648) . [ Andreas Beckman ] * apt-pkg/algorithms.cc: - Do not propagate negative scores from rdepends. Propagating the absolute value of a negative score may boost obsolete packages and keep them installed instead of installing their successors. (Closes: #699759) Checksums-Sha1: 5ce1d659b835b45a0e1b6952124287a46420a8a2 1696 apt_0.9.7.9.dsc bcc38d7dd4e93f21f5e95bdc63b057f85b62cda1 3397270 apt_0.9.7.9.tar.gz f16195abfea61e088984af74a9216ff99825286c 262488 apt-doc_0.9.7.9_all.deb 35230a59a197d2633d20ef42c09d99e102976608 960044 libapt-pkg-doc_0.9.7.9_all.deb 6d9436914485986f7a8f21a66421ab07314fd91d 897002 libapt-pkg4.12_0.9.7.9_amd64.deb b8f44ae7c300d4d11895a0b0f14ff1c16c628965 166610 libapt-inst1.5_0.9.7.9_amd64.deb 6a271487ceee6f6d7bc4c47a8a16f49c26e4ca04 1253524 apt_0.9.7.9_amd64.deb a25c18a083f23193ca069cb14974ed3b5b68fb09 186754 libapt-pkg-dev_0.9.7.9_amd64.deb 57950f083a74849cb380bc6f1da4870a02702704 377312 apt-utils_0.9.7.9_amd64.deb b498a3e620f648b2d3b9901ee6a33565e2aeedb2 108550 apt-transport-https_0.9.7.9_amd64.deb Checksums-Sha256: f669d1e7a019446bda1aa370f667d0f23ada7c5f2b408d54d47d180426b235f1 1696 apt_0.9.7.9.dsc 062084d8bde5e1ac7219e1de21342f1bc3c0a028e87ce0a4fa6efe845462e6b6 3397270 apt_0.9.7.9.tar.gz fffdf20273b98aa0c9f40bed8b1e560120d24be6289c4d36161b6f2800157b86 262488 apt-doc_0.9.7.9_all.deb 36e8a1508cd74098cfeb7e41052bd1b3f46c7999ac965cec3d0893262941929a 960044 libapt-pkg-doc_0.9.7.9_all.deb 32ac1e812247d716287b476513c475be7457d58ad85c77732c30ed001de48916 897002 libapt-pkg4.12_0.9.7.9_amd64.deb 8f3bfa84d47fbb2983d5801b526102eb262742ca6a78c452c26e55025e605edc 166610 libapt-inst1.5_0.9.7.9_amd64.deb 3bba3b15fb5ace96df052935d7069e0d21ff1f5b496510ec9d2dc939eefad104 1253524 apt_0.9.7.9_amd64.deb 8eba032573f9a949e9e24715975af5839cadddcd11d872b07f4292114bf5e132 186754 libapt-pkg-dev_0.9.7.9_amd64.deb b7b12eb0e23c13da27a736718741d940d4e80c140e23c312e327d33c5561de5b 377312 apt-utils_0.9.7.9_amd64.deb b4de1480e324ce1dbbc695f8472882a1b4d9f86783ed3d619e6820e58a232fe6 108550 apt-transport-https_0.9.7.9_amd64.deb Files: ba017b6f709ef689efb8830ba8e3ae09 1696 admin important apt_0.9.7.9.dsc 4b992b556ad179d51ab524befc09d182 3397270 admin important apt_0.9.7.9.tar.gz 446954b76e7c45d9faddf9537a59accc 262488 doc optional apt-doc_0.9.7.9_all.deb c64cbd436eaf9194a68bc4621c9ceb6a 960044 doc optional libapt-pkg-doc_0.9.7.9_all.deb 533c2811532dca6a643c061136096daf 897002 libs important libapt-pkg4.12_0.9.7.9_amd64.deb f33e9b2c342a376a973c763e8cd89075 166610 libs important libapt-inst1.5_0.9.7.9_amd64.deb 00a128b2eb2b08f4ecee7fe0d7e3c1c4 1253524 admin important apt_0.9.7.9_amd64.deb e46ff3a3365ff751b7619046bf5718e9 186754 libdevel optional libapt-pkg-dev_0.9.7.9_amd64.deb dcdc35df8ee7b21564ca8bc30955cb01 377312 admin important apt-utils_0.9.7.9_amd64.deb d6fe788d79df8d147c61ef46db4c1ed9 108550 admin optional apt-transport-https_0.9.7.9_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEUEARECAAYFAlGtwOsACgkQliSD4VZixzTxWgCYsm4tGD/MWTJxRQ0CUJ5zBSqb LQCeOeKz+05LKShfXJyk7gdpVUjpYBk= =GTFG -----END PGP SIGNATURE-----
--- End Message ---