Re: apt-get chosing packages that don't match depend constraints

To: "J.T. Conklin" <jtc@acorntoolworks.com>
Cc: deity@lists.debian.org
Subject: Re: apt-get chosing packages that don't match depend constraints
From: Julian Andres Klode <jak@debian.org>
Date: Fri, 8 Jan 2016 17:13:57 +0100
Message-id: <[🔎] 20160108170922.GA8859@debian.org>
Mail-followup-to: "J.T. Conklin" <jtc@acorntoolworks.com>, deity@lists.debian.org
In-reply-to: <[🔎] 87d1tcqz6r.fsf@wopr.acorntoolworks.com>
References: <[🔎] 87d1tcqz6r.fsf@wopr.acorntoolworks.com>

On Fri, Jan 08, 2016 at 02:59:24AM -0500, J.T. Conklin wrote:
> At my workplace, we use semantic versioning (http://semver.org) to
> help manage package dependencies.  Each of our package's Depends list
> has both a floor and a ceiling set for each dependent packages. For
> example, if version 1.0.0 of package "foo" is compatible with the API
> from versions >= 1.0.0 and << 2.0.0 of package "bar", both the bounds
> will be specified in foo's control file.
> 
> Unfortunately, this is not working as expected. When the package
> repository has versions 1.0.0, 2.0.0, and 3.0.0 of package "bar",
> "apt-get install foo=1.0.0" is not selecting a version of "bar" which
> matches the contstraints specify by foo-1.0.0's Depends list. Instead
> it appears to select the latest version, 3.0.0, only to complain that
> it does not match the constraints.

This is to be expected. APT only has *one* candidate version per package
as determined by pinning.

> With that background, a couple of questions:
> 
>   * How much of a mismatch are my expectations of how apt-get should
>     behave?  This seems like a use case that apt-get should be able
>     to "solve" itself.

You could forward choices like those like pkg/archive does, but that
does not work reliably always either in my experience.

> 
>   * Are there any alternate ways to accomplish this?
> 
>     Whenever someone breaks a API and bumps the major version number
>     of a package we go through enormous pain until all packages that
>     use that component are updated. I forsee this getting worse. Very
>     soon we'll need to support multiple parallel development streams.

You could use an external APT solver like aspcud with 
	--solver aspcud -o APT::Solver::Strict-Pinning=false

IIRC, aspcud without strict pinning maximises the sum of all
pins.

-- 
Julian Andres Klode  - Debian Developer, Ubuntu Member

See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.

When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to (`inline'). Thank you.

Reply to:

References:
- apt-get chosing packages that don't match depend constraints
  - From: jtc@acorntoolworks.com (J.T. Conklin)

Prev by Date: apt-get chosing packages that don't match depend constraints
Next by Date: Bug#810365: [apt] Temporary failure resolving xxxx even when the network is up and running
Previous by thread: apt-get chosing packages that don't match depend constraints
Next by thread: Processed: severity of 810365 is wishlist
Index(es):
- Date
- Thread