[Aptitude-devel] Bug#745425: aptitude: dependency handling jammed on chromium upgrade
Manuel A. Fernandez Montecelo
manuel.montezelo at gmail.com
Sat Sep 12 23:03:28 UTC 2015
Control: tags -1 + moreinfo
Hi Edward,
Sorry that this was not handled earlier, maybe now you don't even
remember the details, but I'll have a shot at it...
2014-04-21 14:20 Edward Welbourne:
>Package: aptitude
>Version: 0.6.10-1
>Severity: normal
>
>Dear Maintainer,
>
>I'm on testing. I have chromium installed. I use the browser. I do
>not use the inspector. None the less, chromium declares that it depends
>on chromium-inspector, which is thus installed. Recently (around the
>time of heartbleed) there has come a security upgrade for
>chromium-inspector. This upgrade conflicts (in some way, I couldn't see
>how) with the existing version of chromium. Aptitude reported a
>conflict and offered to resolve it by uninstalling chromium (which I
>want) or keeping chromium-inspector (which I don't consciously use; and
>wouldn't have any use for at all without chromium) at its old version
>(which, apparently, means retaining a known security bug on my system).
>If chromium actually does use inspector, without my being aware of it,
>this is a security problem, that I can't fix other than by uninstalling
>chromium (at which point I may as well uninstall its inspector).
>
>[Aside (for the chromium maintainer): I do not think it makes sense for
>chromium (the browser) to depend on (i.e. force installation of)
>chromium-inspector if, in fact, it is possible to browse without this
>tool for web developers. It would make sense for chromium-inspector to
>depend on chromium, and for chromium to Suggest or Recommend its
>inspector, but the present Depends seems misguided (regardless of the
>situation, above, that has brought it to my attention).]
Note: this bug was reported to aptitude, without copy to the chromium
maintainers, so unless you submitted a bug report for them at the time,
they are very unlikely to have read what you wrote above.
>dpkg -l 'chromium*' says (once I set COLUMNS to 120 to see full version
>information): <quote>
>
>Desired=Unknown/Install/Remove/Purge/Hold
>| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>||/ Name Version Architecture Description
>+++-========================-=================-=================-=====================================================
>ii chromium 33.0.1750.152-1 amd64 Chromium web browser
>un chromium-codecs-ffmpeg <none> <none> (no description available)
>un chromium-codecs-ffmpeg-e <none> <none> (no description available)
>ii chromium-inspector 33.0.1750.152-1 all page inspector for the Chromium browser
>un chromium-l10n <none> <none> (no description available)
>un chromium-testsuite <none> <none> (no description available)
>
></quote>
>
>In aptitude, I did see a version 34.0.1847.116-1~deb7u1 listed for
>chromium; but attempting to mark the installed version for deletion and
>this new version for installation does not work: it merely marks the
>33.0... version to be kept installed, with the attendant conflict with
>its own inspector.
>
>I kept inspector at its old version and assumed a compatible version of
>chromium would show up sooner or later. After about a week, I tried
>again; nothing had changed. Same conflict, same offered resolutions.
>
>Eventually, I uninstalled both packages, then installed chromium afresh.
>The above dpkg command now reports <quote>
>
>Desired=Unknown/Install/Remove/Purge/Hold
>| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>||/ Name Version Architecture Description
>+++-========================-=================-=================-=====================================================
>ii chromium 33.0.1750.152-1 amd64 Chromium web browser
>un chromium-codecs-ffmpeg <none> <none> (no description available)
>un chromium-codecs-ffmpeg-e <none> <none> (no description available)
>ii chromium-inspector 33.0.1750.152-1 all page inspector for the Chromium browser
>un chromium-l10n <none> <none> (no description available)
>un chromium-testsuite <none> <none> (no description available)
>
></quote> unchanged ! I am unable to make sense of what aptitude was
>complaining about or why purging and reinstalling has (apparently) fixed
>the alleged problem.
>From what you paste above (I don't know if it's correct), I don't see
any obvious problem. If chromium cannot be upgraded from 33 to 34
because it depends on another version of chromium-inspector, but the
current versions (33) of both are compatible, and you remove and install
again the same 33 old versions (which are compatible), aptitude does not
complain about it and you end up with the same state as before.
Behaviour expected.
I thought that you wanted to install version 34 of both (or at least the
browser itself). But if after reinstalling you ended up with version 33
for both and you are happy with that, rather than being able to upgrade
to v 34... I am afraid that I don't understand what's exactly the
complaint, or why your complaint doesn't include not being able to end
up with the browser at v 34.
>I was wary of uninstall and reinstall, since this would purge the old
>version of inspector, leaving me without the option of keeping it at its
>old version; so, if the conflict had still been present, it would have
>been unresolvable (other than by leaving chromium uninstalled). That
>this turned out not to be the case is incidental: in order to make the
>decision to attempt this course of action, I had to accept the
>possibility that I would be left without chromium. The package manager
>should not force me into such a choice when there is, in fact, no
>problem at all !
As I said, either I don't understand the problem correctly, or I don't
see the problem with aptitude in this case.
If for upgrading both to v 34 you had to remove both and install them
again, rather than upgrading within aptitude, I understand the
complaint; but removing and installing both at v 33 and that working
fine is expected behaviour.
Anyway, you were using testing and stable, and looking at the version
numbers of the changelog for both releases (URLs below), you were using
33.0.1750.152-1 at the time (from testing), while 34.0.1847.116-1~deb7u1
was the version in stable at the time (oldstable now). ~deb7 is the
clue here, that package version was targetting Wheezy and compiled
against the libraries in Wheezy, not testing (future Jessie).
Probably, you could have upgraded from 33.0.1750.152-1 to
34.0.1847.116-1 or 34.0.1847.116-2 (the versions in testing on the day
that you submitted the report), you don't mention them. Maybe you don't
recall them by now, but do you know why you tried the version with
~deb7u1 rather than the ones without that?
Probably, what aptitude did not like was attempting to upgrade to
34.0.1847.116-1~deb7u1, because some/most of your system was in testing,
so there would be lots of incompatibilities (chromium depends on
loooooots of libraries, so if any of those libraries had been upgraded
to the version in testing, maybe installing 34.0.1847.116-1~deb7u1 from
stable would not have been an option unless you downgraded video and
audio codecs, GTK/GNOME apps and libraries from X as well).
So I am not sure about what went wrong in your case, but what you
described so far doesn't is not enough to try to identify an problem
with aptitude behaviour itself.
http://metadata.ftp-master.debian.org/changelogs/main/c/chromium-browser/stable_changelog
http://metadata.ftp-master.debian.org/changelogs/main/c/chromium-browser/oldstable_changelog
Cheers.
--
Manuel A. Fernandez Montecelo <manuel.montezelo at gmail.com>
More information about the Aptitude-devel
mailing list