[Pkg-openssl-devel] Bug#1071431: libssl3t64: apt full-upgrade replaced libssl3:amd64 with libssl3t64:i386, breaking sudo…

[Jean-Guilhem Cailton]

Le 20/05/2024 à 10:11, Sebastian Andrzej Siewior a écrit :
> Okay. This was old testing -> new testing or Bookworm -> testing? Was
> this "apt upgrade && apt dist-upgrade" or just "apt dist-upgrade" ?

This was old testing -> new testing.
This was just "apt full-upgrade".

>> By looking in the full log for instances of other libraries that had both
>> :amd64 and :i386 versions, and that were going to be removed in spite of
>> apparent "dependency problems", I noticed that the installation of the
>> replacement t64:amd64 version sometimes happened much later than the
>> removal.
> Now that I think about it, you need both PostgreSQL version since you
> need to perform an update of the databse (to get it from 15 to 16).
postgresql-16 was already present, and was supposed to get upgraded from 
16.2-1 to 16.3-1.
Which apparently, according to the error messages quoted above, included 
running a pre-removal script, of which old and new versions both failed.

> Let me try to do this later and see what happens. But you have :i386 and
> :amd64 binaries. This shouldn't complicate the sitution much since sudo/
> systemd and so on depend on the amd64 library only.
> Anyway. I will try to spin a Bookworm VM with psql and then update to
> testing and check what happens during the update.
>
>> So, my understanding is that, unfortunately, the postgresql-16 install
>> script error interrupted the full-upgrade before libssl3t64:amd64 had been
>> installed, which left the system without the libcrypto.so.3 needed by both
>> systemctl and sudo...
> Correct. Usually a transition is something like libfoo1 -> libfoo2 where
> the package names changes and the name of .so file changes, too. In this
> t64 transition however only the package name changes while the library
> file itself remains the same. That means thr new (t64) package conflict with
> the older (non-t64) and both can't exists at the same time. dpkg then
> needs to break the system a bit where it removes libssl3 and later adds
> libssl3t64 to the system.
>

It seems to me that having both :i386 and :amd64 libraries increases the 
risk of failure, because of the many "apt" steps that can take place 
between the removal of old :amd64 (that may happen close to the 
treatment of the :i386 version, like here for libssl3) and install of 
t64:amd64. On the contrary, when only :amd64 is present, it seems that 
the replacement install closely follows the removal.

Jean-Guilhem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20240520/a867dee7/attachment-0001.htm>