Bug#854554: dpkg: trigger problem with cracklib-runtime while upgrading libcrypt-cracklib-perl from jessie to stretch

Sat Apr 8 08:10:29 UTC 2017

Control: reassign -1 libcrypt-cracklib-perl 1.7-2
# beware, this is an RC bug!

[CC'ed cracklib2 & perl maintainers as it seems to be some "funny"
interaction between packages in their responsibility space.]

On Sat, Apr 08, 2017 at 04:50:15AM +0200, Guillem Jover wrote:
> [ Please see the bug archive for more context. ]
[…]
> > So the fault is in apt ... and that's jessie's version of apt that is
> > running the upgrade :-(
> > 
> > If I start the upgrade with upgrading only apt (and its dependencies)
> > and thereafter running the dist-upgrade (with squeeze's version of apt),
> > I cannot reproduce the bug.
> 
> Thanks for verifying! Reassigned now to apt.

So, given that apt works in newer versions there remains no action for
the apt team. The responsibility of making an upgrade work with whatever
we have got (bugs included) is by the individual package maintainer(s)
– simply because we (or the release team, or …) can't handle 50000
source packages in a reasonable way. [and upgrading apt/dpkg/others
first doesn't work all the time due to … wait for it … dependencies].

That said, we are happy to help of course. The basic idea of convincing
apt to do something it didn't do on its own is adding/removing
dependencies (mostly of the type Depends or Breaks/Conflicts) – that
tends to be helped by some "field knowledge" about the packages in
question which is why the maintainers are best, but given guessing and
creativity are involved anyone can help!

The easiest (although potentially time-consuming) way of finding the
right combination is to make a chroot with the "before upgrade" setup
(= as in the next step would be 'apt-get dist-upgrade' – so update
done), copy the entire chroot, modify the /var/lib/apt/lists/*Packages
file so that it has the "new" dependencies and run the dist-upgrade.
Repeat from copy until happy.

In your case you can potentially speed that up by looking at the output
of "-o Debug::pkgDpkgPm=1" – that shows how dpkg is called (it doesn't
call dpkg!) – which makes the iteration faster at the expense of you
trying to make sense of that: Having "--configure libcrack2" before the
other crack-related packages might be your target (see guess below).

Good luck & as said, ask if you are stuck (please provide the [lengthy]
output of -o Debug::pkgPackageManager=1 -o Debug::pkgDpkgPm=1). We are
reachable via deity at lists.debian.org or #debian-apt on IRC.

That said, educated guess follows:

Looks like apt acts on libcrypt-cracklib-perl early as it looks simple
enough (after upgrading perl) as the dependency on libcrack2 is already
satisfied at the start of the upgrade (as its a version before jessie).
As the dependencies of libcrack2 are very lightweight (just libc6 which
is done at that point) it might already work if you artificially require
a stretch-version here (= guess, not tested at all).

Best regards

David Kalnischkies, who is in a love-hate relationship with triggers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20170408/934a2fd0/attachment-0001.sig>