[Pkg-rust-maintainers] Bug#936029: apt fails to resolve multiple levels of provides

Ximin Luo infinity0 at debian.org
Thu Aug 29 16:56:00 BST 2019 

Julian Andres Klode:
> On Thu, Aug 29, 2019 at 03:00:00PM +0000, Ximin Luo wrote:
>> [..]
>>
>> Julian Andres Klode:
>>> [..]
>>>
>>> This happens because librust-rand+default-dev depends on librust-rand-pcg-0.1+default-dev
>>> which is a virtual package provided by librust-rand-pcg-0.1-dev and
>>> librust-rand-pcg-dev.
>>>
>>> Depending on virtual packages that have more than one provider without specifying
>>> a preferred provider (e.g. librust-rand-pcg-dev|librust-rand-pcg-0.1+default-dev)
>>> is not correct.
>>>
>>> Please fix your packaging.
>>>
>>
>> Thanks for diagnosing. We forgot to upgrade rust-rand-pcg to version 0.2 when uploading rust-rand-pcg-0.1, and I have just done the former so the error should go away soon.
>>
>> If apt had printed more details about the error (e.g. at the minimum, an advisory note on how to enable the debugging output you 
>> gave above) then we could have diagnosed this issue without filing a bug report about it. So I'll reopen this bug report and retitle 
>> it for improving the error message.
> 
> That would be a bad user experience. Normal users don't trigger
> issues like that. Also, read the README - it's in there.
> 
> And in general: We do not accept "the solver is broken" as a bug report - if it fails
> to solve your problem, reformulate the problem until it can be solved. Fixing the solver
> is next to impossible, and it does not help you anyway, as you need it to work with apt
> in stable.
> 

Sometimes, as is the situation here, a workaround can be found in unstable. (Here, namely to upgrade one of the packages so it doesn't Provide the old version any more.) The underlying issue can still be fixed "properly" and eventually it will work its way to apt in stable.

I'm not sure why you think giving details in an error message would be "bad user experience". We (i.e. your users) are forced to file bug reports when we can't figure stuff out from the information given. Fixing this would save you yourself less work in responding to our bug reports.

Since it's Debian policy to install relevant docs in /usr/share/doc/apt, I had assumed there is no README when I didn't find it in that directory.

>>
>> It's also the first time I'm hearing about the restriction "Depending on virtual packages that have more than one provider without 
>> specifying a preferred provider (e.g. librust-rand-pcg-dev|librust rand-pcg-0.1+default-dev) is not correct." -- where is that 
>> documented? This should also be part of the error message.
>>
> 
> I don't think it's written anywhere, but the behavior is undefined. I mean, this does not
> need writing down - if you give it one name provided by two, nobody can tell you which
> package will get installed.

I don't see why that's a problem, and it's inherent in the meaning of "|". If it's a real problem, we should just remove the "|" syntax completely.

For build-dependencies, now we have buildinfo files that record the actual build-dependencies that were installed, so it's no longer a big deal there either. I worked full-time on Reproducible Builds on this very topic.

> For non-greedy solvers this works fine as it can recover from
> choices that don't lead anywhere, but apt is not smart enough to do that, and that's fine.
> 
> The rules for Depends: A | B - roughly: we try (in order)
> 
> (0) check if B is installed, if so, we are done
> (1) try to install the package named A
> (2) try to install a package providing A
> (3) try to install the package named B
> (4) try to install a package providing B
> 
> There are cases where this works better, so it's not always necessarily an
> issue - it's also not something we can really warn anyone about.
> 

Presumably backtracking results in exponential behaviour? Well, it should be straightforward and efficient to detect if there are multiple packages "providing A" in one of the nodes in the search-path leading up to any resolution failure?

Also I am not sure if this is aptitude's issue or apt's issue (since aptitude uses libapt), but with aptitude we get a more serious-looking error:

$ sudo aptitude install librust-rand+default-dev
[..]
The following packages have unmet dependencies:
 librust-rand-core-0.4-dev : Breaks: librust-rand-core-dev (< 0.4.1-~~) but it is not going to be installed
*** ERROR: search aborted by fatal exception.  You may continue
           searching, but some solutions will be unreachable.

I want to resolve dependencies, but no dependency resolver was created.The following NEW packages will be installed:
[..]

X

-- 
GPG: ed25519/56034877E1F87C35
GPG: rsa4096/1318EFAC5FBBDBCE
https://github.com/infinity0/pubkeys.git

More information about the Pkg-rust-maintainers mailing list