Backporting shibboleth-sp2 to wheezy

Etienne Dysli-Metref etienne.dysli-metref at switch.ch
Thu Jul 20 13:27:41 UTC 2017 

On 20/07/17 11:34, Ferenc Wágner wrote:
> Does piuparts create its own wheezy-backports-sloppy repo?

No, it just configures apt sources with the wheezy-backports-sloppy
repository, in addition to wheezy-backports and wheezy repositories.

> How does a simple 'apt-get upgrade' fail?

This is what I got after installing apache2 and libapache2-mod-shib2 in
a wheezy container then enabling "deb
http://pkg.switch.ch/switchaai/debian wheezy main" in apt sources
(that's SWITCH's package repository) which contains my 2.6.0 packages
(also based on branch edm/debian/wheezy-backports-sloppy):

# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  libapache2-mod-shib2 shibboleth-sp2-schemas
The following packages will be upgraded:
  opensaml2-schemas xmltooling-schemas
2 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
[... upgrades packages without error ...]

# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
  libfcgi0ldbl liblog4shib1 libsaml9 libshibsp-plugins libshibsp7
  libxml-security-c17 libxmltooling7 shibboleth-sp2-common
  shibboleth-sp2-utils
The following packages will be upgraded:
  libapache2-mod-shib2 shibboleth-sp2-schemas
2 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
[... upgrades packages without error ...]

# apt-get autoremove
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  liblog4cpp5 libsaml7 libshibsp5 libxml-security-c16 libxmltooling5
  shibboleth-sp2-schemas
0 upgraded, 0 newly installed, 6 to remove and 0 not upgraded.

>> So I'm probably missing some special piuparts option or I messed up a
>> dependency definition.
> 
> Well, I wonder how -d wheezy-backports-sloppy is useful in this case,
> since we've got no packages in that distribution (yet).  Besides, one
> doesn't dist-upgrade to backports, those aren't proper distributions.

Unfortunately, man piuparts(1) isn't very precise about `-d`: "Which
Debian distribution to use: a code name (for example jessie, stretch or
sid) or experimental. The default is sid (=unstable)."
I've noticed it does influence apt sources in the chroot
-d wheezy-backports-sloppy gets me wheezy-backports-sloppy,
wheezy-backports and wheezy
-d wheezy-backports gets me wheezy-backports and wheezy

I think I need both repositories for wheezy-backports and
wheezy-backports-sloppy in this case because 2.6.0 depends on other
backported Shibboleth packages that are already in the archive.

>> That should work now, as I said above. :) For this I used piuparts's
>> third test mode with `-d wheezy -d wheezy-backports -d wheezy-backports-sloppy`.
> 
> As above, what does -d wheezy-backports-sloppy achieve here?

When `-d` is given multiple times, piuparts "sets up the chroot with the
first distribution named, then upgrades it to each successive one, and
then remembers the directory tree state at the end. After this, it
starts over with the chroot of the first distribution, installs the
desired packages (via apt-get), and does the successive upgrading (via
apt-get dist-upgrade)."

> Thanks, this is starting to make sense.  It's the very first "install"
> step what fails, because wheezy-backports-sloppy does not contain
> libapache2-mod-shib2, so the -t wheezy-backports-sloppy APT option does
> not influence it, meaning that the wheezy version (2.4.3+dfsg-5+deb7u1)
> is selected for installation.  On the other hand, libshibsp-plugins is
> found in wheezy-backports only (2.5.3+dfsg-2~bpo70+1), so it's selected
> for installation as well, but these two conflict and you get the error.

I see, I must be misusing piuparts's options then... I've tried with
`--extra-repo` too (see below) and it didn't work so I'm quite puzzled. 8-/

> Use -d to specify the starting distribution (wheezy or wheezy-backports)
> only, and provide the changes file for the upgrade test.

I've tried with `-d wheezy` and `-d wheezy-backports` separately but it
doesn't even pass the install test, see attached logs. I've also tried
supplementing those with `--extra-repo` to provide
wheezy-backports-sloppy for dependencies but the install test still fails.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: piuparts_shibboleth-sp2_2.6.0+dfsg1-3_only_wheezy.log
Type: text/x-log
Size: 50489 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20170720/5e563276/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: piuparts_shibboleth-sp2_2.6.0+dfsg1-3_only_wheezy-backports.log
Type: text/x-log
Size: 52575 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20170720/5e563276/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20170720/5e563276/attachment-0001.sig>

More information about the Pkg-shibboleth-devel mailing list