Ticket #1112 (accepted defect)
Packages Doesn't Handle Dependencies for Multiple Repositories Correctly
Reported by: | https://www.google.com/accounts/o8/id?id=AItOawmPND9hLM-9OK1G8nL1xVVEEDXIbudo2IE | Owned by: | https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc |
---|---|---|---|
Priority: | minor | Milestone: | Bcfg2 1.4.0 Release |
Component: | bcfg2-server | Version: | 1.0 |
Keywords: | Cc: |
Description
If you backport a package into a custom repository that changes dependencies of release software the dependencies are not handled properly. It's a total edge case, but I'm going to try and give a reasonable example.
In lucid unixodbc depends on odbcinst1debian1. In precise unixodbc depends on odbcinst1debian2 which breaks odbcinst1debian1. If you have 2 repositories setup for Packages:
deb http://us.archive.ubuntu.org/ubuntu lucid deb http://apt.myco.com/ubuntu lucid
and apt.myco.com has a backported unixodbc bcfg2 will think unixodbc depends on both odbcinst1debian1 and odbcinst1debian2 and apt will always fail miserably. This blocks other packages from being installed by bcfg2.
Attachments
Change History
comment:1 Changed 11 years ago by https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc
- Owner changed from desai to https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc
- Status changed from new to accepted
comment:2 Changed 11 years ago by https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc
Fixed for yum in https://github.com/Bcfg2/bcfg2/commit/b2e860717ed5747b8d66187824a747d4794ed472
I lack the expertise to fix this for Apt or Pacman, so someone else will have to take that on.
To elaborate:
This issue is not specific to the Apt driver, but is built in to Packages itself. Packages only resolves dependencies by package name, not by version, so if you specify a particular version of a package in your bundle, Packages only ever sees the name, and will potentially resolve dependencies incorrectly.
There is a related issue, as well, which is that Packages only produces a list of package names that it has resolved, not versions, so it might potentially produce an incorrect list of dependencies. For instance, if the package "foo" required bar-1.1, but bar-1.2 was available, Bcfg2 would complain because the latest available package was not installed.
In summary: Packages needs to understand package versions, not just names. This is a monstrous change, but still needs to be done.