Packages Doesn't Handle Dependencies for Multiple Repositories Correctly

[https://www.google.com/accounts/o8/id?id=AItOawmPND9hLM-9OK1G8nL1xVVEEDXIbudo2IE]

If you backport a package into a custom repository that changes dependencies of release software the dependencies are not handled properly. It's a total edge case, but I'm going to try and give a reasonable example.

In lucid unixodbc depends on odbcinst1debian1. In precise unixodbc depends on odbcinst1debian2 which breaks odbcinst1debian1. If you have 2 repositories setup for Packages:

deb ​http://us.archive.ubuntu.org/ubuntu lucid deb ​http://apt.myco.com/ubuntu lucid

and apt.myco.com has a backported unixodbc bcfg2 will think unixodbc depends on both odbcinst1debian1 and odbcinst1debian2 and apt will always fail miserably. This blocks other packages from being installed by bcfg2.

[https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc]

To elaborate:

This issue is not specific to the Apt driver, but is built in to Packages itself. Packages only resolves dependencies by package name, not by version, so if you specify a particular version of a package in your bundle, Packages only ever sees the name, and will potentially resolve dependencies incorrectly.

There is a related issue, as well, which is that Packages only produces a list of package names that it has resolved, not versions, so it might potentially produce an incorrect list of dependencies. For instance, if the package "foo" required bar-1.1, but bar-1.2 was available, Bcfg2 would complain because the latest available package was not installed.

In summary: Packages needs to understand package versions, not just names. This is a monstrous change, but still needs to be done.

[https://www.google.com/accounts/o8/id?id=AItOawnSjgovXZr-_V3vGkvMSR0pc5LDykRc1Nc]

Fixed for yum in ​https://github.com/Bcfg2/bcfg2/commit/b2e860717ed5747b8d66187824a747d4794ed472

I lack the expertise to fix this for Apt or Pacman, so someone else will have to take that on.