USC/APTURL allows a package installation to invisibly uninstall vital packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apturl |
New
|
Undecided
|
Unassigned | ||
software-center (Ubuntu) |
Triaged
|
High
|
Unassigned |
Bug Description
Update:
Bug #793318 has been made an alias of this bug without notifying here that it relates to APTURL and modifying this header.
A similar horror story happened invisibly after clicking an APTURL link in a Web page. In that example, it removed the communication manager to make restoring difficult.
The problem is doing the operations blindly, without showing what's happening. Removing Synaptic Packet Manager is also a similar problem.
Please add "Affects apturl (Ubuntu)" like in that page.
Original:
software-center 5.4.1.3, Ubuntu 12.10
I downloaded steam_latest.deb from steampowered.com, saved it, double clicked on it, and Software Center launched. It brought up the deb information page, I clicked Install, and Software Center proceeded to remove literally about half of the installed pacakges on my system (about 400), including things like unity, ubuntu-desktop, and, ironically, software-center itself. It eventually errored out (see attached log).
Using /var/log/
NB: To correct the apt error, I did "apt-get -f install". Then, after I apt-get installed the packages which were removed, steam was still installed, so it wasn't a dependency error which caused the packages to be removed. I have no idea why it actually happened.
<https:/
Changed in software-center (Ubuntu): | |
importance: | Undecided → High |
description: | updated |
summary: |
- USC allows a package installation to uninstall vital packages + USC/APTURL allows a package installation to invisibly uninstall vital + packages |
affects: | apturl → ubuntu |
Changed in ubuntu: | |
status: | New → Confirmed |
no longer affects: | ubuntu |
description: | updated |
I now know at least what the trigger was: I had upgraded cairo packages from raring on this quantal machine (see Bug #1073372), and steam ultimately depended on libcairo*:i386, and different versions of the same package cannot live on the same multiarch install. Still, software-center should have prevented the package from being installed, or at least warned that packages were about to be removed.