Ubuntu
software-center package

USC/APTURL allows a package installation to invisibly uninstall vital packages

Bug #1110188 reported by Ryan Finnie
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apturl
New
Undecided
Unassigned
software-center (Ubuntu)
Triaged
High
Unassigned

Bug Description

Update:
Bug #793318 has been made an alias of this bug without notifying here that it relates to APTURL and modifying this header.
A similar horror story happened invisibly after clicking an APTURL link in a Web page. In that example, it removed the communication manager to make restoring difficult.
The problem is doing the operations blindly, without showing what's happening. Removing Synaptic Packet Manager is also a similar problem.
Please add "Affects apturl (Ubuntu)" like in that page.

Original:
software-center 5.4.1.3, Ubuntu 12.10

I downloaded steam_latest.deb from steampowered.com, saved it, double clicked on it, and Software Center launched. It brought up the deb information page, I clicked Install, and Software Center proceeded to remove literally about half of the installed pacakges on my system (about 400), including things like unity, ubuntu-desktop, and, ironically, software-center itself. It eventually errored out (see attached log).

Using /var/log/apt/history.log, I was able to restore the system's packages to their previous state, but Software Center shouldn't have allowed this to happen (whether or not the third-party .deb was actually at fault).

NB: To correct the apt error, I did "apt-get -f install". Then, after I apt-get installed the packages which were removed, steam was still installed, so it wasn't a dependency error which caused the packages to be removed. I have no idea why it actually happened.

<https://wiki.ubuntu.com/SoftwareCenter#installing>: "4. If installing the software would involve removing ubuntu-desktop, the package should be treated as uninstallable (just as it is with software updates). 5. If the relevant package cannot be installed, for that reason or any other, an error alert should appear..."

See original description
Revision history for this message
Ryan Finnie (fo0bar) wrote :
Revision history for this message
Ryan Finnie (fo0bar) wrote :
Revision history for this message
Ryan Finnie (fo0bar) wrote :

I now know at least what the trigger was: I had upgraded cairo packages from raring on this quantal machine (see Bug #1073372), and steam ultimately depended on libcairo*:i386, and different versions of the same package cannot live on the same multiarch install. Still, software-center should have prevented the package from being installed, or at least warned that packages were about to be removed.

Revision history for this message
Matthew Paul Thomas (mpt) wrote :

"Removing ubuntu-desktop ..."

This at least should have caused USC to cancel the installation before it even began. I have a design for this situation in Software Updater <https://wiki.ubuntu.com/SoftwareUpdates#uninstallable>, but it hadn't occurred to me that the same thing could happen with USC.

If you don't mind, I'll focus this bug report on the issue of installing anything that would remove vital components. Problems with the Steam package in particular are outside the control of Ubuntu developers.

summary: - Software Center removed half my system
+ USC allows a package installation to uninstall vital packages
Changed in software-center (Ubuntu):
status: New → Confirmed
assignee: nobody → Matthew Paul Thomas (mpt)
Matthew Paul Thomas (mpt)
Changed in software-center (Ubuntu):
importance: Undecided → High
Revision history for this message
Matthew Paul Thomas (mpt) wrote : Re: USC allows a package installation to uninstall vital packages

Specification updated. <https://wiki.ubuntu.com/SoftwareCenter?action=diff&rev2=688&rev1=687>

Changed in software-center (Ubuntu):
assignee: Matthew Paul Thomas (mpt) → nobody
status: Confirmed → Triaged
description: updated
Revision history for this message
André Pirard (a.pirard) wrote :

See bug #793318 for a similar horror story.
The issue is not only preventing the system to crash but hiding from the user all the information that Synaptic Packet Manager shows.
One of the reasons I abandoned Windows is that setup.exe is (was?) a black box most often without warning of what it's going to do, like replacing a component of the system with a more recent one but in the wrong language.
With the removal of Synaptic Packet Manager and exclusivity of blind USC, Ubuntu has become like Windows.
I suggest making USC controls as wonderful as SPM on demand.
Fortunately, the oder system killing bug affected only one person and was low priority but this one affects two and is of high priority ;-)

André Pirard (a.pirard)
description: updated
summary: - USC allows a package installation to uninstall vital packages
+ USC/APTURL allows a package installation to invisibly uninstall vital
+ packages
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

André Pirard (a.pirard)
affects: apturl → ubuntu
Launchpad Janitor (janitor)
Changed in ubuntu:
status: New → Confirmed
André Pirard (a.pirard)
no longer affects: ubuntu
André Pirard (a.pirard)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.