Ubuntu
gnupg2 package

gpg-wks-server pulls in postfix

Bug #2054908 reported by Jeremy Bícha
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Auto Package Testing
Fix Released
Undecided
Paride Legovini
apt (Ubuntu)
Invalid
High
Unassigned
gnupg2 (Ubuntu)
Won't Fix
High
Unassigned
munin (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Example 1
----
I did a sudo apt dist-upgrade today on my developer machine running Ubuntu Desktop 24.04 LTS and it surprisingly pulled in postfix.

I did not built this into a full reproducible test case because I found another test case…

Example 2
----
munin's autopkgtests are now failing because postfix is now unexpectedly being installed.

https://autopkgtest.ubuntu.com/packages/munin/noble/amd64

Other Info
----
gnupg2's changelog indicates that there was an attempt to avoid this misbehavior by having gnupg only Suggest gpg-wks-server. In fact, there is **nothing** in Ubuntu 24.04 LTS that Depends or Recommends gpg-wks-server.

I added a munin bug task as a pointer in case anyone wonder's about the autopkgtest regression but I don't believe munin needs any changes.

See original description
Jeremy Bícha (jbicha)
Changed in apt (Ubuntu):
importance: Undecided → High
Changed in munin (Ubuntu):
status: New → Triaged
tags: added: update-excuse
description: updated
description: updated
Revision history for this message
Julian Andres Klode (juliank) wrote :

gpg-wks-server is not a new dependency so upgrading will of course pull in a newer version until you remove it. The images will be fixed eventually when they get rebuilt from scratch.

For upgrades, we can quirk this to avoid upgrading it only for it to become auto removable later.

Changed in gnupg2 (Ubuntu):
status: New → Invalid
Changed in apt (Ubuntu):
status: New → Invalid
Changed in munin (Ubuntu):
status: Triaged → Invalid
Revision history for this message
Jeremy Bícha (jbicha) wrote :

Ok, pulling in postfix is very disruptive since gpg-wks-client was seeded in Ubuntu Desktop 22.04 LTS and 23.10 and several flavors. postfix's install has a debconf prompt which is now allowed for the default desktop install.

summary: - gnupg is pulling in gpg-wks-server which pulls in postfix
+ gpg-wks-server pulls in postfix
Changed in ubuntu-release-upgrader (Ubuntu):
importance: Undecided → High
Jeremy Bícha (jbicha)
description: updated
description: updated
Revision history for this message
Steve Langasek (vorlon) wrote :

What is the rationale for a gpg package pulling in an MTA at all? I think this needs assessed.

Changed in gnupg2 (Ubuntu):
status: Invalid → New
Jeremy Bícha (jbicha)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gnupg2 (Ubuntu):
status: New → Confirmed
Changed in ubuntu-release-upgrader (Ubuntu):
status: New → Confirmed
Revision history for this message
Julian Andres Klode (juliank) wrote :

Steve - it is a server package for hosting a web key server, it's entirely reasonable for it to depend on a mail transport agent. A WKS server, upon uploading a key, sends confirmation emails to the UIDs in the key, before publishing it, so that it only published keys with consent.

It's problematic that it was installed by default, and I'm fixing this here and in Debian by doing the restructuring I did. This is not optimal for people upgrading without quirks (i.e. Debian users especially) but I don't think breaking the wks server to make upgrades without quirks nicer is a better choice.

Revision history for this message
corrado venturini (corradoventu) wrote :

I found the same problem also in Xubuntu 24.04.

Revision history for this message
Steve Langasek (vorlon) wrote : Re: [Bug 2054908] Re: gpg-wks-server pulls in postfix

On Sun, Feb 25, 2024 at 07:13:30PM -0000, Julian Andres Klode wrote:
> Steve - it is a server package for hosting a web key server, it's
> entirely reasonable for it to depend on a mail transport agent. A WKS
> server, upon uploading a key, sends confirmation emails to the UIDs in
> the key, before publishing it, so that it only published keys with
> consent.

Ok. This is a sensible rationale, unfortunately. But it was important to
surface that in this bug report.

> It's problematic that it was installed by default, and I'm fixing this
> here and in Debian by doing the restructuring I did. This is not optimal
> for people upgrading without quirks (i.e. Debian users especially) but I
> don't think breaking the wks server to make upgrades without quirks
> nicer is a better choice.

Yeah, I don't see any better solution here. The only non-quirk solution
would be to add an artificial Conflicts: against gpg-wks-server.

Revision history for this message
Julian Andres Klode (juliank) wrote :

Remind me to add negative Recommends to apt at some point.

Julian Andres Klode (juliank)
Changed in gnupg2 (Ubuntu):
status: Confirmed → Won't Fix
Paride Legovini (paride)
Changed in auto-package-testing:
assignee: nobody → Paride Legovini (paride)
status: New → Fix Released
Revision history for this message
Julian Andres Klode (juliank) wrote :

This was fixed in u-r-u in bug 2060578

no longer affects: ubuntu-release-upgrader (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.