apt-get upgrade ignores pinning preferences since 1.0.1ubuntu2.22

Bug #1821308 reported by larsen on 2019-03-22
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Undecided
Unassigned
Trusty
Critical
Julian Andres Klode

Bug Description

[Impact]
Pinning on local-only package versions is ignored, causing them to be upgraded.

[Test case]
The integration tests run in autopkgtest include an automated test case that contains a package called coolstuff in three versions. We are specifying a Pin for the installed one, set to 1000.

The bug caused 1.0 to become the candidate, as the existing pin was ignored. The test checks that 2.0~bpo1 to remains the candidate, that is, apt-cache policy looks like this:

coolstuff:
  Installed: 2.0~bpo1
  Candidate: 2.0~bpo1
  Package pin: 2.0~bpo1
  Version table:
     2.0~bpo2 1000
        100 file:${tmppath}/aptarchive/ backports/main i386 Packages
 *** 2.0~bpo1 1000
        100 ${tmppath}/rootdir/var/lib/dpkg/status
     1.0 1000
        500 file:${tmppath}/aptarchive/ stable/main i386 Packages

On the output of the autopkgtest we'll see:

Check that local-only versions can be pinned correctly (LP: #1821308)
Test for successful execution of apt-cache policy coolstuff … PASS
Test for correctness of file testsuccess.output … PASS

[Regression potential]
Other weird pinning bugs.

[Original bug report]

I have updated apt this morning:

Start-Date: 2019-03-22 09:36:18
Commandline: apt-get dist-upgrade
Upgrade: apt:amd64 (1.0.1ubuntu2.20, 1.0.1ubuntu2.22), ...

Afterwards, apt-get ignores my pinning preferences:

# apt-get --dry-run upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be DOWNGRADED:
  burp
0 upgraded, 0 newly installed, 1 downgraded, 0 to remove and 0 not upgraded.
Inst burp [2.0.54-1] (1.3.48-4 Ubuntu:14.04/trusty [amd64])
Conf burp (1.3.48-4 Ubuntu:14.04/trusty [amd64])

# cat /etc/apt/preferences.d/burp.pref
Package: burp
Pin: version 2.0.54*
Pin-Priority: 1000

This might be caused by bug 1814727 as it's the only thing I can see in the changelog regarding apt/pinning.

Julian Andres Klode (juliank) wrote :

Please provide apt-cache policy output, and there are probably other pinnings in your preferences files.

Changed in apt (Ubuntu):
status: New → Incomplete
Julian Andres Klode (juliank) wrote :

apt-cache policy burp, that is

Julian Andres Klode (juliank) wrote :

FWIW, reading the code for trusty, I assume that

(1) burp 2.0.54 is not in a repo, only locally installed
(2) hence the code that checks whether the specified pin can be valid says "no" and ignores it, because it does not find any source, and thus concludes that the package only has available sources marked as "never".

Should be easy to fix.

Changed in apt (Ubuntu Trusty):
status: New → Triaged
Changed in apt (Ubuntu):
status: Incomplete → Invalid
Changed in apt (Ubuntu Trusty):
importance: Undecided → Critical
assignee: nobody → Julian Andres Klode (juliank)
tags: added: id-5c94c4fd0a7a583861e90c88

> (1) burp 2.0.54 is not in a repo, only locally installed

That is correct.

Output as requested:

# apt-cache policy burp
burp:
   Installed: 2.0.54-1
   Candidate: 2.0.54-1
   Package pin: 2.0.54-1
   Version table:
  *** 2.0.54-1 1000
         100 /var/lib/dpkg/status
      1.3.48-4.1 1000
         500 https://ftp-stud.hs-esslingen.de/debian/ jessie/main amd64
Packages

description: updated
description: updated
description: updated
Changed in apt (Ubuntu Trusty):
status: Triaged → In Progress

Hello larsen, or anyone else affected,

Accepted apt into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.23 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-trusty to verification-done-trusty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-trusty. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in apt (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-trusty

I have enabled the "proposed" repository and installed apt
"1.0.1ubuntu2.23". Though, even after another "apt-get update", "apt-get
upgrade" still wants to downgrade my "burp" package.

It's noticeable that "policy's output" now contains a different
"Candidate" version number.

# dpkg -l apt
(snip)
ii apt 1.0.1ubuntu2.23
amd64 commandline package manager

# apt-cache policy burp
burp:
   Installed: 2.0.54-1
   Candidate: 1.3.48-4
   Package pin: 2.0.54-1
   Version table:
  *** 2.0.54-1 1000
         100 /var/lib/dpkg/status
      1.3.48-4 1000
         500 https://ftp-stud.hs-esslingen.de/ubuntu/ trusty/universe amd64
Packages

Julian Andres Klode (juliank) wrote :

Well, the version of apt is irrelevant. The version of libapt-pkg4.12 is what matters - is that one upgraded too?

larsen (larsen007) wrote :

> Well, the version of apt is irrelevant. The version of libapt-pkg4.12 is
> what matters - is that one upgraded too?

I didn't see a hint this package should be updated.
Have updated libapt-pkg4.12 now (to 1.0.1ubuntu2.23) and there is no false
downgrade anymore.

Thanks!

Julian Andres Klode (juliank) wrote :

The test case also passed successfully on the autopkgtest for 1.0.1ubuntu2.23

Check that local-only versions can be pinned correctly (LP: #1821308)
Test for successful execution of apt-cache policy coolstuff … PASS
Test for correctness of file /tmp/tmp.PtSrwfN8WU/rootdir/tmp/testsuccess.output … PASS

-> fix verified.

tags: added: verification-done verification-done-trusty
removed: verification-needed verification-needed-trusty
Mathew Hodson (mathew-hodson) wrote :

The "Check that local-only versions can be pinned correctly" test should also be added to the development branch to make sure we don't regress this behaviour again in the future.

I don't see an equivalent test there.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apt - 1.0.1ubuntu2.23

---------------
apt (1.0.1ubuntu2.23) trusty; urgency=medium

  * Fix regression in pinning of local-only package versions (LP: #1821308)

 -- Julian Andres Klode <email address hidden> Mon, 25 Mar 2019 11:22:42 +0100

Changed in apt (Ubuntu Trusty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for apt has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Julian Andres Klode (juliank) wrote :

@mathew-hodson It's in git, and will make it's way in in a future release

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers