Bug#838184: chdist: compare-bin-packages not always uses the latest versions
Christoph Biedl
debian.axhn at manchmal.in-ulm.de
Sun Sep 18 08:09:01 UTC 2016
Package: devscripts
Version: 2.16.7
Severity: important
Dear Maintainer,
using "chdist compare-bin-packages" I was quite surprised to learn not
always the newest version of the respective DIST is taken into account.
How to repeat:
* Create two DISTs, for the sake of this example called "wheezy-plain"
and "wheezy-security"
# chdist create wheezy-plain
# chdist create wheezy-security
* Populate the respective sources.list as follows
wheezy-plain:
| deb http://ftp.de.debian.org/debian wheezy main contrib non-free
| deb-src http://ftp.de.debian.org/debian wheezy main contrib non-free
wheezy-security:
| deb http://ftp.de.debian.org/debian wheezy main contrib non-free
| deb-src http://ftp.de.debian.org/debian wheezy main contrib non-free
| deb http://security.debian.org wheezy/updates main contrib non-free
| deb-src http://security.debian.org wheezy/updates main contrib non-free
* Update the DISTs
# chdist apt-get wheezy-plain update
# chdist apt-get wheezy-security update
* Compare them
# chdist compare-bin-packages wheezy-plain wheezy-security |& grep tcpreplay
Background: The tcpreplay package was updated after the last wheezy
point release.
Expected output:
| tcpreplay 3.4.3-2+wheezy1 3.4.3-2+wheezy2
^
Actual output:
| W: Package tcpreplay is already listed for wheezy-security. Not overriding.
| tcpreplay 3.4.3-2+wheezy1 3.4.3-2+wheezy1
^
Analysis:
The additional warning message gives the right hint: If a binary
package is seen several times, only the first occurence is taken into
account. Even if any later has a higher version.
Suggested fix:
The patch attached implements the expected behaviour: If the second
occurence has a higher version number, that one is used. If the version
number is identical, also the warning is suppressed.
Additionally, the patch contains a safeguard in case there there is no
version number. Feel free to drop that.
The compare_src_bin function probably needs a fix, too. I could however
not trigger this.
Background: I maintain local backports and forks of several packages
in Debian. This needs a tool to notify about new versions in Debian
that require according work. I moved from an ugly hand-written solution
to something based on chdist and found regressions.
Justification: Besides this is unexpected behaviour and does not match
the output of apt-cache policy on both sides (after some parsing) ...
Assuming more people do track Debian in a similar way, they will face
the same problem: They might not learn about updates that are necessary
on their site, perhaps leading to something between functionality loss,
or a security issue not getting fixed.
Please also fix this in a stable point release: The patch applies to
jessie as well (with an offset).
Christoph
-- Package-specific info:
--- /etc/devscripts.conf ---
--- ~/.devscripts ---
Not present
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.4.20 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages devscripts depends on:
ii dpkg-dev 1.18.10
ii libc6 2.23-5
ii perl 5.22.2-5
pn python3:any <none>
Versions of packages devscripts recommends:
ii apt 1.3~rc4
pn at <none>
ii curl 7.50.1-1
ii dctrl-tools 2.24-2
pn debian-keyring <none>
pn dput | dupload <none>
pn equivs <none>
ii fakeroot 1.21-2
ii file 1:5.28-4
ii gnupg 1.4.20-6
ii gnupg2 2.1.11-7
ii libdistro-info-perl 0.14
ii libencode-locale-perl 1.05-1
ii liblwp-protocol-https-perl 6.06-2
pn libsoap-lite-perl <none>
ii liburi-perl 1.71-1
ii libwww-perl 6.15-1
pn licensecheck <none>
ii lintian 2.5.47
ii man-db 2.7.5-1
ii patch 2.7.5-1
ii patchutils 0.3.4-1
ii python3-debian 0.1.29
ii python3-magic 1:5.28-4
ii sensible-utils 0.0.9
ii strace 4.12-3
ii unzip 6.0-20
ii wdiff 1.2.2-1+b1
ii wget 1.18-2+b1
ii xz-utils 5.1.1alpha+20120614-2.1
Versions of packages devscripts suggests:
pn bsd-mailx | mailx <none>
ii build-essential 12.2
pn cvs-buildpackage <none>
pn devscripts-el <none>
ii diffoscope 60
pn dose-extra <none>
pn gnuplot <none>
ii gpgv 1.4.20-6
pn libauthen-sasl-perl <none>
ii libfile-desktopentry-perl 0.22-1
ii libnet-smtp-ssl-perl 1.03-1
pn libterm-size-perl <none>
ii libtimedate-perl 2.3000-2
pn libyaml-syck-perl <none>
ii mozilla-devscripts 0.47
ii mutt 1.7.0-1
ii openssh-client [ssh-client] 1:7.3p1-1
pn reprotest <none>
pn svn-buildpackage <none>
ii w3m 0.5.3-29
-- no debconf information
-------------- next part --------------
--- /usr/bin/chdist
+++ /tmp/chdist
@@ -471,10 +471,17 @@
my $parsed_file = parseFile($file);
foreach my $package ( keys(%{$parsed_file}) ) {
if ( $packages{$dist}{$package} ) {
- warn "W: Package $package is already listed for $dist. Not overriding.\n";
- } else {
- $packages{$dist}{$package} = $parsed_file->{$package};
- }
+ my $version = $packages{$dist}{$package}{'Version'};
+ my $alt_ver = $parsed_file->{$package}{'Version'};
+ my $delta = $version && $alt_ver && version_compare($version, $alt_ver);
+ if (defined ($delta) && $delta < 0) {
+ $packages{$dist}{$package} = $parsed_file->{$package};
+ } elsif (!defined ($delta) || $delta < 0) {
+ warn "W: Package $package is already listed for $dist. Not overriding.\n";
+ }
+ } else {
+ $packages{$dist}{$package} = $parsed_file->{$package};
+ }
}
}
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/devscripts-devel/attachments/20160918/d04464f4/attachment.sig>
More information about the devscripts-devel
mailing list