[ubuntu-dev] Bug#736343: gdebi-core: Removes reverse dependencies if a to be installed package is an upgrade
Axel Beckert
abe at debian.org
Wed Jan 22 13:43:27 UTC 2014
Package: gdebi-core
Version: 0.9.3
Severity: normal
Hi,
since I wanted to check if the recent aptitude upload works properly on
sparc64 (the buildd hasn't built it yet), I've built all
architecture-dependent packages from the aptitude source package
(i.e. the binary package "aptitude").
The architecture-dependent binary package "aptitude" depends on the
architecture-independent binary package "aptitude-common" with the same
version.
Hence installing aptitude_0.6.8.3-1_sparc64.deb over version 0.6.8.2-1.2
needed aptitude-common updated at the same time. That's why I used
gdebi.
But to my surprise, gdebi did not install aptitude 0.6.8.3-1 over
0.6.8.2-1.2 but first removed aptitude 0.6.8.2-1.2 and with it all
reverse dependencies of aptitude without even asking. This is definitely
a dangerous behaviour and should be avoided where possible. (Ok, it
asks, but only "Do you want to install the software package?" and it
does not mention that this will (unnecessearily) remove other packages
in that queston, it only mentions that many lines above.)
In my case it were only some local meta-packages to pull in common
packages, so no harm was done, but I can imagine if this happens with a
more vital package, this can cause quite some headaches for the
administrator, e.g. how to regain access to the system if
e.g. openssh-server has been removed.
Example session:
root at hw:/home/abe/bin-nmu# ls -l *deb
-rw-r--r-- 1 abe 1000 18664912 Jan 22 09:14 aptitude-dbg_0.6.8.3-1_sparc64.deb
-rw-r--r-- 1 abe 1000 1211652 Jan 22 09:12 aptitude_0.6.8.3-1_sparc64.deb
root at hw:/home/abe/bin-nmu# gdebi aptitude_0.6.8.3-1_sparc64.deb
Reading package lists... Done
Building dependency tree
Reading state information... Done
Building data structures... Done
Building data structures... Done
Requires the REMOVAL of the following packages: abe-commandline abe-packaging-dev abe-perl-dev aptitude
Requires the installation of the following packages: aptitude-common
terminal-based package manager
aptitude is a package manager with a number of useful features,
including: a mutt-like syntax for matching packages in a flexible
manner, dselect-like persistence of user actions, the ability to
retrieve and display the Debian changelog of most packages, and a
command-line mode similar to that of apt-get.
.
aptitude is also Y2K-compliant, non-fattening, naturally cleansing,
and housebroken.
Do you want to install the software package? [y/N]:y
Get:1 http://ftp.debian-ports.org/debian/ unstable/main aptitude-common all 0.6.8.3-1 [1579 kB]
Fetched 1579 kB in 0s (0 B/s)
(Reading database ... 73738 files and directories currently installed.)
Removing abe-packaging-dev (13) ...
Removing abe-perl-dev (13) ...
Removing abe-commandline (13) ...
Removing aptitude (0.6.8.2-1.2) ...
Processing triggers for man-db (2.6.5-2) ...
(Reading database ... 73708 files and directories currently installed.)
Preparing to unpack .../aptitude-common_0.6.8.3-1_all.deb ...
Unpacking aptitude-common (0.6.8.3-1) over (0.6.8.2-1.2) ...
Processing triggers for man-db (2.6.5-2) ...
Setting up aptitude-common (0.6.8.3-1) ...
Selecting previously unselected package aptitude.
(Reading database ... 73711 files and directories currently installed.)
Preparing to unpack aptitude_0.6.8.3-1_sparc64.deb ...
Unpacking aptitude (0.6.8.3-1) ...
Setting up aptitude (0.6.8.3-1) ...
update-alternatives: using /usr/bin/aptitude-curses to provide /usr/bin/aptitude (aptitude) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/cs/man8/aptitude.8.gz because associated file /usr/share/man/cs/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/de/man8/aptitude.8.gz because associated file /usr/share/man/de/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/es/man8/aptitude.8.gz because associated file /usr/share/man/es/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/fi/man8/aptitude.8.gz because associated file /usr/share/man/fi/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/fr/man8/aptitude.8.gz because associated file /usr/share/man/fr/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/gl/man8/aptitude.8.gz because associated file /usr/share/man/gl/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/it/man8/aptitude.8.gz because associated file /usr/share/man/it/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/ja/man8/aptitude.8.gz because associated file /usr/share/man/ja/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/pl/man8/aptitude.8.gz because associated file /usr/share/man/pl/man8/aptitude-curses.8.gz (of link group aptitude) doesn't exist
Processing triggers for man-db (2.6.5-2) ...
root at hw:/home/abe/bin-nmu# apt-get install abe-commandline abe-perl-dev abe-packaging-dev
[…]
-- System Information:
Debian Release: jessie/sid
APT prefers unreleased
APT policy: (500, 'unreleased'), (500, 'unstable')
Architecture: sparc64
Kernel: Linux 3.12-trunk-sparc64-smp (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages gdebi-core depends on:
ii file 1:5.14-2
ii python-apt 0.9.1
ii python-debian 0.1.21+nmu2
pn python:any <none>
gdebi-core recommends no packages.
Versions of packages gdebi-core suggests:
ii xz-utils 5.1.1alpha+20120614-2
-- no debconf information
More information about the ubuntu-dev-team
mailing list