[Bug 1788486] Re: apt behaviour with strict dependencies

[Simon Poirier]

That workaround wouldn't work in Landscape for many configurations; we
can't assume pocket names as many use custom mirrors or repository
snapshots in which the pocket may not match.

It seems to me there is no simple way to resolve this automatically in
Landscape, but as that upgrade situation is both infrequent, noisy, and
is easy to resolve manually, the real workaround for landscape is to
install those versions manually when that case happens.

Other than that, managing sources lists to limit them to -security after
deployment is the only other simple way to ensure that situation does
not happen with landscape.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1788486

Title:
  apt behaviour with strict dependencies

Status in apt package in Ubuntu:
  Won't Fix
Status in apt source package in Xenial:
  Won't Fix
Status in apt source package in Bionic:
  Won't Fix

Bug description:
  [Impact]

  We notice that situation while investigating a security update using
  Landscape, but it also applies to 'apt' outside the Landscape context.

  'apt' should be smarter to detect/install packages with strict
  dependencies such as systemd[1] when a version is specified for
  upgrade (Ex: $ apt-get install systemd=229-4ubuntu-21.1).

  It should automatically install the dependencies (if any) from that
  same version as well instead of failing trying to install the highest
  version available (if any) while installing the specified version for
  the one mentionned :

  ========================
  $ apt-get install systemd=229-4ubuntu-21.1
  ....
  "systemd : Depends: libsystemd0 (= 229-4ubuntu21.1) but 229-4ubuntu21.4 is to be installed"
  =========================

  To face that problem :
  - Package with lower version should be found in -security ( Ex: systemd/229-4ubuntu21.1 )
  - Package with higher version should be found in -updates ( Ex: systemd/229-4ubuntu21.4 )
  - Package should have strict dependencies ( Ex: libsystemd0 (= ${binary:Version}) )
  - The upgrade should only specify version for the package, without it's dependencies. (Ex: $ apt-get install systemd=229-4ubuntu-21.1" #systemd without libsystemd0 depends)

  Using systemd is a good reproducer, I'm sure finding other package
  with the same situation is easy.

  It has been easily reproduced with systemd on Xenial and Bionic so
  far.

  [1] debian/control
  Depends: ${shlibs:Depends},
  ${misc:Depends},
  libsystemd0 (= ${binary:Version}),
  ...

  [Workaround]
  If package + dependencies are specified, the upgrade work just fine :

  Ex: $ apt-get install systemd=229-4ubuntu-21.1
  libsystemd0=229-4ubuntu-21.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1788486/+subscriptions