[Bug 1847496] Re: [trusty] policy not always initialized when building depcache

Brian Murray brian at ubuntu.com
Thu Oct 10 22:47:12 UTC 2019 

Hello Julian, or anyone else affected,

Accepted apt into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.24 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-trusty to verification-done-trusty. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-trusty. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: apt (Ubuntu Trusty)
       Status: In Progress => Fix Committed

** Tags added: verification-needed verification-needed-trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1847496

Title:
  [trusty] policy not always initialized when building depcache

Status in apt package in Ubuntu:
  Invalid
Status in apt source package in Trusty:
  Fix Committed

Bug description:
  [Impact]
  apt in trusty does not always initialize the policy before constructing the depcache. This means that if you access the depcache, it does not respect pinning when calculating upgrades.

  This is not a general problem - according to current knowledge, it
  only affects apt list. It does affect any code that requests a
  depCache from pkgCacheFile without having explicitly build caches, or
  explicitly initialized policy (which other parts of apt do).

  
  [Test case]

  1. Add deb https://esm.ubuntu.com/ubuntu/ trusty-infra-security main to sources.list
  2. Pin it down

  Package: *
  Pin: release trusty-infra-security
  Pin-Priority: -1

  3. Look at apt list apport

  Currently it shows:

  apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all
  [installed,upgradable to: 2.14.1-0ubuntu3.29]

  because when calculating whether the package is upgradable, it did not
  see the pinning.

  Correct would be:

  apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all
  [installed]

  [Regression potential]
  Behavior of code that only initializes depcache, but not policy will change. For example, pinning will be applied in such code (as it is in later versions, and should be). This adds some more error cases as well, such as parsing failures for preferences files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1847496/+subscriptions

More information about the foundations-bugs mailing list