[Bug 1847496] Re: [trusty] policy not always initialized when building depcache

Julian Andres Klode julian.klode at canonical.com
Fri Oct 11 13:56:13 UTC 2019 

Verified OK

root at t:~# apt list apport
Listing... Done
apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all [installed,upgradable to: 2.14.1-0ubuntu3.29]
root at t:~# apt install libapt-pkg4.12
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libfreetype6 os-prober
Use 'apt-get autoremove' to remove them.
The following packages will be upgraded:
  libapt-pkg4.12
1 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.
Need to get 646 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu/ trusty-proposed/main libapt-pkg4.12 amd64 1.0.1ubuntu2.24 [646 kB]
Fetched 646 kB in 0s (2692 kB/s)      
(Reading database ... 25111 files and directories currently installed.)
Preparing to unpack .../libapt-pkg4.12_1.0.1ubuntu2.24_amd64.deb ...
Unpacking libapt-pkg4.12:amd64 (1.0.1ubuntu2.24) over (1.0.1ubuntu2.23) ...
Setting up libapt-pkg4.12:amd64 (1.0.1ubuntu2.24) ...
Processing triggers for libc-bin (2.19-0ubuntu6.15) ...
root at t:~# apt list apport
Listing... Done
apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all [installed]


** Tags removed: verification-needed verification-needed-trusty
** Tags added: verification-done verification-done-trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1847496

Title:
  [trusty] policy not always initialized when building depcache

Status in apt package in Ubuntu:
  Invalid
Status in apt source package in Trusty:
  Fix Committed

Bug description:
  [Impact]
  apt in trusty does not always initialize the policy before constructing the depcache. This means that if you access the depcache, it does not respect pinning when calculating upgrades.

  This is not a general problem - according to current knowledge, it
  only affects apt list. It does affect any code that requests a
  depCache from pkgCacheFile without having explicitly build caches, or
  explicitly initialized policy (which other parts of apt do).

  
  [Test case]

  1. Add deb https://esm.ubuntu.com/ubuntu/ trusty-infra-security main to sources.list
  2. Pin it down

  Package: *
  Pin: release trusty-infra-security
  Pin-Priority: -1

  3. Look at apt list apport

  Currently it shows:

  apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all
  [installed,upgradable to: 2.14.1-0ubuntu3.29]

  because when calculating whether the package is upgradable, it did not
  see the pinning.

  Correct would be:

  apport/trusty-updates,trusty-security,now 2.14.1-0ubuntu3.29 all
  [installed]

  [Regression potential]
  Behavior of code that only initializes depcache, but not policy will change. For example, pinning will be applied in such code (as it is in later versions, and should be). This adds some more error cases as well, such as parsing failures for preferences files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1847496/+subscriptions

More information about the foundations-bugs mailing list