I tried to build the vlc package and apt refused to download the dependencies and claimed that no libcaca-dev fulfills version requirements. When I installed it it still refused to install build-depends and did not give any reason. I created a package vlc-build which contains the build-depends as depends and build-conficts as conflicts. Installing this package with aptitude revealed that xlibs-pic, libcaca-dev, and libdvdread3 have to be installed manually: xlibs-pic from experimental, libcaca-dev from unstable, libdvdread3 has to be downgraded one revision (0.9.4-4 -> 0.9.4-3) to allow installing libdvdread3-dev. After that aptitude was able to install the package automagically, removing x-window-system because different xlibmesa?-gl was needed. -----vlc_0.7.0-3.dsc----- Format: 1.0 Source: vlc Version: 0.7.0-3 Binary: gvlc, vlc-esd, vlc-plugin-sdl, vlc, qvlc, vlc-plugin-esd, vlc-plugin-arts, libvlc0-dev, kvlc, vlc-alsa, vlc-plugin-alsa, vlc-plugin-svgalib, vlc-ggi, mozilla-plugin-vlc, vlc-plugin-glide, vlc-glide, gnome-vlc, vlc-gnome, vlc-plugin-ggi, wxvlc, vlc-qt, vlc-sdl, vlc-gtk Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org> Architecture: any Standards-Version: 3.6.1.0 Build-Depends: debhelper (>= 4.0), gettext, xlibs-dev, xlibs-pic, libgnome-dev, libggi2-dev, libglide2-dev [i386], libesd0-dev, libsdl1.2-dev (>= 1.2.2-3.1), libqt3-mt-dev, libqt3-compat-headers, libasound2-dev (>= 0.9.0beta10a), libarts1-dev, libmad0-dev, liblircclient-dev, liba52-0.7.4-dev, aalib1-dev, libdvbpsi2-dev, mozilla-dev, libidl0, libglib2.0-0, kdelibs4-dev, dvb-dev (>= 1.0.1-6), libdv2-dev, libxosd-dev (>= 2.2.4-1.3), svgalibg1-dev (>= 1.4.0) [i386], libogg-dev, libvorbis-dev, libwxgtk2.4-dev (>= 2.4.2.4), libdvdplay0-dev (>= 1.0.1-2), libdvdread3-dev, libslp-dev, libflac-dev (>= 1.1.0), libimlib2-dev, libmatroska-dev (>= 0.6.2), libfreetype6-dev, libspeex-dev, linux-kernel-headers (>= 2.5.999-test7-bk-7), libcaca-dev (>= 0.8), gcc-3.2 [powerpc] Build-Conflicts: libmpeg2-dev, libmpeg2-0-dev, libmpeg2-1-dev, libmpeg2-2-dev, libmpeg2-3-dev Files: d67d2766385ee6179839b56588d64d0c 8880304 vlc_0.7.0.orig.tar.gz bba28a718019ad87903cf0bae847a16d 4304 vlc_0.7.0-3.diff.gz
tags 229775 moreinfo unreproducible thanks # apt-get build-dep vlc Password: Reading Package Lists... Done Building Dependency Tree... Done The following packages will be REMOVED: libdb2-dev libnewt-dev libnewt-pic slang1-utf8-dev slang1-utf8-pic The following NEW packages will be installed: aalib1-dev dvb-dev gdk-imlib1-dev kdelibs-bin kdelibs-data kdelibs4 kdelibs4-dev liba52-0.7.4-dev libart-dev libarts1 libarts1-dev libartsc0-dev libasound2-dev libcaca-dev libdb3-dev libdvbpsi2 libdvbpsi2-dev libdvdplay0 libdvdplay0-dev libebml-dev libggi2-dev libgii0-dev libgnome-dev libgnorba-dev libimlib2-dev libmatroska-dev liborbit-dev libpng3-dev libslp-dev libslp1 libspeex-dev libwxgtk2.4-dev libxml2-utils libxosd-dev slang1-dev wxwin2.4-headers 0 upgraded, 36 newly installed, 5 to remove and 13 not upgraded. Need to get 21.7MB of archives. After unpacking 77.2MB of additional disk space will be used. Perhaps you can show me how to reproduce the problem.
It does not work here, on a (mostly) testing system (as you might have seen
from the the apt configuration).
And of course it depends on the packages currently installed on my system,
available on the repositories listed in sources, apt configuration,
and whatnot.
...
Reading Package Lists... Done
Building Dependency Tree... Done
E: Build-Depends dependency for vlc cannot be satisfied because no available versions of package libcaca-dev can satisfy version requirements
uvt316-2:/opt# aptitude install libcaca-dev/unstable
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information... Done
The following packages have been kept back:
grub-doc kernel-image-2.4-686 libdvbpsi2 libfltk1.1c102 libopencdk8
python2.3
The following NEW packages will be installed:
libcaca-dev
0 packages upgraded, 1 newly installed, 0 to remove and 6 not upgraded.
Need to get 221kB of archives. After unpacking 1315kB will be used.
Do you want to continue? [Y/n/?]
Writing extended state information... Done
Get:1 http://debian.sh.cvut.cz unstable/main libcaca-dev 0.8-2 [221kB]
Fetched 221kB in 0s (1381kB/s)
Selecting previously deselected package libcaca-dev.
(Reading database ... 87694 files and directories currently installed.)
Unpacking libcaca-dev (from .../libcaca-dev_0.8-2_i386.deb) ...
Setting up libcaca-dev (0.8-2) ...
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information... Done
uvt316-2:/opt# apt-get build-dep vlc
Reading Package Lists... Done
Building Dependency Tree... Done
E: Build-dependencies for vlc could not be satisfied.
uvt316-2:/opt# aptitude install vlc-build
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information... Done
E: Unable to correct problems, you have held broken packages.
E: Unable to correct dependencies, some packages cannot be installed
E: Unable to resolve some dependencies!
Some packages had unmet dependencies. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following packages have unmet dependencies:
vlc-build: Depends: xlibs-pic but it is not installable
Depends: libqt3-mt-dev but it is not installable
Depends: libarts1-dev but it is not installable
Depends: kdelibs4-dev but it is not installable
Depends: libxosd-dev (>= 2.2.4-1.3) but it is not installable
uvt316-2:/opt# aptitude install xlibs-pic/experimental
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information... Done
The following NEW packages will be automatically installed:
xlibs-static-pic
The following packages have been kept back:
grub-doc kernel-image-2.4-686 libdvbpsi2 libfltk1.1c102 libopencdk8
python2.3
The following NEW packages will be installed:
xlibs-pic xlibs-static-pic
0 packages upgraded, 2 newly installed, 0 to remove and 6 not upgraded.
Need to get 0B/445kB of archives. After unpacking 1184kB will be used.
Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Selecting previously deselected package xlibs-static-pic.
(Reading database ... 87894 files and directories currently installed.)
Unpacking xlibs-static-pic (from .../xlibs-static-pic_4.3.0-0pre1v5_i386.deb) ...
Selecting previously deselected package xlibs-pic.
Unpacking xlibs-pic (from .../xlibs-pic_4.3.0-0pre1v5_all.deb) ...
Setting up xlibs-static-pic (4.3.0-0pre1v5) ...
Setting up xlibs-pic (4.3.0-0pre1v5) ...
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information... Done
uvt316-2:/opt# aptitude install vlc-build
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information... Done
The following NEW packages will be automatically installed:
aalib1-dev alsa-headers debconf-utils debhelper dvb-dev gdk-imlib1-dev
gettext glide2-bin html2text intltool-debian kdelibs-bin kdelibs-data
kdelibs4 kdelibs4-dev liba52-0.7.4-dev libart-2.0-dev libart-dev libarts1
libarts1-dev libartsc0 libartsc0-dev libasound2-dev libaudio-dev
libaudiofile-dev libcupsys2-dev libdb3-dev libdv2-dev libdvbpsi2-dev
libdvdplay0-dev libdvdread3-dev libebml-dev libesd0-dev libexpat1-dev
libfam-dev libflac-dev libfontconfig1-dev libfreetype6-dev libgcrypt-dev
libggi-target-x libggi2 libggi2-dev libggimisc2 libggimisc2-dev libgii0
libgii0-dev libgii0-target-x libglib1.2-dev libglib2.0-dev libglide2
libglide2-dev libgnome-dev libgnorba-dev libgnutls7-dev libgtk1.2-dev
libimlib2 libimlib2-dev libjpeg62-dev liblcms1-dev liblircclient-dev
libmad0-dev libmatroska-dev libmng-dev libnspr-dev libogg-dev
libopencdk-dev liborbit-dev libpcre3-dev libpng12-dev libpng3-dev
libpopt-dev libqt3-compat-headers libqt3-headers libqt3-mt-dev
libsdl1.2-dev libslp-dev libspeex-dev libssl-dev libtasn1-dev
libtiff3g-dev libungif4-dev libvorbis-dev libwrap0-dev libwxgtk2.4
libwxgtk2.4-dev libxcursor-dev libxft-dev libxml2-utils libxosd-dev
mozilla-dev orbit pkg-config po-debconf qt3-dev-tools svgalibg1-dev
wxwin2.4-headers xlibmesa-gl-dev xlibmesa-glu-dev
The following packages have been kept back:
grub-doc kernel-image-2.4-686 libdvbpsi2 libfltk1.1c102 libopencdk8
python2.3
The following NEW packages will be installed:
aalib1-dev alsa-headers debconf-utils debhelper dvb-dev gdk-imlib1-dev
gettext glide2-bin html2text intltool-debian kdelibs-bin kdelibs-data
kdelibs4 kdelibs4-dev liba52-0.7.4-dev libart-2.0-dev libart-dev libarts1
libarts1-dev libartsc0 libartsc0-dev libasound2-dev libaudio-dev
libaudiofile-dev libcupsys2-dev libdb3-dev libdv2-dev libdvbpsi2-dev
libdvdplay0-dev libdvdread3-dev libebml-dev libesd0-dev libexpat1-dev
libfam-dev libflac-dev libfontconfig1-dev libfreetype6-dev libgcrypt-dev
libggi-target-x libggi2 libggi2-dev libggimisc2 libggimisc2-dev libgii0
libgii0-dev libgii0-target-x libglib1.2-dev libglib2.0-dev libglide2
libglide2-dev libgnome-dev libgnorba-dev libgnutls7-dev libgtk1.2-dev
libimlib2 libimlib2-dev libjpeg62-dev liblcms1-dev liblircclient-dev
libmad0-dev libmatroska-dev libmng-dev libnspr-dev libogg-dev
libopencdk-dev liborbit-dev libpcre3-dev libpng12-dev libpng3-dev
libpopt-dev libqt3-compat-headers libqt3-headers libqt3-mt-dev
libsdl1.2-dev libslp-dev libspeex-dev libssl-dev libtasn1-dev
libtiff3g-dev libungif4-dev libvorbis-dev libwrap0-dev libwxgtk2.4
libwxgtk2.4-dev libxcursor-dev libxft-dev libxml2-utils libxosd-dev
mozilla-dev orbit pkg-config po-debconf qt3-dev-tools svgalibg1-dev
vlc-build wxwin2.4-headers xlibmesa-gl-dev xlibmesa-glu-dev
0 packages upgraded, 98 newly installed, 0 to remove and 6 not upgraded.
Need to get 1519kB/42.8MB of archives. After unpacking 169MB will be used.
Do you want to continue? [Y/n/?]
dpkg status should be available at http://suchanek.ruk.cuni.cz/~hramrach/status
Thanks
The problem is likely related to your pinning configuration; "build-dep" is not as sophisticated about resolving problems as "install". Try -o Debug::BuildDeps=true.
I would wager that since he had to use 'install ../unstable' he has some kind of policy that is preventing build-dep from working since it is policy sensitive.. Jason
Here it is: # apt-get -o Debug::BuildDeps=true build-dep vlc Reading Package Lists... Done Building Dependency Tree... Done Looking for debhelper... Trying to install debhelper Looking for gettext... Is installed Looking for xlibs-dev... Is installed Looking for xlibs-pic... Trying to install xlibs-pic Looking for libgnome-dev... Trying to install libgnome-dev Looking for libggi2-dev... Trying to install libggi2-dev Looking for libglide2-dev... Trying to install libglide2-dev Looking for libesd0-dev... Is installed Looking for libsdl1.2-dev... Trying to install libsdl1.2-dev Looking for libqt3-mt-dev... Trying to install libqt3-mt-dev Looking for libqt3-compat-headers... Trying to install libqt3-compat-headers Looking for libasound2-dev... Trying to install libasound2-dev Looking for libarts1-dev... Trying to install libarts1-dev Looking for libmad0-dev... Is installed Looking for liblircclient-dev... Trying to install liblircclient-dev Looking for liba52-0.7.4-dev... Trying to install liba52-0.7.4-dev Looking for aalib1-dev... Trying to install aalib1-dev Looking for libdvbpsi2-dev... Trying to install libdvbpsi2-dev Looking for mozilla-dev... Trying to install mozilla-dev Looking for libidl0... Is installed Looking for libglib2.0-0... Is installed Looking for kdelibs4-dev... Trying to install kdelibs4-dev Looking for dvb-dev... Trying to install dvb-dev Looking for libdv2-dev... Trying to install libdv2-dev Looking for libxosd-dev... Trying to install libxosd-dev Looking for svgalibg1-dev... Trying to install svgalibg1-dev Looking for libogg-dev... Is installed Looking for libvorbis-dev... Is installed Looking for libwxgtk2.4-dev... Trying to install libwxgtk2.4-dev Looking for libdvdplay0-dev... Trying to install libdvdplay0-dev Looking for libdvdread3-dev... Is installed Looking for libslp-dev... Trying to install libslp-dev Looking for libflac-dev... Trying to install libflac-dev Looking for libimlib2-dev... Trying to install libimlib2-dev Looking for libmatroska-dev... Trying to install libmatroska-dev Looking for libfreetype6-dev... Is installed Looking for libspeex-dev... Trying to install libspeex-dev Looking for linux-kernel-headers... Is installed Looking for libcaca-dev... E: Build-Depends dependency for vlc cannot be satisfied because no available versions of package libcaca-dev can satisfy version requirements Thanks
OK, how about "apt-cache policy libcaca-dev"?
hramrach@uvt316-2:~$ apt-cache policy libcaca-dev
libcaca-dev:
Installed: (none)
Candidate: 0.7-1
Version Table:
0.8-2 0
400 http://debian.sh.cvut.cz unstable/main Packages
0.7-1 0
990 http://debian.sh.cvut.cz testing/main Packages
Hello Michal! Is this bug still relevant? It was marked as 'unreproducible' several years earlier...
This bug (#229775) is still reproducible with current apt version (apt 2.7.7). The bug can be summarized so: "apt-get build-dep" fails to install a package from a repo if its priority is slightly less than priority of installed release. In more details: "apt-get build-dep" fails to install a package from backports if backports priority is set to 499 and installed release have its default priority (i. e. 500, as well as I understand). Here are steps to reproduce. But please note: the steps to reproduce below involve stretch. But despite this, please note that the bug is reproducible with apt 2.7.7! Yes, I did run apt 2.7.7 on stretch! Now let me show you steps to reproduce: Build docker container using this dockerfile: FROM debian:stretch ENV LC_ALL C.UTF-8 RUN echo deb http://archive.debian.org/debian stretch main > /etc/apt/sources.list RUN echo deb http://archive.debian.org/debian-security stretch/updates main >> /etc/apt/sources.list RUN apt-get update RUN apt-get install -y --no-install-recommends apt-utils whiptail RUN apt-get dist-upgrade -y --no-install-recommends RUN apt-get install -y --no-install-recommends build-essential RUN echo deb http://archive.debian.org/debian stretch-backports main >> /etc/apt/sources.list RUN echo deb-src http://deb.debian.org/debian buster main >> /etc/apt/sources.list RUN apt-get update RUN printf 'Package: *\nPin: release n=*backports*\nPin-Priority: 499\n' > /etc/apt/preferences RUN apt-get build-dep -y --no-install-recommends cmake || : # This command fails RUN printf 'Package: *\nPin: release n=*backports*\nPin-Priority: 500\n' > /etc/apt/preferences RUN apt-get build-dep -y --no-install-recommends cmake # Success If you don't have docker, then you can do this instead: - Create fresh stretch system using "debootstrap --variant=minbase" - Then run commands above in this stretch one after one I tried commands above in docker and was able to reproduce the bug. I didn't try debootstrap way, but I'm nearly sure the bug will reproduce, too. If backports priority is set to 499, then "apt-get build-dep -y --no-install-recommends cmake" will print this: === # apt-get build-dep -y --no-install-recommends cmake Reading package lists... Done Building dependency tree... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: builddeps:cmake : Depends: libuv1-dev (>= 1.10) but 1.9.1-3 is to be installed E: Unable to correct problems, you have held broken packages. === I think this is a bug: dependecies can be satisfied if one really tries. If I set backports priority to 500, then "apt-get build-dep" is able to install needed packages. So, apt-get doesn't try hard enough. Requirement "libuv1-dev (>= 1.10)" can be satisfied: stretch-backports has libuv1-dev 1.34.2-1~bpo9+1, but it is ignored, and this is a bug. I reproduced this bug using apt 2.7.7. To do this I copied apt 2.7.7 binary and all its .so files to stretch and then I did run this: /tmp/apt-get.d/ld.so --library-path /tmp/apt-get.d/libs /tmp/apt-get.d/apt-get ... I. e. I was able to do this using "ld.so --library-path" trickery. Okay, now you may wonder why I think this is a bug, why I need this and why I don't like current behavior. Let me answer. Go to Debian IRC (a. k. a. OFTC IRC), join #debian channel and write to bot nicknamed "dpkg" the following text: "simple sid backport". The bot will respond to you with the following *very* helpful text: === First, check for a backport on <debian-backports>. If unavailable: 1) Add a deb-src line for sid (not a deb line!); ask me about <deb-src sid> 2) enable debian-backports (see <bdo>) 3) apt update; apt install build-essential; apt build-dep packagename 4) apt -b source packagename 5) dpkg -i packagename-ver.deb To change compilation options, see <package recompile>; for versions newer than sid see <uupdate>. === I use stretch as my main system. So I often need to backport packages. And I do this using instruction above. When I do 3rd step, i. e. "apt-get build-dep", I want apt to search in stretch and then in stretch-backports. Unfortunately, I was unable to find configuration, which achieve this. If I do not set apt_preferences at all, then stretch-backports is ignored by "apt-get build-dep" (reproduction steps listed above). If I set backports priority to 499, then the same happens. If I set backports priority to 500, then stretch-backports is prefered if its package is newer than stretch's. But stretch-backports always has newer packages than stretch, so stretch-backports is always prefered! But I want stretch to be prefered. Hence there is simply no configuration, which meets my goals. Again: I want stretch-backports to be visible, but I want stretch to be prefered over stretch-backports. Because stretch seems to be more stable than stretch-backports, but stretch-backports still can contain something useful. You may say: "Okay, what is problem? If "apt-get build-dep" doesn't work, then simply raise stretch-backports priority or type "apt-get build-dep -t stretch-backports"". Well, this will work if I do everything manually. But I currently write script, which automates that instruction from IRC bot. You may say: okay, just add to your script this: === if ! apt-get build-dep -y "$PKG"; then apt-get build-dep -t "$CODENAME"-backports -y "$PKG" fi === Well, I can write this. But this is a hack. Workaround for a bug! Okay, so I hope I described the bug well. Now let me tell you how I sent this mail. I sent it from docker container (with stretch inside), described above, using "reportbug". The container has apt 1.4.11 installed (as well as I understand, this is default stretch version). When "reportbug" spawned editor I manually replaced reportbug-generated header "Version: 1.4.11" with "Version: 2.7.7". But again: this is not lie! I actually was able to reproduce this bug using apt 2.7.7 using "ld.so --library-path". Again: the mail was sent from very same environment I used for reproducing this bug. I typed "apt-get build-dep -y --no-install-recommends cmake", saw that it fails and then typed "reportbug". Julian Klode said to me ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005752#10 ) that letters from @mail.ru are not delivered properly. So I sent this report from @gmail.com . I hope this time the letter will be delivered properly
That is good, because it is documented to behave this way… equal or higher than the current installed (if any) with the highest pin is the candidate – which is the one pinned to 500 as 499 is clearly lower than 500, end of the story. Sure, but in its default configuration apt is not supposed to try hard. Sometimes, "simple" is not enough. Sometimes backports are hard, but the bot can't help with that and that is for the better as hard equals dangerous in this case. You wouldn't complain about a bot telling you hat hiking up a mountain is easy, while that certainly doesn't apply to the 8k's. Support for stretch ended nearly a decade ago, LTS extended that slight to 2016, but that is still a long time ago. Hoping that current documentation would apply to a system that old is a bit of a … stretch. Not that it helps in what you asked first, but the current default for backports is 100 – but I implemented the involved feature set after squeeze if I remember right… you can manually set it to 100 through for a "upgrade from backports if a backports version was installed previously" behaviour (as in that case the highest pin will be 100). Well, I guess I would just go with -t always, but your choice really. Note that the "real" backports builder use an alternative apt configuration that frees it from its candidate shackles at the expense of other problems as choice, it turns out, is not always desired. The keywords are external solvers, aspcud and what not, but that isn't supported in squeeze either, I made that happen later… I think back in the day backports were using aptitude as builder as its solver is allowed by default to change candidates mid-flight. sbuild documentation is a good choice here as its part of the build infra. So, in summary, yes, apt doesn't switch candidates while running currently. Not even if they have the same pin value – where it might even make sense – and certainly not if they have different values. You may call that a bug, I call that a documented feature, and for the rest of the world lets call this report a wishlist item for a feature that might or might not be implemented in a future default solver (probably by writing said solver first). What I know is that we can't offer any assistance with your quest of backporting to the last decade. This is COMPLETELY unsupported. Best regards David Kalnischkies
I still think this is a bug. I will try to explain this more clearly.
I will show you exact sentence from "man apt_preferences",
which proves this, later in this mail.
Also, later in this mail I will show you a reproducer, which is
not linked to stretch and other old releases in any way.
"installed release", I didn't mean "installed version of particular
package in question, i. e. libuv1-dev". I meant "version of
the system", i. e. value of CODENAME field in /etc/os-release .
"man apt_preferences" says in the very beginning: "Subject
to dependency constraints, apt-get selects the version with
the highest priority for installation". Note "subject to
dependency constraints" here. This means that if version
with high priority is logically forbidden (i. e. it is not compatible
with dependency constraints), then apt chooses a
version with lower priority. And this is exactly what should
happen in my case. And it doesn't happen. And this is a bug.
So, again, let me describe the bug. My current OS is stretch.
Priority of main stretch repo is presumably set to 500, as well
as I understand. I add stretch-backports with priority 499. I
type "apt-get build-dep cmake", and this command fails. cmake
build-depends on libuv1-dev with constraint ">= 1.10". There
are two versions of libuv1-dev available:
- libuv1-dev 1.9.1-3 from stretch. Priority is 500
- libuv1-dev 1.34.2-1~bpo9+1 from stretch-backports. Priority is 499
(And currently libuv1-dev is not present on the system at all.)
It follows from my interpretation of the phrase "Subject to
dependency constraints" from "man apt_preferences", that
first apt should exclude logically inconsistent solutions. So it
should first exclude "libuv1-dev 1.9.1-3", because it is
inconsistent with the constraint ">= 1.10". Then apt should
choose version with highest priority from versions, which
are left. I. e. apt should choose "1.34.2-1~bpo9+1". But in
practice I see this error message:
===
# apt-get build-dep cmake
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
builddeps:cmake : Depends: libuv1-dev (>= 1.10) but 1.9.1-3 is to be installed
E: Unable to correct problems, you have held broken packages.
===
So, apt for whatever reasons prefers logically inconsistent
solution over consistent. Chooses wrong solution with high
priority over correct solution with low priority. Chooses
libuv1-dev 1.9.1-3 and then (of course) fails to install it,
because the constraints are violated.
Okay, so I hope now I convinced you that this is a bug.
Here is an absolutely standalone reproducer for this bug.
Run it on a throw-away sid system. (The letter continues
after the reproducer.)
=*=*=*=*=*=*=*=
#!/bin/bash
set -e
set -o pipefail
apt-get update
apt-get install -y --no-install-recommends dpkg-dev
rm -rf /etc/apt/sources.list.d /etc/apt/preferences.d /etc/apt/apt.conf.d
ARCH="$(dpkg --print-architecture)"
mkdir -p /sources/dependency-1/DEBIAN
mkdir -p /sources/dependency-2/DEBIAN
mkdir -p /sources/dependent/DEBIAN
cat << EOF > /sources/dependency-1/DEBIAN/control
Package: dependency
Version: 1
Description: AAA
Maintainer: AAA
Architecture: $ARCH
EOF
cat << EOF > /sources/dependency-2/DEBIAN/control
Package: dependency
Version: 2
Description: AAA
Maintainer: AAA
Architecture: $ARCH
EOF
cat << EOF > /sources/dependent/DEBIAN/control
Package: dependent
Version: 1
Depends: dependency (>= 2)
Description: AAA
Maintainer: AAA
Architecture: $ARCH
EOF
mkdir -p "/repo/dists/stable/main/binary-$ARCH"
mkdir -p "/repo/dists/backports/main/binary-$ARCH"
dpkg-deb --build /sources/dependency-1 "/repo/dists/stable/main/binary-$ARCH"
dpkg-deb --build /sources/dependency-2 "/repo/dists/backports/main/binary-$ARCH"
dpkg-deb --build /sources/dependent "/root"
(
cd /repo
dpkg-scanpackages "dists/stable/main/binary-$ARCH" >
"dists/stable/main/binary-$ARCH/Packages"
dpkg-scanpackages "dists/backports/main/binary-$ARCH" >
"dists/backports/main/binary-$ARCH/Packages"
)
cat << EOF > /repo/dists/stable/Release
Codename: stable
Architectures: $ARCH
Components: main
Date: Thu, 1 Jan 1970 00:00:00 UTC
EOF
cat << EOF > /repo/dists/backports/Release
Codename: backports
Architectures: $ARCH
Components: main
Date: Thu, 1 Jan 1970 00:00:00 UTC
EOF
cat << EOF > /etc/apt/sources.list
deb file:///repo stable main
deb file:///repo backports main
EOF
cat << EOF > /etc/apt/preferences
Package: *
Pin: release n=backports
Pin-Priority: 499
Package: *
Pin: release n=stable
Pin-Priority: 500
EOF
mkdir -p /etc/apt/preferences.d
mkdir -p /etc/apt/apt.conf.d
cat << EOF > /etc/apt/apt.conf
Acquire::AllowInsecureRepositories yes;
EOF
apt-get update --quiet --quiet
apt-get install "/root/dependent_1_${ARCH}.deb"
=*=*=*=*=*=*=*=
Here is output:
===
Get:1 http://deb.debian.org/debian sid InRelease [198 kB]
Get:2 http://deb.debian.org/debian sid/main amd64 Packages [9626 kB]
Fetched 9824 kB in 6s (1522 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
[..snip..]
Setting up dpkg-dev (1.22.2) ...
Processing triggers for libc-bin (2.37-12) ...
dpkg-deb: building package 'dependency' in
'/repo/dists/stable/main/binary-amd64/dependency_1_amd64.deb'.
dpkg-deb: building package 'dependency' in
'/repo/dists/backports/main/binary-amd64/dependency_2_amd64.deb'.
dpkg-deb: building package 'dependent' in '/root/dependent_1_amd64.deb'.
dpkg-scanpackages: info: Wrote 1 entries to output Packages file.
dpkg-scanpackages: info: Wrote 1 entries to output Packages file.
W: The repository 'file:/repo stable Release' is not signed.
W: No Hash entry in Release file
/var/lib/apt/lists/partial/_repo_dists_stable_Release
W: The repository 'file:/repo backports Release' is not signed.
W: No Hash entry in Release file
/var/lib/apt/lists/partial/_repo_dists_backports_Release
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'dependent' instead of '/root/dependent_1_amd64.deb'
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
dependent : Depends: dependency (>= 2) but 1 is to be installed
E: Unable to correct problems, you have held broken packages.
===
So, I reproduced the very same bug, but this time with fully
artifactual packages. Note that "build-dep" is not involved. Bug is
reproducible with the usual "apt-get install".
You mixed up stretch and squeeze. According to Wikipedia,
support for stretch ended in 2020.
Quoting Askar Safin (2024-01-02 16:05:03) This is not how the apt dependency solver works. The apt solver uses pin priorities to decide which package is the candidate version. What you want is a different solver that is able to ignore pin values and find a solution independent on what package has the highest pin priority. If you want that, then why don't you use a solver that is not apt for your problem? It feels to me like what you are describing as a bug is like saying that dash is buggy because it does not support arrays. If you want arrays when writing shell, use bash instead of dash. This is not a bug in dash as dash is intentionally made to not support arrays. In your case, maybe you should consider using aptitude or switch out the apt dependency resolver to aspcud? Thanks! cheers, josch
– at least not in the universal applicability you want it to have. Imagine this: Package: foo-a Depends: bar (>= 2) Package: foo-b Depends: bar (<= 1) If logical exclusion would really be our fist principle here bar is likely to flip-flop happily between version 1 and 2 depending on which foo the user has most recently "forced" upon the system and the upgrade state is at least in doubt: An old, outdated, potentially dropped from Debian, foo-b is holding back bar for all of eternity due to "dependency constraints". Hopefully bar isn't server software with giant security bugs… apts strategy to avoid this and similar problems is to pick an installation candidate for all packages before its considering if it has to install anything at all. This is what preferences is all about, defining which version will get to be the candidate. Other strategies exist with their own set of shortcomings as finding a solution is not in general the same as finding a user-acceptable solution. All that small incomplete sentence in the summary section of the manpage provides is that a solver *might* deviate from installing the highest version. It would be subject to dependency constraints to not install any version, too (compare e.g. also apt keeping back packages). Subject to parking regulations, you can park everywhere. If you park your car in an area not for parking you are subject to a fine – if you are spotted and the officer feels like it. Nothing guarantees you that you will be fined nor that the officer is subject to provide help to you to find a parking spot. They might do it anyhow if you ask nicely. It is dangerous to read too much into a few weak words. Things like "apt build-dep foo/stretch-backports" exist which can change the candidate based on version constraints. Other solvers like aptitudes default one (or as said the ascpud solver usually tasked with backports) might be more willing to offer such solutions than apts default solver in general. It is a choice with (in general) non-trivial non-binary answer(s). Best regards David Kalnischkies P.S.: True, seems like I mixed up stretch and squeeze – don't know how that happened… stretch actually has (external) ELTS support still. On the upside, you can use most of the things I hinted at and that Johannes has pointed you to as well now.
Johannes Schauer Marin Rodrigues: David Kalnischkies: Thank you for lengthy answers. Okay, then please apply the following patch. :) (Or something with similar meaning.) Feel free to close the bug when the patch is released. (Sent using "reportbug", so I hope whitespace is okay.) diff --git a/doc/apt_preferences.5.xml b/doc/apt_preferences.5.xml index 1b38ae1..1478770 100644 --- a/doc/apt_preferences.5.xml +++ b/doc/apt_preferences.5.xml @@ -39,12 +39,21 @@ for installation.</para> the &sources-list; file contains references to more than one distribution (for example, <literal>stable</literal> and <literal>testing</literal>). APT assigns a priority to each version that is available. -Subject to dependency constraints, <command>apt-get</command> selects the +<command>apt-get</command> selects the version with the highest priority for installation. The APT preferences override the priorities that APT assigns to package versions by default, thus giving the user control over which one is selected for installation.</para> +If picking the version with the highest priority leads to violation +of dependency constraints, then <emphasis>sometimes</emphasis> +apt chooses low-priority correct version instead of high-priority +incorrect one. But sometimes apt simply fails with an error message +in such situation, and this is not considered a bug. If you want package +manager to always choose low-priority correct version instead of +high-priority incorrect version in such situation, then use other package +managers instead of apt. + <para>Several instances of the same version of a package may be available when the &sources-list; file contains references to more than one source. In this case <command>apt-get</command> downloads the instance listed
This report is not about you and your misinterpretations.
You realize that you make it worse with that change, right, given I gave
a few examples in which apt-get DOES NOT do what your + says and
explicitly follows "dependency constraints" as said in - and by default,
its just that it doesn't do that always because that would be – in your
words – incorrect; at least according to the other constraints it has
for a solution.
^^^^^^^
^^^^^^^^^
In my previously given example foo-a and foo-b, please explain in detail
which version of bar is the correct vs. incorrect one. If you can't do
that you might want to reevaluate if a binary believe system is adequate
to represent the dependency world.
Many people tried before you, its called SAT solving and works great if
you give it problems not involving a choice as e.g. removing your entire
system is also a valid solution according to dependency constraints,
its just not a good solution for users, but users are not a constraint
for general propose SAT solvers. Is that good/bad or correct/incorrect?
Yes, no, maybe, depending on your use case: Use the right tool for the
current job at hand.
I already told you that you don't even need to use another package
manager, you just have to use one of many possible non-default options
depending on how far you wanna violate other constraints. Not gonna
repeat myself (and Johannes) for the third time…
Please ask in user support channels if you have further questions about
what the right tool is for a given use case and how to use it correctly.
Best regards
David Kalnischkies
I tried aptitude and it works! Thank you for your help! aptitude behaves properly in example from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=229775#66 (message 66). Moreover, stretch's aptitude version behaves properly (i. e. in the way I need). So, my problem is solved. But I still think "man apt_preferences" is incomplete. Please, add to the first page of the manual something like this: "apt's priority-aware dependency resolution algorithm is simplistic. Sometimes it is unable to find any solution. If you find yourself in such situation, consider using aptitude, it has advanced resolution algorithm"