Debian Bug report logs - #787827
Broken version comparison in kernel postinst hook (apt-auto-removal)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Broken version comparison in kernel postinst hook (apt-auto-removal)

Date: Fri, 05 Jun 2015 13:58:08 +0100

Package: apt
Version: 1.0.9.10
Severity: important

Firstly, the script is currently not stripping the architecture from
names of foreign kernel packages, so I get these error messages:

/etc/kernel/postinst.d/apt-auto-removal:
dpkg: error: version '3.16.0-4-amd64:amd64' has bad syntax: epoch in version is not number
dpkg: error: version '3.16.0-4-amd64:amd64' has bad syntax: epoch in version is not number
dpkg: error: version '3.2.0-4-amd64:amd64' has bad syntax: epoch in version is not number
dpkg: error: version '3.2.0-4-amd64:amd64' has bad syntax: epoch in version is not number
dpkg: error: version '4.0.0-1-amd64:amd64' has bad syntax: epoch in version is not number
dpkg: error: version '4.0.0-1-amd64:amd64' has bad syntax: epoch in version is not number

Secondly, version comparisons between kernel release strings should be
done using the linux-version command from linux-base, not dpkg.  dpkg
does not know that e.g. 4.1-rc6 comes before 4.1.

Ben.

-- Package-specific info:

-- (/etc/apt/preferences present, but not submitted) --


-- (no /etc/apt/sources.list present) --


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Foreign Architectures: amd64, ppc64el, powerpc

Kernel: Linux 4.0.0-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  debian-archive-keyring  2014.3
ii  gnupg                   1.4.19-3
ii  libapt-pkg4.12          1.0.9.10
ii  libc6                   2.19-18
ii  libgcc1                 1:5.1.1-9
ii  libstdc++6              5.1.1-9

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc     <none>
ii  aptitude    0.6.11-1+b1
ii  dpkg-dev    1.18.1
ii  python-apt  0.9.4
ii  synaptic    0.81.3

-- no debconf information

Message #10 received at 787827@bugs.debian.org (full text, mbox, reply):

From: David Kalnischkies <david@kalnischkies.de>

To: Ben Hutchings <ben@decadent.org.uk>, 787827@bugs.debian.org

Subject: Re: Bug#787827: Broken version comparison in kernel postinst hook (apt-auto-removal)

Date: Wed, 10 Jun 2015 15:15:50 +0200

[Message part 1 (text/plain, inline)]

Control: tags -1 newcomer

On Fri, Jun 05, 2015 at 01:58:08PM +0100, Ben Hutchings wrote:
> Firstly, the script is currently not stripping the architecture from
> names of foreign kernel packages, so I get these error messages:
> 
> /etc/kernel/postinst.d/apt-auto-removal:
> dpkg: error: version '3.16.0-4-amd64:amd64' has bad syntax: epoch in version is not number
> dpkg: error: version '3.16.0-4-amd64:amd64' has bad syntax: epoch in version is not number
> dpkg: error: version '3.2.0-4-amd64:amd64' has bad syntax: epoch in version is not number
> dpkg: error: version '3.2.0-4-amd64:amd64' has bad syntax: epoch in version is not number
> dpkg: error: version '4.0.0-1-amd64:amd64' has bad syntax: epoch in version is not number
> dpkg: error: version '4.0.0-1-amd64:amd64' has bad syntax: epoch in version is not number

This is caused by 'dpkg-query -l' now printing 'pkg:arch' in the name
column since commit d658a8ec1110c9b3b20987cd903a54f59801117f (>= 1.18)
for packages from a non-native architecture, which was actually one of
the things reverted for the MultiArch dpkg implementation in Debian as
discussed e.g. here:
https://lists.debian.org/debian-dpkg/2011/12/msg00005.html
At the very least we are a lot closer to having a similar interface in
apt and dpkg now, which probably means that decision will be reverted…
aka: This only effects stretch and upward, not jessie.


Anyway, should be fixed anyhow for the unlikely event of M-A:same kernel
packages emerging regardless of what will dpkg do in the end as it
always prints the architecture for those.


> Secondly, version comparisons between kernel release strings should be
> done using the linux-version command from linux-base, not dpkg.  dpkg
> does not know that e.g. 4.1-rc6 comes before 4.1.

linux-base is prio:optional. Even through Debians Kernelpackages depend
on it, some derivatives don't (popcon indicates that). The script is
also called by kfreebsd and hurd kernel postinsts, where I suspect this
package to be found even less likely (even through it is arch:all, so it
should be available). I would very much prefer a "portable"
implementation without new dependencies; beside, the script rewrites
4.1-rc6 to 4.1~rc6 for the version comparison so we should be 'fine'
here in your example.

I guess we are better of finding the debian version of the kernel
packages for the sorting instead of deriving the version number from the
package name – and we should group kernels by that version rather than
avoiding certain matches explicitly (-dbg). I suspect the current
implementation to not behave very well on systems with multiple kernel
flavours (rt,pae,…) installed for example.


That could be an interesting project for a shell¹ scripter with close to
zero apt knowledge required to make it happen, but making a difference
on millions of computers – hence tagging newcomer.
Feel free to contact me by mail, IRC #debian-apt or at DebCamp/Conf15.

(I guess I will grab this myself in a few months if we have no volunteer
as its a bug(s) which should be fixed, but I have other apt projects
until then, so me tagging it 'newcomer' is actually a try to get it
fixed faster rather than putting it in the 'never too be touched again'
basket most newcomer bugs usually end up in unfortunately. So, grab it…)

¹ sorry, no perl. We have nobody who could review/maintain that.


Best regards

David Kalnischkies

[signature.asc (application/pgp-signature, inline)]

Message #21 received at 787827-submitter@bugs.debian.org (full text, mbox, reply):

From: David Kalnischkies <david@kalnischkies.de>

To: 787827-submitter@bugs.debian.org

Subject: Bug#787827 in apt marked as pending

Date: Mon, 14 Sep 2015 13:46:13 +0000

Control: tag 787827 pending

Hello,

Bug #787827 in apt reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    https://anonscm.debian.org/cgit/apt/apt.git/diff/?id=3196dae

---

Message #28 received at 787827-close@bugs.debian.org (full text, mbox, reply):

From: Michael Vogt <mvo@debian.org>

To: 787827-close@bugs.debian.org

Subject: Bug#787827: fixed in apt 1.1~exp13

Date: Mon, 05 Oct 2015 18:33:46 +0000

Source: apt
Source-Version: 1.1~exp13

We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 787827@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Vogt <mvo@debian.org> (supplier of updated apt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 05 Oct 2015 18:27:22 +0200
Source: apt
Binary: apt libapt-pkg5.0 libapt-inst2.0 apt-doc libapt-pkg-dev libapt-pkg-doc apt-utils apt-transport-https
Architecture: source all amd64
Version: 1.1~exp13
Distribution: experimental
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Michael Vogt <mvo@debian.org>
Description:
 apt        - commandline package manager
 apt-doc    - documentation for APT
 apt-transport-https - https download transport for APT
 apt-utils  - package management related utility programs
 libapt-inst2.0 - deb package format runtime library
 libapt-pkg-dev - development files for APT's libapt-pkg and libapt-inst
 libapt-pkg-doc - documentation for APT development
 libapt-pkg5.0 - package management runtime library
Closes: 787827 795600 798919 799857
Changes:
 apt (1.1~exp13) experimental; urgency=medium
 .
   [ Michael Vogt ]
   * Use xgettext --no-location in make update-pot
   * Fix select timeout to be 50msec instead of 0.5msec (Closes: #799857)
 .
   [ David Kalnischkies ]
   * M-A: allowed pkgs of unconfigured archs do not statisfy :any
   * implement dpkgs vision of interpreting pkg:<arch> dependencies
   * add Source-Version field for EDSP
   * fix insecure use of /tmp in EDSP solver 'dump' (Closes: 795600)
   * select kernels to protect from autoremove based on Debian version
     (Closes: 787827)
   * implement autobit and pinning in EDSP solver 'apt'
   * do not discard new manual-bits while applying EDSP solutions
   * include debug information in the autoremove-kernels file
   * avoid using global PendingError to avoid failing too often too soon
   * implement apt-get source msg 'Please use: $vcs' for git
   * do not ignore differently versioned self-provides
   * do not generate bogus hashes if hash is disabled in apt-ftparchive
   * use APT::FTPArchive hash settings as default for APT::FPArchive::$filetype
   * add --sha512 option + documentation for apt-ftparchive
   * deal with spaces in path, command and filepaths in apt-key
   * add by-hash sources.list option and document all of by-hash
   * fallback to well-known URI if by-hash fails (Closes: 798919)
Checksums-Sha1:
 4985d090c31f817656a1fb5c0c963116ec4c94f9 2331 apt_1.1~exp13.dsc
 c6329af467bf34e93dd0173ff17cf4e5a142013c 1920752 apt_1.1~exp13.tar.xz
 6b5941c94a2ac5df73866e1370f77be8c5480cf7 310336 apt-doc_1.1~exp13_all.deb
 4c629f1b3da55a2f1a5a356adea82d50d08750be 144306 apt-transport-https_1.1~exp13_amd64.deb
 641be979f3c1d73101a3bdb2c27eecef69971563 377708 apt-utils_1.1~exp13_amd64.deb
 1cddf31676d11d039edbd0708566fccb8cf9be40 1088278 apt_1.1~exp13_amd64.deb
 9711585e272e524f0f39456fe3fdba2864bc0b0d 175094 libapt-inst2.0_1.1~exp13_amd64.deb
 3622da3d22a530b07ee5b89e9f8a9981b3427ca7 211278 libapt-pkg-dev_1.1~exp13_amd64.deb
 e7ef1ba04629a5eeddc58b34780551c34c89adca 960252 libapt-pkg-doc_1.1~exp13_all.deb
 fb28e555bab86c61a2a6c3064e3eaf8eef72959c 776508 libapt-pkg5.0_1.1~exp13_amd64.deb
Checksums-Sha256:
 3ec7582f4c55d87a550dbeb60183d6a348511f9bc973a1e1bdb4fe4d84f1ea2c 2331 apt_1.1~exp13.dsc
 1ce58172b880bad45ae061cabb26ef2c5b8b631eec2d122cac617688f609cfe9 1920752 apt_1.1~exp13.tar.xz
 788142d5724b759a0d2d8788c3e0b4efd78483e6a69f2dd368d3977cd673f7d6 310336 apt-doc_1.1~exp13_all.deb
 113e2e3e9ad54c8df1b60d645ef91aa3473e8450f71f8dcff0f58a8849e851b3 144306 apt-transport-https_1.1~exp13_amd64.deb
 34ab727943acff65d08397fd4bc2f871fc01ea2bedbccc528a665f73e93cec3a 377708 apt-utils_1.1~exp13_amd64.deb
 75450e734076eb0b8abef3f291b8f7924d9d9e9c26bf937ae7853508cc70c781 1088278 apt_1.1~exp13_amd64.deb
 85c8632151276651b3a319a5a44ffe88d21115e50a3fb36361bfc8cb8972f635 175094 libapt-inst2.0_1.1~exp13_amd64.deb
 5a139f92fd589dfce5c5b64bac945b6760cd3fc34d690e5ef21820573efbeda9 211278 libapt-pkg-dev_1.1~exp13_amd64.deb
 c1bc42428d8d7d97e5c2db8dc5407c1352607f3ab2bfc3e84614c001a3d1b1e0 960252 libapt-pkg-doc_1.1~exp13_all.deb
 f06bdd0a716c322871d1738e6c854dcb6ad4dee625efdd13eb7fc10f96233b78 776508 libapt-pkg5.0_1.1~exp13_amd64.deb
Files:
 f7fef994739ae046b03db38b5cda1081 2331 admin important apt_1.1~exp13.dsc
 a25e64cda1e4935c8bd69af434cc85e4 1920752 admin important apt_1.1~exp13.tar.xz
 b1899184ed13db88e153146cfa4f3af2 310336 doc optional apt-doc_1.1~exp13_all.deb
 505c6fe81f8992fd69665215f38c7dd2 144306 admin optional apt-transport-https_1.1~exp13_amd64.deb
 b102afbda4286326f768c4e367e504f2 377708 admin important apt-utils_1.1~exp13_amd64.deb
 475b965d7629cdc1decc5d9a323114b0 1088278 admin important apt_1.1~exp13_amd64.deb
 4174ef58a7f839aad70bd197800f1ec9 175094 libs important libapt-inst2.0_1.1~exp13_amd64.deb
 6df8d66178020afeaac087b668412975 211278 libdevel optional libapt-pkg-dev_1.1~exp13_amd64.deb
 d0d2b6f6c25432329eb6df7abe449298 960252 doc optional libapt-pkg-doc_1.1~exp13_all.deb
 2bc1bb452d69c007594321d32dd2a73e 776508 libs important libapt-pkg5.0_1.1~exp13_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWErjuAAoJEJjKuzq9TKWeoYEQALheKJ2h2FEnME1lpAiGFImy
Q60a+YII8uWJerKMD+jHt7bFX7Op8nDSDtbdnrqG3FEmuH+5aYnFq4Nj/IC8U64Y
RZLRabT3RfHaKAKfGvs5KgitmzUOtJAOzngK5/07FCK/l0Dbza22+uclAeOx3MGJ
lKLAu4u7nctoq7LwCNeqMYhH2fSaDRfQy7BMejfNXYkR9A+H9BT6ChAzo/+GzCCO
DB5E0GW+S9DY0A+0etzJ+Rjtg+Lbo5BdFkVHfPI1pE3VTu1FeOWF08cwcWZqtaHw
r+d7Wosqpl8oxaNGponMeXe9jQzoDwdc6/8mPFJevpYz4JDFDW9feGZhIP6/O0Nq
tE77/bwKxhMOU07ciJwiTL+aPwcGBKWWU5m+zvgzEkZ1F3lSGzJ9iBAgzC4l4dFc
GHg7JjIROgcHSsMu3xBnxqQ7Q9izGS+P9sxvA75oNuGW49sG6FWtr3bAB/cNa2/u
DO+KK9vtWYqQ47SCIzONHp7MOTtokzhEH15lejY4uJwN52gsBaHvFWy8AUvQVBcL
F1l01ZQGL4CrmUvHu7/02LjRl3xBCCk/1MpjVDmO0ED3anKrP8Ti6VF0fS2ltRr/
R/+qBuQieVHNh866zhoIZN8uIRyqG3EJWH+AtqWe9P78bjyubgADtq5VsJInnW+A
rFq3ttXLHFzghJIu2Z1r
=GRci
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.