Comment 1 Philipp Hahn 2017-11-09 15:08:07 CET

Here is the list of packages to rebuild:
 <https://etherpad-lite.knut.univention.de/etherpad/p/UCS-4.3-Debian-Stretch-Import>

Comment 2 Philipp Hahn 2017-12-22 09:35:52 CET

Some packages need a rebuild / re-import as the Debian-Version is newer than the current UCS version. Their import failed:

dpkg-query -W -f '${Package}\n' | xargs apt-cache policy | sed -ne '/^ /{H;$!b};x;/\*\*\* [^\n]*\n[^\n]*\/var\/lib\/dpkg\/status/p'

Currently the apt/ucs_4.3-0 repository is inconsistent, as it contains old packages, leading to wrong gnupg being announced (Bug #45912)

Some packages failed to import / rebuild - we still have dependencies on packages form Debian-Jessie?

debmirror imports wrong source package (glibc): Need to special-handle "Extra-Source-Only: yes"?

Comment 3 Philipp Hahn 2018-01-04 17:27:53 CET

(In reply to Philipp Hahn from comment #2)
> Some packages need a rebuild / re-import as the Debian-Version is newer than
> the current UCS version. Their import failed:
> 
> dpkg-query -W -f '${Package}\n' | xargs apt-cache policy | sed -ne '/^
> /{H;$!b};x;/\*\*\* [^\n]*\n[^\n]*\/var\/lib\/dpkg\/status/p'

All known packages FIXED manually

> Currently the apt/ucs_4.3-0 repository is inconsistent, as it contains old
> packages, leading to wrong gnupg being announced (Bug #45912)

gnupg fixed manually.
OPEN: Still need to remove duplicates.

> Some packages failed to import / rebuild - we still have dependencies on
> packages form Debian-Jessie?

OPEN: Need to check again

> debmirror imports wrong source package (glibc): Need to special-handle
> "Extra-Source-Only: yes"?

FIXED in repo-ng/debmirror

Comment 4 Philipp Hahn 2018-01-10 09:51:45 CET

(In reply to Philipp Hahn from comment #3)
> (In reply to Philipp Hahn from comment #2)
> > Currently the apt/ucs_4.3-0 repository is inconsistent, as it contains old
> > packages, leading to wrong gnupg being announced (Bug #45912)
> 
> gnupg fixed manually.
> OPEN: Still need to remove duplicates.

DONE: repo-check-duplicate-debs2 -s

> > Some packages failed to import / rebuild - we still have dependencies on
> > packages form Debian-Jessie?
> 
> OPEN: Need to check again

DONE: ~phahn/BUG/45642_debian-stretch/check-installable.py
 See Bug #45887

Comment 5 Arvid Requate 2018-02-14 09:00:36 CET

Created attachment 9386 [details]
check_ucs43_sources_against_debian_stretch.sh

Ok, I compared the versions noted in the Sources file between ucs_4.3-0 and stretch with the script attached. At the time of check there were only 6 source packages on the Debian side, which have a higher version than UCS, I guess due to pending updates on the Debian side? In the case of influxdb, the Debian stretch Sources list simply has both package versions, the one from stretch and the one from sid. So, I would consider this bug as basically verified. Anything else I should check here?

glibc:
ucs_version:     2.24-11+deb9u1
stretch_version: 2.24-11+deb9u2

golang-github-dgrijalva-jwt-go:
ucs_version:     3.0.0+REALLY.2.6.0-1
stretch_version: 3.0.0.1+REALLY.2.6.0-1

golang-github-spf13-cobra:
ucs_version:     0.0~git20161229.0.1dd5ff2-1
stretch_version: 0.0~git20170314.0.7be4bed-1

golang-gogoprotobuf:
ucs_version:     0.3-1
stretch_version: 0.3+git20170120.144.265e960d-1

golang-goleveldb:
ucs_version:     0+git20160825.6ae1797-2
stretch_version: 0.0~git20170302.0.3c5717c-4

influxdb:
ucs_version:     1.0.2+dfsg1-1
stretch_version: 1.1.1+dfsg1-4

Comment 6 Philipp Hahn 2018-02-14 10:52:18 CET

(In reply to Arvid Requate from comment #5)
> Ok, I compared the versions noted in the Sources file between ucs_4.3-0 and
> stretch with the script attached. At the time of check there were only 6
> source packages on the Debian side, which have a higher version than UCS, I
> guess due to pending updates on the Debian side?

No, you need to filter out "Extra-Source-Only: yes" packages; see Bug #45948.

> glibc:
> golang-github-dgrijalva-jwt-go:
> golang-github-spf13-cobra:
> golang-gogoprotobuf:
> golang-goleveldb:
> influxdb:

zcat /mnt/build-storage/upstream/{debian/dists/stretch,debian-security/dists/stretch/updates}/{main,contrib,non-free}/source/Sources.gz | grep-dctrl -n -s Package,Version -X -F Extra-Source-Only yes | paste - - -

Comment 7 Arvid Requate 2018-02-14 19:26:54 CET

Created attachment 9387 [details]
check_ucs43_sources_against_debian_stretch.sh

Ok, with the attached script I see that the version comparison between UCS 4.3 and Debian stretch is successful. Some updates from debian-security are missing currently in UCS 4.3, but that's an ongoing process, not really related to this bug, isn't it? Anyway, you asked me to check this list too, so here is the result:

# http://ftp.de.debian.org/debian-security/dists/stretch/updates/main/source/Sources.gz
# <package>   <ucsversion>   <debianversion>                                    
awstats: 7.6+dfsg-1      7.6+dfsg-1+deb9u1                                      
bind9:   1:9.10.3.dfsg.P4-12.3+deb9u3A~4.3.0.201801181816        1:9.10.3.dfsg.P4-12.3+deb9u4
chromium-browser:        63.0.3239.84-1~deb9u1   64.0.3282.119-1~deb9u1         
curl:    7.52.1-5+deb9u3 7.52.1-5+deb9u4                                        
ffmpeg:  7:3.2.9-1~deb9u1        7:3.2.10-1~deb9u1                              
firefox-esr:     52.5.2esr-1~deb9u1      52.6.0esr-1~deb9u1                     
gcab:    0.7-2   0.7-2+deb9u1                                                   
gdk-pixbuf:      2.36.5-2+deb9u1 2.36.5-2+deb9u2                                
gifsicle:        1.88-3  1.88-3+deb9u1                                          
libxml2: 2.9.4+dfsg1-2.2+deb9u1  2.9.4+dfsg1-2.2+deb9u2                         
mpv:     0.23.0-2        0.23.0-2+deb9u2                                        
openocd: 0.9.0-1 0.9.0-1+deb8u1                                                 
p7zip:   16.02+dfsg-3    16.02+dfsg-3+deb9u1                                    
poco:    1.7.6+dfsg1-5   1.7.6+dfsg1-5+deb9u1                                   
poppler: 0.48.0-2+deb9u1 0.48.0-2+deb9u2                                        
smarty3: 3.1.31+20161214.1.c7d42e4+selfpack1-2   3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1
thunderbird:     1:52.5.2-2~deb9u1       1:52.6.0-1~deb9u1                      
tiff:    4.0.8-2+deb9u1  4.0.8-2+deb9u2                                         
transmission:    2.92-2  2.92-2+deb9u1                                          
wireshark:       2.2.6+g32dac6a-2+deb9u1 2.2.6+g32dac6a-2+deb9u2                
wordpress:       4.7.5+dfsg-2+deb9u1     4.7.5+dfsg-2+deb9u2

Comment 8 Philipp Hahn 2018-02-15 16:27:41 CET

(In reply to Arvid Requate from comment #7)
> Some updates from debian-security are
> missing currently in UCS 4.3, but that's an ongoing process, not really
> related to this bug, isn't it?

We need to make a point somewhere, so I imported all the pending packages again: only "bind9" was re-build, all others where copied 1:1 from Debian-Security.
We will do at least one more finaly sync just before the release, everything after that then needs to go through the errata process.

|<package>         <common-verion>                        <ucs-version>          <debian-version>
|awstats           7.6+dfsg-1                                                    +deb9u1
|bind9             1:9.10.3.dfsg.P4-12.3+deb9u            3A~4.3.0.201801181816  4
|chromium-browser  6                                      3.0.3239.84-1~deb9u1   4.0.3282.119-1~deb9u1
|curl              7.52.1-5+deb9u                         3                      4
|ffmpeg            7:3.2.                                 9-1~deb9u1             10-1~deb9u1
|firefox-esr       52.                                    5.2esr-1~deb9u1        6.0esr-1~deb9u1
|gcab              0.7-2                                                         +deb9u1
|gdk-pixbuf        2.36.5-2+deb9u                         1                      2
|gifsicle          1.88-3                                                        +deb9u1
|libxml2           2.9.4+dfsg1-2.2+deb9u                  1                      2
|mpv               0.23.0-2                                                      +deb9u2
|openocd           0.9.0-1                                                       +deb8u1
|p7zip             16.02+dfsg-3                                                  +deb9u1
|poco              1.7.6+dfsg1-5                                                 +deb9u1
|poppler           0.48.0-2+deb9u                         1                      2
|smarty3           3.1.31+20161214.1.c7d42e4+selfpack1-2                         +deb9u1
|thunderbird       1:52.                                  5.2-2~deb9u1           6.0-1~deb9u1
|tiff              4.0.8-2+deb9u                          1                      2
|transmission      2.92-2                                                        +deb9u1

Plus more additions from today:
|libvorbis         1.3.5-4                                                       +deb9u1
|xen               4.8.                                   2+xsa245-0+deb9u1      3+comet2+shim4.10.0+comet3-1+deb9u4.1
|jackson-databind  2.8.6-1+deb9u                          2                      3

Package: bind9
Version: 1:9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201802151445
Branch: ucs_4.3-0

TODO: There is one problem with the way the import is done, for which I will file a new bug: "makepasswd" from ucs_4.3-0 needs the unmaintained "libbytes-random-secure-perl from ucs_4.2-0, which "announce_ucs_release" cannot handle.

WIP: "repo-check-duplicate-debs2 -s" is still running.

Comment 9 Arvid Requate 2018-02-15 17:09:13 CET

Ok, then I set it to interim-3.

Comment 10 Philipp Hahn 2018-02-21 08:40:36 CET

(In reply to Philipp Hahn from comment #6)
> (In reply to Arvid Requate from comment #5)
> > Ok, I compared the versions noted in the Sources file between ucs_4.3-0 and
> > stretch with the script attached. At the time of check there were only 6
> > source packages on the Debian side, which have a higher version than UCS, I
> > guess due to pending updates on the Debian side?
> 
> No, you need to filter out "Extra-Source-Only: yes" packages; see Bug #45948.
...
> zcat
> /mnt/build-storage/upstream/{debian/dists/stretch,debian-security/dists/
> stretch/updates}/{main,contrib,non-free}/source/Sources.gz | grep-dctrl -n
> -s Package,Version -X -F Extra-Source-Only yes | paste - - -

FYI: "apt-get source" as used by "repo_admin.py" does *NOT* honor the "Extra-Source-Only:yes" attribution and *always* imports the latest source version available; e.g. for "snappy" it downloads "1.1.4-1" instead of "1.1.3-3".
I filed Bug #46358 for repo-ng.
I have no idea if we imported any of that newer source version for UCS-4.3 - we probably should check that, too.

Comment 11 Philipp Hahn 2018-02-21 09:58:22 CET

I had to rebuild "exim4" as we forgot to switch "dpkg-vendor" to "univention" after setting up our pbuilder/ucs_4.3-0[_amd64].tgz from Debian-Stretch. This is set only once by "base-files.postinst". I fixed the tgz manually:
  ln -snf univention /etc/dpkg/origins/default

This lead to "exim4" still providing "default-mta":
  $ dpkg-deb -f ucs_4.3-0/*/exim4-daemon-light_4.89-2+deb9u3A~4.3.0.201802210931_*.deb Provides
  exim4-localscanapi-2.0, mail-transport-agent

No other package was found:
  for d in *_*4.3.0.201*.debian.tar*
  do tar xfO "$d" | grep --color dpkg-vendor && echo "$d"
  done

Comment 12 Philipp Hahn 2018-03-05 12:54:11 CET

[4.2] 240d6924 Bug #45642 debmirror: Merge override message

Comment 13 Arvid Requate 2018-03-06 16:02:50 CET

Ok, nearly all packages in the ucs_4.3-0 repository are newer or equal to the Debian stretch package versions. The first two exceptions have been made deliberately:

OK: linux:
Imported: 4.9.82-1+deb9u2
Debian:   4.9.82-1+deb9u3

OK: ca-certificates-java:
Imported: 20170531
Debian:   20170531+nmu1


Just very few newer Extra-Source-Only package versions have been imported accidentally, I think this is ok. Only with runc I'm sceptical because the imported version significantly differs fro the actual stretch version:


golang-github-opencontainers-specs:
Imported: 1.0.0~rc2+git20160926.38.1c7c27d-1
Debian:   1.0.0~rc1-1
Debian:   1.0.0~rc2+git20160926.38.1c7c27d-1      (Extra-Source-Only)

golang-github-rackspace-gophercloud: 
Imported: 1.0.0+git20161013.1012.e00690e8-1
Debian:   1.0.0+git20160603.920.934dbf8-1
Debian:   1.0.0+git20161013.1012.e00690e8-1       (Extra-Source-Only)

golang-github-vishvananda-netlink:
Imported: 0.0~git20170117.0.ebdfb74-1
Debian:   0.0~git20160629.0.e73bad4-1
Debian:   0.0~git20170117.0.ebdfb74-1             (Extra-Source-Only)

runc:
Imported: 1.0.0~rc2+git20161109.131.5137186-2
Debian:   0.1.1+dfsg1-2
Debian:   1.0.0~rc2+git20161109.131.5137186-2     (Extra-Source-Only)

Comment 14 Arvid Requate 2018-03-06 16:20:05 CET

Ok, thanks for checking runc again! As you explained, we already have package version 1.0.0~rc2-0ubuntu2~16.04.1 in UCS 4.2-0, so that's a valid exception too.

changelog-4.3-0.xml: Ok

Comment 15 Stefan Gohmann 2018-03-14 14:38:09 CET

UCS 4.3 has been released:
 https://docs.software-univention.de/release-notes-4.3-0-en.html
 https://docs.software-univention.de/release-notes-4.3-0-de.html

If this error occurs again, please use "Clone This Bug".