Univention Bugzilla – Bug 45642
Import Debian-Stretch 9.2
Last modified: 2018-03-14 14:38:09 CET
Here is the list of packages to rebuild: <https://etherpad-lite.knut.univention.de/etherpad/p/UCS-4.3-Debian-Stretch-Import>
Some packages need a rebuild / re-import as the Debian-Version is newer than the current UCS version. Their import failed: dpkg-query -W -f '${Package}\n' | xargs apt-cache policy | sed -ne '/^ /{H;$!b};x;/\*\*\* [^\n]*\n[^\n]*\/var\/lib\/dpkg\/status/p' Currently the apt/ucs_4.3-0 repository is inconsistent, as it contains old packages, leading to wrong gnupg being announced (Bug #45912) Some packages failed to import / rebuild - we still have dependencies on packages form Debian-Jessie? debmirror imports wrong source package (glibc): Need to special-handle "Extra-Source-Only: yes"?
(In reply to Philipp Hahn from comment #2) > Some packages need a rebuild / re-import as the Debian-Version is newer than > the current UCS version. Their import failed: > > dpkg-query -W -f '${Package}\n' | xargs apt-cache policy | sed -ne '/^ > /{H;$!b};x;/\*\*\* [^\n]*\n[^\n]*\/var\/lib\/dpkg\/status/p' All known packages FIXED manually > Currently the apt/ucs_4.3-0 repository is inconsistent, as it contains old > packages, leading to wrong gnupg being announced (Bug #45912) gnupg fixed manually. OPEN: Still need to remove duplicates. > Some packages failed to import / rebuild - we still have dependencies on > packages form Debian-Jessie? OPEN: Need to check again > debmirror imports wrong source package (glibc): Need to special-handle > "Extra-Source-Only: yes"? FIXED in repo-ng/debmirror
(In reply to Philipp Hahn from comment #3) > (In reply to Philipp Hahn from comment #2) > > Currently the apt/ucs_4.3-0 repository is inconsistent, as it contains old > > packages, leading to wrong gnupg being announced (Bug #45912) > > gnupg fixed manually. > OPEN: Still need to remove duplicates. DONE: repo-check-duplicate-debs2 -s > > Some packages failed to import / rebuild - we still have dependencies on > > packages form Debian-Jessie? > > OPEN: Need to check again DONE: ~phahn/BUG/45642_debian-stretch/check-installable.py See Bug #45887
Created attachment 9386 [details] check_ucs43_sources_against_debian_stretch.sh Ok, I compared the versions noted in the Sources file between ucs_4.3-0 and stretch with the script attached. At the time of check there were only 6 source packages on the Debian side, which have a higher version than UCS, I guess due to pending updates on the Debian side? In the case of influxdb, the Debian stretch Sources list simply has both package versions, the one from stretch and the one from sid. So, I would consider this bug as basically verified. Anything else I should check here? glibc: ucs_version: 2.24-11+deb9u1 stretch_version: 2.24-11+deb9u2 golang-github-dgrijalva-jwt-go: ucs_version: 3.0.0+REALLY.2.6.0-1 stretch_version: 3.0.0.1+REALLY.2.6.0-1 golang-github-spf13-cobra: ucs_version: 0.0~git20161229.0.1dd5ff2-1 stretch_version: 0.0~git20170314.0.7be4bed-1 golang-gogoprotobuf: ucs_version: 0.3-1 stretch_version: 0.3+git20170120.144.265e960d-1 golang-goleveldb: ucs_version: 0+git20160825.6ae1797-2 stretch_version: 0.0~git20170302.0.3c5717c-4 influxdb: ucs_version: 1.0.2+dfsg1-1 stretch_version: 1.1.1+dfsg1-4
(In reply to Arvid Requate from comment #5) > Ok, I compared the versions noted in the Sources file between ucs_4.3-0 and > stretch with the script attached. At the time of check there were only 6 > source packages on the Debian side, which have a higher version than UCS, I > guess due to pending updates on the Debian side? No, you need to filter out "Extra-Source-Only: yes" packages; see Bug #45948. > glibc: > golang-github-dgrijalva-jwt-go: > golang-github-spf13-cobra: > golang-gogoprotobuf: > golang-goleveldb: > influxdb: zcat /mnt/build-storage/upstream/{debian/dists/stretch,debian-security/dists/stretch/updates}/{main,contrib,non-free}/source/Sources.gz | grep-dctrl -n -s Package,Version -X -F Extra-Source-Only yes | paste - - -
Created attachment 9387 [details] check_ucs43_sources_against_debian_stretch.sh Ok, with the attached script I see that the version comparison between UCS 4.3 and Debian stretch is successful. Some updates from debian-security are missing currently in UCS 4.3, but that's an ongoing process, not really related to this bug, isn't it? Anyway, you asked me to check this list too, so here is the result: # http://ftp.de.debian.org/debian-security/dists/stretch/updates/main/source/Sources.gz # <package> <ucsversion> <debianversion> awstats: 7.6+dfsg-1 7.6+dfsg-1+deb9u1 bind9: 1:9.10.3.dfsg.P4-12.3+deb9u3A~4.3.0.201801181816 1:9.10.3.dfsg.P4-12.3+deb9u4 chromium-browser: 63.0.3239.84-1~deb9u1 64.0.3282.119-1~deb9u1 curl: 7.52.1-5+deb9u3 7.52.1-5+deb9u4 ffmpeg: 7:3.2.9-1~deb9u1 7:3.2.10-1~deb9u1 firefox-esr: 52.5.2esr-1~deb9u1 52.6.0esr-1~deb9u1 gcab: 0.7-2 0.7-2+deb9u1 gdk-pixbuf: 2.36.5-2+deb9u1 2.36.5-2+deb9u2 gifsicle: 1.88-3 1.88-3+deb9u1 libxml2: 2.9.4+dfsg1-2.2+deb9u1 2.9.4+dfsg1-2.2+deb9u2 mpv: 0.23.0-2 0.23.0-2+deb9u2 openocd: 0.9.0-1 0.9.0-1+deb8u1 p7zip: 16.02+dfsg-3 16.02+dfsg-3+deb9u1 poco: 1.7.6+dfsg1-5 1.7.6+dfsg1-5+deb9u1 poppler: 0.48.0-2+deb9u1 0.48.0-2+deb9u2 smarty3: 3.1.31+20161214.1.c7d42e4+selfpack1-2 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1 thunderbird: 1:52.5.2-2~deb9u1 1:52.6.0-1~deb9u1 tiff: 4.0.8-2+deb9u1 4.0.8-2+deb9u2 transmission: 2.92-2 2.92-2+deb9u1 wireshark: 2.2.6+g32dac6a-2+deb9u1 2.2.6+g32dac6a-2+deb9u2 wordpress: 4.7.5+dfsg-2+deb9u1 4.7.5+dfsg-2+deb9u2
(In reply to Arvid Requate from comment #7) > Some updates from debian-security are > missing currently in UCS 4.3, but that's an ongoing process, not really > related to this bug, isn't it? We need to make a point somewhere, so I imported all the pending packages again: only "bind9" was re-build, all others where copied 1:1 from Debian-Security. We will do at least one more finaly sync just before the release, everything after that then needs to go through the errata process. |<package> <common-verion> <ucs-version> <debian-version> |awstats 7.6+dfsg-1 +deb9u1 |bind9 1:9.10.3.dfsg.P4-12.3+deb9u 3A~4.3.0.201801181816 4 |chromium-browser 6 3.0.3239.84-1~deb9u1 4.0.3282.119-1~deb9u1 |curl 7.52.1-5+deb9u 3 4 |ffmpeg 7:3.2. 9-1~deb9u1 10-1~deb9u1 |firefox-esr 52. 5.2esr-1~deb9u1 6.0esr-1~deb9u1 |gcab 0.7-2 +deb9u1 |gdk-pixbuf 2.36.5-2+deb9u 1 2 |gifsicle 1.88-3 +deb9u1 |libxml2 2.9.4+dfsg1-2.2+deb9u 1 2 |mpv 0.23.0-2 +deb9u2 |openocd 0.9.0-1 +deb8u1 |p7zip 16.02+dfsg-3 +deb9u1 |poco 1.7.6+dfsg1-5 +deb9u1 |poppler 0.48.0-2+deb9u 1 2 |smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2 +deb9u1 |thunderbird 1:52. 5.2-2~deb9u1 6.0-1~deb9u1 |tiff 4.0.8-2+deb9u 1 2 |transmission 2.92-2 +deb9u1 Plus more additions from today: |libvorbis 1.3.5-4 +deb9u1 |xen 4.8. 2+xsa245-0+deb9u1 3+comet2+shim4.10.0+comet3-1+deb9u4.1 |jackson-databind 2.8.6-1+deb9u 2 3 Package: bind9 Version: 1:9.10.3.dfsg.P4-12.3+deb9u4A~4.3.0.201802151445 Branch: ucs_4.3-0 TODO: There is one problem with the way the import is done, for which I will file a new bug: "makepasswd" from ucs_4.3-0 needs the unmaintained "libbytes-random-secure-perl from ucs_4.2-0, which "announce_ucs_release" cannot handle. WIP: "repo-check-duplicate-debs2 -s" is still running.
Ok, then I set it to interim-3.
(In reply to Philipp Hahn from comment #6) > (In reply to Arvid Requate from comment #5) > > Ok, I compared the versions noted in the Sources file between ucs_4.3-0 and > > stretch with the script attached. At the time of check there were only 6 > > source packages on the Debian side, which have a higher version than UCS, I > > guess due to pending updates on the Debian side? > > No, you need to filter out "Extra-Source-Only: yes" packages; see Bug #45948. ... > zcat > /mnt/build-storage/upstream/{debian/dists/stretch,debian-security/dists/ > stretch/updates}/{main,contrib,non-free}/source/Sources.gz | grep-dctrl -n > -s Package,Version -X -F Extra-Source-Only yes | paste - - - FYI: "apt-get source" as used by "repo_admin.py" does *NOT* honor the "Extra-Source-Only:yes" attribution and *always* imports the latest source version available; e.g. for "snappy" it downloads "1.1.4-1" instead of "1.1.3-3". I filed Bug #46358 for repo-ng. I have no idea if we imported any of that newer source version for UCS-4.3 - we probably should check that, too.
I had to rebuild "exim4" as we forgot to switch "dpkg-vendor" to "univention" after setting up our pbuilder/ucs_4.3-0[_amd64].tgz from Debian-Stretch. This is set only once by "base-files.postinst". I fixed the tgz manually: ln -snf univention /etc/dpkg/origins/default This lead to "exim4" still providing "default-mta": $ dpkg-deb -f ucs_4.3-0/*/exim4-daemon-light_4.89-2+deb9u3A~4.3.0.201802210931_*.deb Provides exim4-localscanapi-2.0, mail-transport-agent No other package was found: for d in *_*4.3.0.201*.debian.tar* do tar xfO "$d" | grep --color dpkg-vendor && echo "$d" done
[4.2] 240d6924 Bug #45642 debmirror: Merge override message
Ok, nearly all packages in the ucs_4.3-0 repository are newer or equal to the Debian stretch package versions. The first two exceptions have been made deliberately: OK: linux: Imported: 4.9.82-1+deb9u2 Debian: 4.9.82-1+deb9u3 OK: ca-certificates-java: Imported: 20170531 Debian: 20170531+nmu1 Just very few newer Extra-Source-Only package versions have been imported accidentally, I think this is ok. Only with runc I'm sceptical because the imported version significantly differs fro the actual stretch version: golang-github-opencontainers-specs: Imported: 1.0.0~rc2+git20160926.38.1c7c27d-1 Debian: 1.0.0~rc1-1 Debian: 1.0.0~rc2+git20160926.38.1c7c27d-1 (Extra-Source-Only) golang-github-rackspace-gophercloud: Imported: 1.0.0+git20161013.1012.e00690e8-1 Debian: 1.0.0+git20160603.920.934dbf8-1 Debian: 1.0.0+git20161013.1012.e00690e8-1 (Extra-Source-Only) golang-github-vishvananda-netlink: Imported: 0.0~git20170117.0.ebdfb74-1 Debian: 0.0~git20160629.0.e73bad4-1 Debian: 0.0~git20170117.0.ebdfb74-1 (Extra-Source-Only) runc: Imported: 1.0.0~rc2+git20161109.131.5137186-2 Debian: 0.1.1+dfsg1-2 Debian: 1.0.0~rc2+git20161109.131.5137186-2 (Extra-Source-Only)
Ok, thanks for checking runc again! As you explained, we already have package version 1.0.0~rc2-0ubuntu2~16.04.1 in UCS 4.2-0, so that's a valid exception too. changelog-4.3-0.xml: Ok
UCS 4.3 has been released: https://docs.software-univention.de/release-notes-4.3-0-en.html https://docs.software-univention.de/release-notes-4.3-0-de.html If this error occurs again, please use "Clone This Bug".