The Debian source packages orcania, ulfius and yder are imported into UCS 5.0-x with a higher version than what is in UCS 5.1/5.2 (Debian-Bookworm): arequate@omar:~$ repo_stat.py yder Version 1.4.4-4 Rev 150997 Date 2019-12-15 10:06:27 Release 5.0-0-0 Version 1.4.19-1 Rev 171286 Date 2024-01-24 20:13:56 Release 5.1-0-0 Version 1.4.20-1 Rev 171057 Date 2023-11-11 22:00:32 Release 5.0-0-0 Scope errata5.0-6 Release 5.0-0-0 Scope fbest-oidc arequate@omar:~$ repo_stat.py ulfius Version 2.5.2-4 Rev 150157 Date 2019-12-15 07:52:58 Release 5.0-0-0 Version 2.5.2-4+deb10u1 Rev 158851 Date 2021-12-09 13:58:48 Release 5.0-0-0 Scope ucs5.0-1 Version 2.7.13-1 Rev 171287 Date 2024-01-24 20:17:52 Release 5.1-0-0 Version 2.7.14-1 Rev 171054 Date 2023-11-11 19:11:47 Release 5.0-0-0 Scope errata5.0-6 Release 5.0-0-0 Scope fbest-oidc arequate@omar:~$ repo_stat.py orcania Version 1.2.9-5 Rev 143731 Date 2019-12-14 17:05:27 Release 5.0-0-0 Version 2.3.2-1 Rev 171285 Date 2024-01-24 20:04:36 Release 5.1-0-0 Version 2.3.3-1 Rev 171055 Date 2023-11-11 19:12:05 Release 5.0-0-0 Scope errata5.0-6 We should check if we can switch to the Debian-Bookworm packages (possibly with a few required patches on top) to get them covered by Debian security updates.
https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/yder/ https://tracker.debian.org/pkg/yder stable: 1.4.19-1 testing: 1.4.20-1.1 https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/ulfius/ https://tracker.debian.org/pkg/ulfius stable: 2.7.13-1 testing: 2.7.15-2.2 https://univention-dist-binpkg-webgui.k8s.knut.univention.de/source/orcania/ https://tracker.debian.org/pkg/orcania stable: 2.3.2-1 testing: 2.3.3-1 <https://forge.univention.org/bugzilla/show_bug.cgi?id=49006#c11> lies as the package were not taken from "stable Debian 12 Bookworm", but from "testing Debian 12 Trixie"
Maybe we can use apt pinning for this like we did for runc in commit 50165ebd9ec5f8c98ed109d89863259097f6f917
* https://github.com/babelouest/orcania/commits/master/ shows this patch included in UCS but not yet in Bookworm: * https://github.com/babelouest/orcania/commit/313b81740babc54779e52df1444c8c29b89af0dc * Likewise ulfius has https://github.com/babelouest/ulfius/commit/d4647aa09ec762599f39c586ed5f92a6175e16e2 and 3-4 additional commits sine 2.7.13 I propose picking up these patches to not go backwards with regards to fixed bugs. But we should be based on the Bookworm packages to get notified in case something security related is discovered by Debian.
As discussed, we intended to do: > repo_admin.py -U -d trixie -p yder -r 5.2 but that pulls a version 1.4.20-1.1 which contains this probably breaking ABI change: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063303 So instead I cherry-picked the package from errata5.0-6 to 5.2: A patch has been found and merged Cherry picked package yder[171057] version 1.4.20-1 from 5.0-0-0[83]/errata5.0-6[687] to 5.2[85]/[0] 985b56e66 | Dummy patch to trigger repo-ng version timestamping Package: yder Version: 1.4.20-1A~5.2.0.202412031645 Branch: ucs_5.2-0 But that FTBFS: /var/univention/buildsystem2/logs/ucs_5.2-0/yder_1.4.20-1A~5.2.0.202412031645_202412031645.log
Ok, it's just a matter of ordering builds: === CMake Error at CMakeLists.txt:168 (find_package): Could not find a configuration file for package "Orcania" that is compatible with requested version "2.3.3". The following configuration files were considered but not accepted: /usr/lib/x86_64-linux-gnu/cmake/Orcania/OrcaniaConfig.cmake, version: 2.3.2 /lib/x86_64-linux-gnu/cmake/Orcania/OrcaniaConfig.cmake, version: 2.3.2 ===
A patch has been found and merged Cherry picked package orcania[171055] version 2.3.3-1 from 5.0-0-0[83]/errata5.0-6[687] to 5.2[85]/[0] A patch has been found and merged Cherry picked package ulfius[171054] version 2.7.14-1 from 5.0-0-0[83]/errata5.0-6[687] to 5.2[85]/[0] 6fb53d222 | Dummy patch to trigger repo-ng version timestamping Package: orcania Version: 2.3.3-1A~5.2.0.202412031722 Branch: 5.2-0 Package: yder Version: 1.4.20-1A~5.2.0.202412031724 Branch: 5.2-0 Package: ulfius Version: 2.7.14-1A~5.2.0.202412031725 Branch: 5.2-0
for all packages the 5.1 version is lower as the 5.0-9 version libulfius2.7 2.7.14-1A~5.2.0.202412031725 500 500 http://updates-test.software-univention.de ucs520/main amd64 Packages *** 2.7.14-1A~5.0.0.202401241552 500 500 http://updates-test.software-univention.de ucs509/main amd64 Packages 100 /var/lib/dpkg/status 2.7.13-1 500 500 http://updates-test.software-univention.de ucs510/main amd64 Packages not sure if that is a problem, what do you think?