Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #294
task-kde-desktop silently pulls in unattended-upgrades

version graph

Package: python3-software-properties; Maintainer for python3-software-properties is (unknown); Source for python3-software-properties is src:software-properties.

Reported by: Olaf Meeuwissen <paddy-hack@member.fsf.org>

Date: Sun, 17 Feb 2019 11:33:01 UTC

Severity: normal

Tags: debian

Fixed in version 0.99.30-1

Done: Mark Hindley <mark@hindley.org.uk>

Forwarded to https://bugs.debian.org/447701

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: owner@bugs.devuan.org
From: "Devuan bug Tracking System" <owner@bugs.devuan.org>
To: Mark Hindley <mark@hindley.org.uk>
Subject: bug#294: marked as done (task-kde-desktop silently pulls in
 unattended-upgrades)
Message-ID: <handler.294.D294.16765572379680.ackdone@bugs.devuan.org>
References: <Y+47oVtN/HaSAlO3@hindley.org.uk> <87h8d2slob.fsf@member.fsf.org>
X-Devuan-PR-Message: closed 294
X-Devuan-PR-Package: python3-software-properties
X-Devuan-PR-Keywords: debian
Reply-To: 294@bugs.devuan.org
Date: Thu, 16 Feb 2023 14:22:04 +0000
Content-Type: multipart/mixed; boundary="----------=_1676557324-9693-0"

[Message part 1 (text/plain, inline)]
Your message dated Thu, 16 Feb 2023 14:20:17 +0000
with message-id <Y+47oVtN/HaSAlO3@hindley.org.uk>
and subject line Fixed in Debian #447701
has caused the Devuan bug report #294,
regarding task-kde-desktop silently pulls in unattended-upgrades
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.devuan.org
immediately.)


-- 
294: https://bugs.devuan.org/cgi/bugreport.cgi?bug=294
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems

[Message part 2 (message/rfc822, inline)]
From: Olaf Meeuwissen <paddy-hack@member.fsf.org>
To: submit@bugs.devuan.org
Subject: task-kde-desktop silently pulls in unattended-upgrades
Date: Sun, 17 Feb 2019 20:23:48 +0900
[Message part 3 (text/plain, inline)]
Package: tasksel
Version: 3.48+devuan1

This came up on the mailing list[1] and Katolaz asked if I could submit
a bug report against this package so it would not be forgotten.

 [1]: https://lists.dyne.org/lurker/thread/20190214.170424.6845e4be.en.html

The general consensus on the mailing list was that unattended-upgrades
should not "slip in a standard Devuan install unnoticed".

On the mailing list I provided details based on ASCII but I figured it
would be more useful to look at beowulf.  The following is based on an
up-to-date (2019-02-17) Docker image[2].

 [2]: docker pull registry.gitlab.com/paddy-hack/devuan/slim:beowulf

First off, I must say that the approach I used on the mailing list is
flawed.  It does not handle the case of alternatives correctly as it
chases down dependency relations for *all* listed alternatives.  This
leads to false positives.

# All desktop tasks listed all desktop tasks as their dependencies in
# the case Recommends: are allowed :-/

So I followed a slightly different approach and did dry-run installs in
my devuan/slim:beowulf Docker image.

After installing tasksel, I ran

  tasksel --list-tasks \
    | awk '$2 ~ /desktop/ { print $2 }' \
    | while read task; do
        package=$(tasksel --task-packages $task)
        apt-get --dry-run install --install-recommends \
                $package > $package.install-recommends-dry-run
      done
  grep -l unattended-upgrades *.install-recommends-dry-run

That yielded

  task-kde-desktop.install-recommends-dry-run

So the KDE desktop task is the only supported Devuan desktop tasks that
would "slip in unattended-upgrades unnoticed".

I've attached the output of

  apt-cache depends --recurse --no-suggests --no-conflicts --no-breaks \
            --no-enhances --no-replaces task-kde-desktop

so you check for yourself but unattended-upgrades gets pulled in via a
rather complex dependency chain that may not be easy to break :-/

# Much, much more so with beowulf than in ascii.

I think the easiest way to get out of this "mess" is to downgrade the
dependency on unattended-upgrades from a Recommends: to a Suggests: in
python3-software-properties.

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join

[task-kde-desktop.depends (text/plain, attachment)]
[Message part 5 (message/rfc822, inline)]
From: Mark Hindley <mark@hindley.org.uk>
To: 294-done@bugs.devuan.org
Subject: Fixed in Debian #447701
Date: Thu, 16 Feb 2023 14:20:17 +0000
Version: 0.99.30-1

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Mon Apr 29 09:24:30 2024;