[Bug 1979244] Re: libssl-dev : Depends: libssl3 (= 3.0.2-0ubuntu1.1) but 3.0.2-0ubuntu1.2 is to be installed

Julian Andres Klode 1979244 at bugs.launchpad.net
Thu Jun 23 10:15:55 UTC 2022 

The same problem now happens with libsystemd0 and libsystemd-dev.

We rolled the change out in 21.10 to avoid regressing 22.04 with bugs,
but only received a single instance of this issue back then which was
dismissed, maybe a bit too quickly as something known that needs to be
resolved in launchpad (bug 1929082).

** Description changed:

+ [Impact]
+ Users cannot install a package, e.g. libssl-dev, if built from the same source as another installed update while it is phasing.
+ 
+ In the example below, libssl3 3.0.2-0ubuntu1.2 update was already
+ installed, this got replaced in the archive with a 3.0.2-0ubuntu1.4
+ update that was phasing and the system in question was not eligible for
+ it yet.
+ 
+ Because the system was not eligible for openssl 3.0.2-0ubuntu1.4, it
+ picked libssl-dev=3.0.2-0ubuntu1.1 from the security pocket as the
+ candidate instead, which conflicts with the higher version of libssl3.
+ 
+ [Approach]
+ As a workaround for this bug, we will limit phasing to when you use the upgrade/dist-upgrade commands. This will mean that the install command below would pick libssl-dev=3.0.2-0ubuntu1.4 and upgrade libssl3 to the same version, despite this not having phased for us yet.
+ 
+ This means that trying to do apt dist-upgrade libssl-dev and similar
+ (trying to upgrade and install at the same time) would still not work,
+ but that is a minor concern compared to the current issue.
+ 
+ Once launchpad bug 1929082 is resolved, that change will be reverted,
+ and the algorithm for apt changed such that whenever the installed
+ version is larger than the latest "for us" available version (as in, the
+ only newer versions available are still phasing), it will ignore the
+ phasing. This will be dealt with in a separate bug report.
+ 
+ [Test case]
+ Integration tests will be provided and run as autopkgtests, testing the scenarios described in this issue and comment #10. This cannot necessarily be tested on the real archive as you need packages phasing and have an older version installed.
+ 
+ [Regression potential]
+ Systems may end up with more packages installed that have not phased enough for them yet, getting somewhat closer to the pre-impish state where apt did not respect phasing at all. Specifically, apt install libssl3
+ below would upgrade libssl3 to the version we are not yet eligible for.
+ 
+ [Example]
+ 
  libmysqlclient-dev on Jammy cannot be installed due to unmet
  dependencies
  
  $ apt policy libmysqlclient-dev
  libmysqlclient-dev:
-   Installed: (none)
-   Candidate: 8.0.29-0ubuntu0.22.04.2
-   Version table:
-      8.0.29-0ubuntu0.22.04.2 500
-         500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
-         500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
-      8.0.28-0ubuntu4 500
-         500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
+   Installed: (none)
+   Candidate: 8.0.29-0ubuntu0.22.04.2
+   Version table:
+      8.0.29-0ubuntu0.22.04.2 500
+         500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
+         500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
+      8.0.28-0ubuntu4 500
+         500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
  $ sudo 'apt-get' '--option=Dpkg::Options::=--force-confold' '--assume-yes' 'install' 'libmysqlclient-dev'
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:
  
  The following packages have unmet dependencies:
-  libssl-dev : Depends: libssl3 (= 3.0.2-0ubuntu1.1) but 3.0.2-0ubuntu1.2 is to be installed
+  libssl-dev : Depends: libssl3 (= 3.0.2-0ubuntu1.1) but 3.0.2-0ubuntu1.2 is to be installed
  E: Unable to correct problems, you have held broken packages.

** Description changed:

  [Impact]
  Users cannot install a package, e.g. libssl-dev, if built from the same source as another installed update while it is phasing.
  
  In the example below, libssl3 3.0.2-0ubuntu1.2 update was already
  installed, this got replaced in the archive with a 3.0.2-0ubuntu1.4
  update that was phasing and the system in question was not eligible for
  it yet.
  
  Because the system was not eligible for openssl 3.0.2-0ubuntu1.4, it
  picked libssl-dev=3.0.2-0ubuntu1.1 from the security pocket as the
  candidate instead, which conflicts with the higher version of libssl3.
  
  [Approach]
  As a workaround for this bug, we will limit phasing to when you use the upgrade/dist-upgrade commands. This will mean that the install command below would pick libssl-dev=3.0.2-0ubuntu1.4 and upgrade libssl3 to the same version, despite this not having phased for us yet.
  
  This means that trying to do apt dist-upgrade libssl-dev and similar
  (trying to upgrade and install at the same time) would still not work,
  but that is a minor concern compared to the current issue.
  
  Once launchpad bug 1929082 is resolved, that change will be reverted,
  and the algorithm for apt changed such that whenever the installed
- version is larger than the latest "for us" available version (as in, the
- only newer versions available are still phasing), it will ignore the
- phasing. This will be dealt with in a separate bug report.
+ version is larger than the latest "for us" available version for any
+ binary in the source package (as in, the only newer versions available
+ are still phasing), it will ignore the phasing. This will be dealt with
+ in a separate bug report.
  
  [Test case]
  Integration tests will be provided and run as autopkgtests, testing the scenarios described in this issue and comment #10. This cannot necessarily be tested on the real archive as you need packages phasing and have an older version installed.
  
  [Regression potential]
  Systems may end up with more packages installed that have not phased enough for them yet, getting somewhat closer to the pre-impish state where apt did not respect phasing at all. Specifically, apt install libssl3
  below would upgrade libssl3 to the version we are not yet eligible for.
  
  [Example]
  
  libmysqlclient-dev on Jammy cannot be installed due to unmet
  dependencies
  
  $ apt policy libmysqlclient-dev
  libmysqlclient-dev:
    Installed: (none)
    Candidate: 8.0.29-0ubuntu0.22.04.2
    Version table:
       8.0.29-0ubuntu0.22.04.2 500
          500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
       8.0.28-0ubuntu4 500
          500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
  $ sudo 'apt-get' '--option=Dpkg::Options::=--force-confold' '--assume-yes' 'install' 'libmysqlclient-dev'
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:
  
  The following packages have unmet dependencies:
   libssl-dev : Depends: libssl3 (= 3.0.2-0ubuntu1.1) but 3.0.2-0ubuntu1.2 is to be installed
  E: Unable to correct problems, you have held broken packages.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1979244

Title:
  libssl-dev : Depends: libssl3 (= 3.0.2-0ubuntu1.1) but
  3.0.2-0ubuntu1.2 is to be installed

Status in MySQL InnoDB Cluster Charm:
  Invalid
Status in apt package in Ubuntu:
  New
Status in apt source package in Jammy:
  New

Bug description:
  [Impact]
  Users cannot install a package, e.g. libssl-dev, if built from the same source as another installed update while it is phasing.

  In the example below, libssl3 3.0.2-0ubuntu1.2 update was already
  installed, this got replaced in the archive with a 3.0.2-0ubuntu1.4
  update that was phasing and the system in question was not eligible
  for it yet.

  Because the system was not eligible for openssl 3.0.2-0ubuntu1.4, it
  picked libssl-dev=3.0.2-0ubuntu1.1 from the security pocket as the
  candidate instead, which conflicts with the higher version of libssl3.

  [Approach]
  As a workaround for this bug, we will limit phasing to when you use the upgrade/dist-upgrade commands. This will mean that the install command below would pick libssl-dev=3.0.2-0ubuntu1.4 and upgrade libssl3 to the same version, despite this not having phased for us yet.

  This means that trying to do apt dist-upgrade libssl-dev and similar
  (trying to upgrade and install at the same time) would still not work,
  but that is a minor concern compared to the current issue.

  Once launchpad bug 1929082 is resolved, that change will be reverted,
  and the algorithm for apt changed such that whenever the installed
  version is larger than the latest "for us" available version for any
  binary in the source package (as in, the only newer versions available
  are still phasing), it will ignore the phasing. This will be dealt
  with in a separate bug report.

  [Test case]
  Integration tests will be provided and run as autopkgtests, testing the scenarios described in this issue and comment #10. This cannot necessarily be tested on the real archive as you need packages phasing and have an older version installed.

  [Regression potential]
  Systems may end up with more packages installed that have not phased enough for them yet, getting somewhat closer to the pre-impish state where apt did not respect phasing at all. Specifically, apt install libssl3
  below would upgrade libssl3 to the version we are not yet eligible for.

  [Example]

  libmysqlclient-dev on Jammy cannot be installed due to unmet
  dependencies

  $ apt policy libmysqlclient-dev
  libmysqlclient-dev:
    Installed: (none)
    Candidate: 8.0.29-0ubuntu0.22.04.2
    Version table:
       8.0.29-0ubuntu0.22.04.2 500
          500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
       8.0.28-0ubuntu4 500
          500 http://nova.clouds.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
  $ sudo 'apt-get' '--option=Dpkg::Options::=--force-confold' '--assume-yes' 'install' 'libmysqlclient-dev'
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:

  The following packages have unmet dependencies:
   libssl-dev : Depends: libssl3 (= 3.0.2-0ubuntu1.1) but 3.0.2-0ubuntu1.2 is to be installed
  E: Unable to correct problems, you have held broken packages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-mysql-innodb-cluster/+bug/1979244/+subscriptions

More information about the foundations-bugs mailing list