[Bug 2078436] [NEW] Reject upgrades if packages are installed in a higher version than the target release
Julian Andres Klode
2078436 at bugs.launchpad.net
Fri Aug 30 09:52:50 UTC 2024
Public bug reported:
PPAs shipping a newer version of key system packages is a significant
problem and leads to long and complex to identify bugs such as
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-
upgrader/+bug/2078376
We should not upgrade systems that have replaced system packages (or
added packages that become core system packages) with PPAs.
My proposal basically entails the following:
* Identify seeded packages as "in main or has the Task field set". This
is a bit lossy as not all seeded packages have the Task field set, but
it is better than nothing. Alternatively we can embed seeds?
* After we have rewritten the sources and disabled third-party
repositories, bail out on upgrades if any of the identified seeded
packages have a higher installed version than is available in the
repository; this can be done by
for package in cache:
if not package.current_ver: continue
if not <is seeded>: continue
cand = get candidate
if not cand.is_downloadable:
raise SomeError(f"The seeded package {package.name} is installed from a third-party repository or in an inconsistent state)
(Relying on the properties that (a) if the installed version is higher than the target release, it is the candidate and (b) if we disable the third-party repositories, it is no longer downloadable)
** Affects: ubuntu-release-upgrader (Ubuntu)
Importance: Undecided
Status: New
** Tags: rls-oo-incoming
** Tags added: rls-oo-incoming
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/2078436
Title:
Reject upgrades if packages are installed in a higher version than the
target release
Status in ubuntu-release-upgrader package in Ubuntu:
New
Bug description:
PPAs shipping a newer version of key system packages is a significant
problem and leads to long and complex to identify bugs such as
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-
upgrader/+bug/2078376
We should not upgrade systems that have replaced system packages (or
added packages that become core system packages) with PPAs.
My proposal basically entails the following:
* Identify seeded packages as "in main or has the Task field set".
This is a bit lossy as not all seeded packages have the Task field
set, but it is better than nothing. Alternatively we can embed seeds?
* After we have rewritten the sources and disabled third-party
repositories, bail out on upgrades if any of the identified seeded
packages have a higher installed version than is available in the
repository; this can be done by
for package in cache:
if not package.current_ver: continue
if not <is seeded>: continue
cand = get candidate
if not cand.is_downloadable:
raise SomeError(f"The seeded package {package.name} is installed from a third-party repository or in an inconsistent state)
(Relying on the properties that (a) if the installed version is higher than the target release, it is the candidate and (b) if we disable the third-party repositories, it is no longer downloadable)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/2078436/+subscriptions
More information about the foundations-bugs
mailing list