Hello all,
Trying to get some clarity on an issue we recently sorted out, was hoping you
might be able to shed some light. This may be more of an 'apt' question than a
debootstrap question...
1. We have a repository of Deb packages that has been curated for various
purposes
2. In the past we've been able to use debootstrap to build a chroot environment
from those packages
3. Recently debootstrap began to fail with a non-descript error (attempting to
install a package with a zero-length name) which turned out to be part of
pre-dependency resolution. The precise error was:
W: Failure trying to run: chroot "/path/to/chroot" dpkg --force-overwrite
--force-confold --skip-same-version --install
4. We further tracked this down to two conflicting bits of behavior
a. Our apt repo tool (aptly) *appends* packages to the metadata file in the
order they're uploaded. So, for instance e2fsprogs version 1.44.5-1 appears
*before* 1.44.5-1+deb10u1.
b. Debootstrap appears to fetch the *first* version of each package that it
looks for. So in phase 2 (installing packages and resolving dependencies) it
gets "stuck" if the package version that it downloaded (1.44.5-1) is too old to
fulfill a pre-dependency (1.44.5-1+deb10u1). I even tried using the
make-tarball/unpack-tarball to inject the newer package version, but the same
error would occur.
5. From looking at the official metadata for buster and buster-updates, it
seems like the convention is to *remove* the old package versions. And indeed,
doing this in our repo caused debootstrap to fetch our new package versions and
run successfully.
So my questions...
1. Is it intended that debootstrap only grabs the first package version it
finds, then neglects to fetch the newer version if it's needed for a
pre-dependency? Is it worth scraping the rest of the metadata for newer package
versions?
2. I'm fairly certain I've installed "old" package versions before (e.g. apt
install foo=n-1). Are the conditions for old packages being removed or retained
described anywhere? Looking at the PointReleaseChecklist
(https://wiki.debian.org/Teams/ReleaseTeam/PointReleaseCheckList) and bullet #5
above it looks like old packages do in fact get removed, but are there
situations where they are retained?
Thanks,
