On Mon, Jun 18, 2018 at 07:55:31PM -0700, Ximin Luo wrote: > Package: dpkg > Version: 1.19.0.5+b1 > Severity: wishlist > > Dear Maintainer, > > The Rust package manager Cargo, makes it possible to declare two-sided version > constraint ranges such as X (>= 6, << 7). In dpkg, historically this has been > expressed by declaring two one-sided version constraint ranges for the same > package like X (>= 6), X (<< 7), however this is not sufficient for Cargo due > to its other feature of allowing transitive dependencies on multiple versions > of the same package. > > Currently to support this we are creating packages called X-$version, and > declaring Provides: X (= $version). This breaks in the following situation: > > mdbook 0.1.7 transitively depends on slab 0.1.3, 0.3.0, and 0.4.0, via mio > 0.5.1, > mio 0.6.14, and ws-0.7.6. These dependencies are declared as: > > mio-0.5.1/debian/control: librust-slab+default-dev (>= 0.1.0~~), > mio-0.5.1/debian/control: librust-slab+default-dev (<< 0.2~~), > ws-0.7.6/debian/control: librust-slab+default-dev (>= 0.3~~), > ws-0.7.6/debian/control: librust-slab+default-dev (<< 0.4~~), > mio-0.6.14/debian/control: librust-slab+default-dev (>= 0.4.0~~), > mio-0.6.14/debian/control: librust-slab+default-dev (<< 0.5~~),
While I *would* like to see support for version intervals, this particular issue is a bug introduced through changes to debcargo. The original debcargo intentionally generated versioned dependencies on packages like librust-slab-0.3+default-dev rather than librust-slab+default-dev. That would prevent this issue. Quoting the relevant commit message: > Always include ABI version in package name; drop --multi > > Using versioned Provides to allow packages to include or omit the > package name doesn't work in all cases; in particular, in some cases, it > could allow satisfying the Debian package dependencies without > satisfying the cargo dependencies, by installing multiple different > providers of the package name simultaneously, none of which meet all the > constraints. > > Switch to always including versions in the package names, and change > dependencies to include the version of the target package. Add > error-handling to dependency processing, to bail out on unrepresentable > dependencies. That change evidently got dropped as part of further changes to debcargo (and the Rust packaging policy). Re-adding that will eliminate this issue. (Two-sided version constraints will make it possible, in the future, to avoid the "unrepresentable dependencies" mentioned above; however, those don't occur often.) - Josh Triplett
