** Description changed: [ Impact ] PackageKit does not respect the "allow deps=false" flag in a RemovePackages transaction. Thus, uninstalling apps from simple graphical front-ends like the App Center may causes its core reverse-dependencies to be removed as well breaking the system in many cases. There exists a second, but weaker, safety-net implemented in graphical front-ends like the App Center which is to honour a bit of the application's metadata called "compulsory_for_desktop", by which the app itself is asking to be considered part of the core functionality of a certain desktop environment, preventing its removal when running such - desktop environment. This is not sufficient since the app itself might + desktop environment. This is not sufficient since any app itself might now know of which packages are marked as depending it. A stronger and better guarantee is for front-ends to invoke PackageKit with the `allow_deps=false` flag and for PackageKit to correctly honour it denying all transactions that would result in the removal of reverse- dependencies. [ Test Plan ] From an Ubuntu Desktop install, 1. Install the gnome-core metapackage $ sudo apt install gnome-core --no-install-recommends 2. Open App Center 3. Search for "Calculator" between Debian packages 4. Select "Calculator" (the gnome calculator) 5. Click Uninstall 6. Verify that the operation gracefully fails, since it would remove the gnome-core metapackage which was manually installed. [ Regression Test Plan - normal uninstall ] We shall still be able to uninstall packages that do not have strong dependencies on them. 1. Open App Center 2. Search for "showtime" between Debian packages 3. Select "Video Player" 4. Click Uninstall 5. Verify that the operation completed successfully [ Regression Test Plan - autoremove ] PackageKit should still allow removing other packages; the allow_deps=false restriction shall only apply to reverse-dependencies, and not to garbage-collected dependencies. 1. Install `gir1.2-packagekitglib-1.0` 1. In a terminal, run `pkgcli monitor` 2. In another terminal tab, open a python3 shell and run: >>> from gi.repository import PackageKitGlib >>> c = PackageKitGlib.Client() >>> c.remove_packages(0, ['gnome-core;1:49+10;amd64;'], False, True, None, lambda a,b,c: None, None) 3. Verify in the `pkgcli monitor` tab that the transaction completed successfully with gnome-core and its unused dependencies (like gnome-weather) being removed. [ Where problems could occur ] The patch affects removal of packages through the PackageKit interface, which is used by graphical package managers like KDE Discover, GNOME Software, Ubuntu App Center, etc... Problems would manifest when uninstalling packages from those apps.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2148474 Title: PackageKit ignores "allow_deps=false" for a RemovePackages transaction on Resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/2148474/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
