Bug#953562: Bug#974552: upgrade-reports: libc6/libcrypt split breaks perl during buster->bullseye upgrade

2021-04-15 Thread Niko Tyni 
On Wed, Apr 14, 2021 at 08:50:46PM +0200, Paul Gevers wrote:
> Hi Ivo, Marco,
> 
> On 06-04-2021 22:10, Ivo De Decker wrote:
> > I ran a number of (partial and full) upgrade tests, and they all seem to 
> > work
> > fine. In all cases, libcrypt1 is installed before libc6, and there is no
> > intermediate situations where libcrypt.so.1 is missing.
> 
> The patch looks sensible after reading the discussion in these bugs. Can
> we have an upload soon to have exposure?

Hi, thanks for your work on this and sorry I'm chiming in so late.

I'm concerned that AFAICS no change in src:libxcrypt can make sure that
the new libc6 is never unpacked before libcrypt1.

  (buster-amd64)# dpkg --unpack libc6_2.31-11_amd64.deb 
  (Reading database ... 12224 files and directories currently installed.)
  Preparing to unpack libc6_2.31-11_amd64.deb ...
  debconf: unable to initialize frontend: Dialog
  debconf: (No usable dialog-like program is installed, so the dialog based 
frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 
76.)
  debconf: falling back to frontend: Readline
  Unpacking libc6:amd64 (2.31-11) over (2.28-10) ...
  (buster-amd64)# perl
  perl: error while loading shared libraries: libcrypt.so.1: cannot open shared 
object file: No such file or directory
 
It may well be enough to make this improbable enough in practice. Ivo's
testing certainly seems to indicate so. It still makes me a bit uneasy.

I'm happy to be proved wrong of course. Do the Important or Protected
fields in the patch affect apt's behaviour in this, for instance?

The solution Aurelien mentioned of copying the old libcrypt in
libc6.preinst and cleaning up in libc6.postinst would eliminate this
failure mode totally. But I can see it's not very desirable and may be
hard to make robust.

Just wanted to bring this up explicitly. Not objecting if we deem the
risk of remaining corner case issues small enough that it's worth taking.
-- 
Niko

Bug#953562: Bug#974552: upgrade-reports: libc6/libcrypt split breaks perl during buster->bullseye upgrade

2021-04-15 Thread Ivo De Decker 
Hi Marco,

On Thu, Apr 15, 2021 at 02:27:10PM +0200, Marco d'Itri wrote:
> On Apr 14, Paul Gevers  wrote:
> 
> > The patch looks sensible after reading the discussion in these bugs. Can
> > we have an upload soon to have exposure?
> Unless there are any objections I will do a libxcrypt upload in a couple 
> of days.

OK, thanks!

> I think that I can leave the udeb library in /usr/lib/.

Yes. There is no upgrade issue there, and making sure the udeb doesn't change
avoids potential issues with the installer.

Ivo

Bug#953562: Bug#974552: upgrade-reports: libc6/libcrypt split breaks perl during buster->bullseye upgrade

2021-04-06 Thread Ivo De Decker 
Hi,

On Fri, Mar 19, 2021 at 04:52:57PM +0100, Ivo De Decker wrote:
> > > I wonder if all this might be caused by the breaks from libcrypt1 (against
> > > libc6 (<< 2.29-4)). Is there a way to remove the breaks without causing
> > > issues?  Maybe this is somewhat similar to the situation in
> 
> I tried this with a modified libcrypt1 binary (removing the breaks), and it
> fails (/lib/x86_64-linux-gnu/libcrypt.so.1 is missing after the libc6 unpack).
> I guess that's because of #953562: libc6 shipped
> /lib/x86_64-linux-gnu/libcrypt.so.1 while libcrypt1 ships
> /usr/lib/x86_64-linux-gnu/libcrypt.so.1 Obviously, for dpkg these are 2
> different files, but on a system with merged /usr they are not.

I created a patch to move libcrypt back to /lib, and that seems to solve the
issue. The patch is attached. With this patch, libcrypt1 is installed before
libc6 is upgraded, and the takeover of the library works correctly.

This also fixes #953562, which reported that this move is necessary.

Note that the original move from /lib to /usr/lib was more complicated than my
patch:
https://salsa.debian.org/md/libxcrypt/-/commit/1fb86fde5410088580f8032834037facb26d2d49
I didn't look into the details of the -dev package, because they are not
relevant to this bug. The patch might need to be adapted.


I ran a number of (partial and full) upgrade tests, and they all seem to work
fine. In all cases, libcrypt1 is installed before libc6, and there is no
intermediate situations where libcrypt.so.1 is missing.

> > The problem of removing the break, is that we loose the possibility of
> > downgrades. Is it something acceptable?
> 
> Well, I guess if that is the cost of not breaking people's systems on upgrade,
> that sounds like an acceptable trade-off. But I might be overlooking certain
> scenarios.
> 
> 
> > > https://bugs.debian.org/972936#24: libgcc-s1 takes over binaries from 
> > > libgcc1,
> > > but only 'replaces' it, without breaks (note that extra steps had to be 
> > > taken
> > > to avoid further issues (adding Important: yes and Protected: yes)).
> > 
> > Are this extra-steps basically required to prevent downgrades?
> 
> They are required to prevent you from removing libcrypt1 again: on a buster
> system, install such a hypothetical libcrypt1 from bullseye (which takes over
> libcrypt.so.1). Then remove that again. Now libcrypt.so.1 is missing. If the
> breaks is present, libcrypt1 can only be installed together with the new
> libc6, which prevents you from removing libcrypt1 afterwards.

As in #972936, my patch adds Important and Protected, which prevents removal of
libcrypt1 once it's installed.

Cheers,

Ivo

diff --git a/debian/changelog b/debian/changelog
index b5088dc..16d25ff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+libxcrypt (2:4.4.17-1.1) UNRELEASED; urgency=medium
+
+  * Make sure takeover of libcrypt.so.1 from libc6 works correctly on upgrades
+from buster to bullseye (Closes: #974552):
+- Move the library back from /usr/lib/ to /lib/, because that's where it
+  was in the old libc6 (Closes: #953562)
+- Remove breaks from libcrypt1, to allow installing libcrypt1 before libc6
+  is upgraded
+- Mark libcrypt1 as Important and Protected, to prevent removal after a
+  partial upgrade
+
+ -- Ivo De Decker   Tue, 06 Apr 2021 19:46:44 +
+
 libxcrypt (1:4.4.17-1) unstable; urgency=medium
 
   * New upstream release.
diff --git a/debian/control b/debian/control
index 35939dd..a2ae60a 100644
--- a/debian/control
+++ b/debian/control
@@ -16,11 +16,8 @@ Architecture: any
 Multi-Arch: same
 Pre-Depends: ${misc:Pre-Depends}
 Depends: ${shlibs:Depends}, ${misc:Depends}
-Breaks:
- libc6 (<< 2.29-4),
- libc6.1 (<< 2.29-4) [alpha ia64],
- libc0.1 (<< 2.29-4) [kfreebsd-amd64 kfreebsd-i386],
- libc0.3 (<< 2.29-4) [hurd-i386],
+XB-Important: yes
+Protected: yes
 Replaces:
  libc6 (<< 2.29-4),
  libc6.1 (<< 2.29-4) [alpha ia64],
diff --git a/debian/libcrypt-dev.files b/debian/libcrypt-dev.files
index 94387de..fc172a1 100644
--- a/debian/libcrypt-dev.files
+++ b/debian/libcrypt-dev.files
@@ -1,5 +1,5 @@
 /usr/include/
 /usr/share/man/
-/usr/lib/*/pkgconfig/
-/usr/lib/*/*.a
-/usr/lib/*/*.so
+/lib/*/pkgconfig/
+/lib/*/*.a
+/lib/*/*.so
diff --git a/debian/rules b/debian/rules
index 2969306..26f2bcd 100755
--- a/debian/rules
+++ b/debian/rules
@@ -34,11 +34,11 @@ CONFFLAGS = --disable-werror --prefix=/usr \
 CONFFLAGS_deb  = $(CONFFLAGS) \
   $(shell DEB_BUILD_MAINT_OPTIONS="hardening=+bindnow" \
 dpkg-buildflags --export=configure || true) \
-  --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)
+  --libdir=/lib/$(DEB_HOST_MULTIARCH)
 CONFFLAGS_udeb = $(CONFFLAGS) \
   $(subst -O2,-Os -fomit-frame-pointer,$(shell DEB_BUILD_MAINT_OPTIONS="hardening=-all" \
 dpkg-buildflags --export=configure || true)) \
-  --libdir=/usr/lib
+  --libdir=/lib
 
 ##
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture