Processed: Re: Bug#1015883: /usr/bin/update-alternatives: update-alternatives: manualy selected choice is overriden by apt-get dist-upgrade

2022-07-26 Thread Debian Bug Tracking System 
Processing control commands:

> reassign -1 src:openjdk-11
Bug #1015883 [dpkg] /usr/bin/update-alternatives: update-alternatives: manualy 
selected choice is overriden by apt-get dist-upgrade
Bug reassigned from package 'dpkg' to 'src:openjdk-11'.
No longer marked as found in versions dpkg/1.20.11.
Ignoring request to alter fixed versions of bug #1015883 to the same values 
previously set
> retitle -1 openjdk: Removes alternatives on deconfigure losing manual state
Bug #1015883 [src:openjdk-11] /usr/bin/update-alternatives: 
update-alternatives: manualy selected choice is overriden by apt-get 
dist-upgrade
Changed Bug title to 'openjdk: Removes alternatives on deconfigure losing 
manual state' from '/usr/bin/update-alternatives: update-alternatives: manualy 
selected choice is overriden by apt-get dist-upgrade'.

-- 
1015883: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015883
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1015883: /usr/bin/update-alternatives: update-alternatives: manualy selected choice is overriden by apt-get dist-upgrade

2022-07-26 Thread Guillem Jover 
Control: reassign -1 src:openjdk-11
Control: retitle -1 openjdk: Removes alternatives on deconfigure losing manual 
state

[ Leaving enough context for the reassign. ]

Hi!

On Sat, 2022-07-23 at 02:00:15 +0200, Richard Z wrote:
> Package: dpkg
> Version: 1.20.11
> Severity: normal
> File: /usr/bin/update-alternatives
> X-Debbugs-Cc: r...@linux-m68k.org

> on my system I have both i386 and amd64 versions of Java. I used
> update-alternatives to select am64 version while the proimary architecture
> is i386. My configuration looked like
> 
> # update-alternatives --config java
> There are 2 choices for the alternative java (providing /usr/bin/java).
> 
>   SelectionPath Priority   Status
> 
>   0/usr/lib/jvm/java-11-openjdk-i386/bin/java  auto
> mode
> * 1/usr/lib/jvm/java-11-openjdk-amd64/bin/java   1110  manual
> mode
>   2/usr/lib/jvm/java-11-openjdk-i386/bin/java  manual
> mode
> 
> While doing "apt-get dist-upgrade" I saw following messages in the console:
> update-alternatives: removing manually selected alternative - switching java 
> to
> auto mode
> update-alternatives: using /usr/lib/jvm/java-11-openjdk-i386/bin/java to
> provide /usr/bin/java (java) in auto mode
> 
> and the resulting configuration looked like this:
> 
> 
> # update-alternatives --config java
> There are 2 choices for the alternative java (providing /usr/bin/java).
> 
>   SelectionPath Priority   Status
> 
> * 0/usr/lib/jvm/java-11-openjdk-i386/bin/java  auto
> mode
>   1/usr/lib/jvm/java-11-openjdk-amd64/bin/java   1110  manual
> mode
>   2/usr/lib/jvm/java-11-openjdk-i386/bin/java  manual
> mode
> 
> My understanding of the manpage of update-alternatives is that once manual 
> mode
> is selected it should not be changed back to auto mode by an action like
> updating
> the package?
> Or how else should I achieve the desired effect?

This is due to the openjdk-NN-jre and openjdk-NN-jre-headless
prerm maintscripts removing the alternatives during «deconfigure»,
which can cause the lose of manual state during upgrades. This is
documented in the update-alternatives man page.

This should be fixed in all current openjdk versions, just reassigning
to the one affected by this report, and leaving the rest to the
maintainer.

> -- Package-specific info:
> System tainted due to merged-usr-via-aliased-dirs.
> 
> -- System Information:
> Debian Release: 11.4
>   APT prefers stable-security
>   APT policy: (500, 'stable-security'), (500, 'stable'), (100, 'testing')
> Architecture: i386 (x86_64)
> Foreign Architectures: amd64
> 
> Kernel: Linux 5.10.0-16-amd64 (SMP w/2 CPU threads)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
> LANGUAGE=en_US:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled

Thanks,
Guillem

Bug#1016087: dpkg: errors about cannot verify signature fpr assorted packages

2022-07-26 Thread Tim McConnell 
Package: dpkg
Version: 1.21.9
Severity: normal
X-Debbugs-Cc: tmcconnell...@gmail.com

Dear Maintainer,

What led up to the situation? Normal upgrading of system

What exactly did you do (or not do) that was effective (or ineffective)? Unsure
these messages started appearing.

What was the outcome of this action? I now receive multiple lines of: gpgv:
Signature made Fri 24 Oct 2014 06:23:17 PM CDT
gpgv:using RSA key F664D256B4691A7D
gpgv: Can't check signature: No public key
dpkg-source: warning: cannot verify signature
/var/cache/apt/sources/libtrio_1.16+dfsg1-3.dsc
gpgv: Signature made Tue 03 May 2022 09:04:38 PM CDT
gpgv:using RSA key A1489FE2AB99A21A
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify signature /var/cache/apt/sources/r-cran-
quantreg_5.93-1.dsc
gpgv: Signature made Wed 20 Jul 2022 05:25:03 AM CDT
gpgv:using RSA key A1489FE2AB99A21A
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify signature /var/cache/apt/sources/r-cran-
quantreg_5.94-1.dsc
apt-listdifferences: removing old src:r-cran-quantreg 5.93-1
gpgv: Signature made Fri 27 May 2022 04:42:52 AM CDT
gpgv:using RSA key 5F2A9FB82FA6C1E1077007072D191C8843B13F4D
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify signature
/var/cache/apt/sources/kconfig_5.94.0-3.dsc
gpgv: Signature made Sat 23 Jul 2022 05:20:34 AM CDT
gpgv:using RSA key 5F2A9FB82FA6C1E1077007072D191C8843B13F4D
gpgv: Note: signatures using the SHA1 algorithm are rejected
gpgv: Can't check signature: Bad public key
dpkg-source: warning: cannot verify signature
/var/cache/apt/sources/kconfig_5.94.0-4.dsc

When running this command `apt-get dist-upgrade -y -m`

What outcome did you expect instead? To be sure I'm getting packages from an
uncompromised repo.


-- Package-specific info:
This system uses merged-usr-via-aliased-dirs, going behind dpkg's
back, breaking its core assumptions. This can cause silent file
overwrites and disappearances, and its general tools misbehavior.
See .

-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.18.0-2-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dpkg depends on:
ii  libbz2-1.0   1.0.8-5
ii  libc62.33-8
ii  liblzma5 5.2.5-2.1
ii  libselinux1  3.4-1+b1
ii  tar  1.34+dfsg-1
ii  zlib1g   1:1.2.11.dfsg-4

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt2.5.1
ii  debsig-verify  0.25+b1

-- no debconf information