Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Daiki Ueno]

Adam Williamson  writes:

>> > On Fri, 2017-10-13 at 10:38 -0700, Josh Stone wrote:
>> > > On 10/12/2017 05:34 PM, Adam Williamson wrote:
>> > > > In this case there's an even worse consequence; if you do attempt to
>> > > > update to nss 3.33.0 without nspr 4.17.0 dnf will 'skip' *most* of the
>> > > > nss packages (as it notices that they are missing dependencies), but it
>> > > > *will* install nss-softokn-freebl . With this mix of packages (most of
>> > > > nss at 3.32.0, but nss-softokn-freebl at 3.33.0), nss and anything that
>> > > > depends on it just fails to work at all - e.g. curl and dnf...so that's
>> > > > an extremely bad outcome.
>> > > 
>> > > Then isn't this a packaging bug?  They currently use ">=" requirements,
>> > > but if a greater version doesn't work, shouldn't they be "="?
>> > 
>> > Well, there's *additionally* probably a packaging bug, yeah: nss-
>> > softokn-freebl should be more strictly tied to the other packages.
>> 
>> I still don't figure out why this causes a problem.  nss-softokn-freebl
>> is parallel installable with older nss* packages and that could run into
>> a problem if nss-softokn-freebl used a new symbol from a newer nspr.
>> However, as far as I know nspr 4.17 doesn't add any new symbol so it's
>> shouldn't be a problem at least in this case.
>
> I definitely observed the half-upgraded case causing problems, but
> didn't really prove that it was the nss-softokn-freebl causing the
> problem, I guess. I suppose it could equally well just have been a
> mismatch between NSS 3.32.0 and NSPR 4.17.0?

I realized that this is an ABI issue between nss-softokn-freebl and
nss-util, not nspr.  The upstream bug[1] introduced the aligned malloc
functions which are only available in the newer nss-util package in
Fedora[2] (not that nss-softokn-freebl dlopen's nspr and nss-util).

I guess the fix would be to add either a versioned dependency on
nss-util or stubs for those functions in nss-softokn-freebl.

As this issue makes rpm non-functional, I would suggest people to ensure
that nss-util is updated to 3.33 before updating nss-softokn-freebl,
until it is fixed.

Footnotes: 
[1]  https://bugzilla.mozilla.org/show_bug.cgi?id=1390129

[2]  
https://taskotron.fedoraproject.org/artifacts/all/f2a2d24a-a82f-11e7-b9f4-525400817a8f/task_output/nss-util-3.33.0-1.0.fc26.log

Regards,
-- 
Daiki Ueno
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Matthew Miller]

On Fri, Oct 13, 2017 at 11:55:46AM -0400, Matthew Miller wrote:
> > That's far less important. Especially the distinction between
> > enhancement and newpackage, I think, barely matters.
> If we had this metadata for stuff that lands in Rawhide, it'd be
> useful, but since we don't, it's basically just fluff.

Actually, with the new "testing/batched" state (see recent messages to
this list), there is a functional difference: new packages skip the
batch by default. So, if you care about that, choose appropriately.

-- 
Matthew Miller

Fedora Project Leader
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Adam Williamson]

On Sat, 2017-10-14 at 07:41 +0200, Daiki Ueno wrote:
> Adam Williamson  writes:
> 
> > There are currently separate updates for nss 3.33.0 and nspr 4.17.0 in
> > both Fedora 26 and 27. However, nss 3.33.0 requires nspr 4.17.0.
> > 
> > As a reminder, this is a violation of the Updates Policy:
> > 
> > https://fedoraproject.org/wiki/Updates_Policy#Updating_inter-dependent_packages
> > 
> > "When one updated package requires another (or more than one other),
> > the packages should be submitted together as a single update."
> > 
> > The problem with doing things this way is that, if the nss update
> > happened to be pushed stable before the nspr update (which could easily
> > happen due to human error, network issues etc. even if the maintainer
> > *intends* to push them together!), the dependencies in the stable
> > repository will be broken; nss will not be installable.
> 
> Thank you for the reminder; there was indeed a fuss in updating nspr/nss
> this time.  I have submitted the nss updates for F27/F26 stable, after
> nspr 4.17 got pushed to stable.

Thanks a lot.

> > On Fri, 2017-10-13 at 10:38 -0700, Josh Stone wrote:
> > > On 10/12/2017 05:34 PM, Adam Williamson wrote:
> > > > In this case there's an even worse consequence; if you do attempt to
> > > > update to nss 3.33.0 without nspr 4.17.0 dnf will 'skip' *most* of the
> > > > nss packages (as it notices that they are missing dependencies), but it
> > > > *will* install nss-softokn-freebl . With this mix of packages (most of
> > > > nss at 3.32.0, but nss-softokn-freebl at 3.33.0), nss and anything that
> > > > depends on it just fails to work at all - e.g. curl and dnf...so that's
> > > > an extremely bad outcome.
> > > 
> > > Then isn't this a packaging bug?  They currently use ">=" requirements,
> > > but if a greater version doesn't work, shouldn't they be "="?
> > 
> > Well, there's *additionally* probably a packaging bug, yeah: nss-
> > softokn-freebl should be more strictly tied to the other packages.
> 
> I still don't figure out why this causes a problem.  nss-softokn-freebl
> is parallel installable with older nss* packages and that could run into
> a problem if nss-softokn-freebl used a new symbol from a newer nspr.
> However, as far as I know nspr 4.17 doesn't add any new symbol so it's
> shouldn't be a problem at least in this case.

I definitely observed the half-upgraded case causing problems, but
didn't really prove that it was the nss-softokn-freebl causing the
problem, I guess. I suppose it could equally well just have been a
mismatch between NSS 3.32.0 and NSPR 4.17.0?
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Daiki Ueno]

Adam Williamson  writes:

> There are currently separate updates for nss 3.33.0 and nspr 4.17.0 in
> both Fedora 26 and 27. However, nss 3.33.0 requires nspr 4.17.0.
>
> As a reminder, this is a violation of the Updates Policy:
>
> https://fedoraproject.org/wiki/Updates_Policy#Updating_inter-dependent_packages
>
> "When one updated package requires another (or more than one other),
> the packages should be submitted together as a single update."
>
> The problem with doing things this way is that, if the nss update
> happened to be pushed stable before the nspr update (which could easily
> happen due to human error, network issues etc. even if the maintainer
> *intends* to push them together!), the dependencies in the stable
> repository will be broken; nss will not be installable.

Thank you for the reminder; there was indeed a fuss in updating nspr/nss
this time.  I have submitted the nss updates for F27/F26 stable, after
nspr 4.17 got pushed to stable.

> On Fri, 2017-10-13 at 10:38 -0700, Josh Stone wrote:
>> On 10/12/2017 05:34 PM, Adam Williamson wrote:
>> > In this case there's an even worse consequence; if you do attempt to
>> > update to nss 3.33.0 without nspr 4.17.0 dnf will 'skip' *most* of the
>> > nss packages (as it notices that they are missing dependencies), but it
>> > *will* install nss-softokn-freebl . With this mix of packages (most of
>> > nss at 3.32.0, but nss-softokn-freebl at 3.33.0), nss and anything that
>> > depends on it just fails to work at all - e.g. curl and dnf...so that's
>> > an extremely bad outcome.
>> 
>> Then isn't this a packaging bug?  They currently use ">=" requirements,
>> but if a greater version doesn't work, shouldn't they be "="?
>
> Well, there's *additionally* probably a packaging bug, yeah: nss-
> softokn-freebl should be more strictly tied to the other packages.

I still don't figure out why this causes a problem.  nss-softokn-freebl
is parallel installable with older nss* packages and that could run into
a problem if nss-softokn-freebl used a new symbol from a newer nspr.
However, as far as I know nspr 4.17 doesn't add any new symbol so it's
shouldn't be a problem at least in this case.

Regards,
-- 
Daiki Ueno
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Adam Williamson]

On Fri, 2017-10-13 at 10:38 -0700, Josh Stone wrote:
> On 10/12/2017 05:34 PM, Adam Williamson wrote:
> > In this case there's an even worse consequence; if you do attempt to
> > update to nss 3.33.0 without nspr 4.17.0 dnf will 'skip' *most* of the
> > nss packages (as it notices that they are missing dependencies), but it
> > *will* install nss-softokn-freebl . With this mix of packages (most of
> > nss at 3.32.0, but nss-softokn-freebl at 3.33.0), nss and anything that
> > depends on it just fails to work at all - e.g. curl and dnf...so that's
> > an extremely bad outcome.
> 
> Then isn't this a packaging bug?  They currently use ">=" requirements,
> but if a greater version doesn't work, shouldn't they be "="?

Well, there's *additionally* probably a packaging bug, yeah: nss-
softokn-freebl should be more strictly tied to the other packages.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Josh Stone]

On 10/12/2017 05:34 PM, Adam Williamson wrote:
> In this case there's an even worse consequence; if you do attempt to
> update to nss 3.33.0 without nspr 4.17.0 dnf will 'skip' *most* of the
> nss packages (as it notices that they are missing dependencies), but it
> *will* install nss-softokn-freebl . With this mix of packages (most of
> nss at 3.32.0, but nss-softokn-freebl at 3.33.0), nss and anything that
> depends on it just fails to work at all - e.g. curl and dnf...so that's
> an extremely bad outcome.

Then isn't this a packaging bug?  They currently use ">=" requirements,
but if a greater version doesn't work, shouldn't they be "="?
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Matthew Miller]

On Thu, Oct 12, 2017 at 11:46:42PM -0700, Adam Williamson wrote:
> That's far less important. Especially the distinction between
> enhancement and newpackage, I think, barely matters.

If we had this metadata for stuff that lands in Rawhide, it'd be
useful, but since we don't, it's basically just fluff.

-- 
Matthew Miller

Fedora Project Leader
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Adam Williamson]

On Fri, 2017-10-13 at 08:16 +0200, Igor Gnatenko wrote:
> On Thu, 2017-10-12 at 17:34 -0700, Adam Williamson wrote:
> > There are currently separate updates for nss 3.33.0 and nspr 4.17.0
> > in
> > both Fedora 26 and 27. However, nss 3.33.0 requires nspr 4.17.0.
> > 
> > As a reminder, this is a violation of the Updates Policy:
> > 
> > https://fedoraproject.org/wiki/Updates_Policy#Updating_inter-dependen
> > t_packages
> > 
> > "When one updated package requires another (or more than one other),
> > the packages should be submitted together as a single update."
> 
> The problem I face myself is when update requires new packages. And in
> that case what kind of "type" should I choose? enhancement or
> newpackage?

That's far less important. Especially the distinction between
enhancement and newpackage, I think, barely matters.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Interdependent packages *must* go in the same update - a reminder (ref. nss and nspr)

[Igor Gnatenko]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2017-10-12 at 17:34 -0700, Adam Williamson wrote:
> There are currently separate updates for nss 3.33.0 and nspr 4.17.0
> in
> both Fedora 26 and 27. However, nss 3.33.0 requires nspr 4.17.0.
> 
> As a reminder, this is a violation of the Updates Policy:
> 
> https://fedoraproject.org/wiki/Updates_Policy#Updating_inter-dependen
> t_packages
> 
> "When one updated package requires another (or more than one other),
> the packages should be submitted together as a single update."
The problem I face myself is when update requires new packages. And in
that case what kind of "type" should I choose? enhancement or
newpackage?
> 
> The problem with doing things this way is that, if the nss update
> happened to be pushed stable before the nspr update (which could
> easily
> happen due to human error, network issues etc. even if the maintainer
> *intends* to push them together!), the dependencies in the stable
> repository will be broken; nss will not be installable.
> 
> In this case there's an even worse consequence; if you do attempt to
> update to nss 3.33.0 without nspr 4.17.0 dnf will 'skip' *most* of
> the
> nss packages (as it notices that they are missing dependencies), but
> it
> *will* install nss-softokn-freebl . With this mix of packages (most
> of
> nss at 3.32.0, but nss-softokn-freebl at 3.33.0), nss and anything
> that
> depends on it just fails to work at all - e.g. curl and dnf...so
> that's
> an extremely bad outcome.
> 
> If both packages are in a single update, we cannot run into this
> problem; either both packages get pushed stable or neither does. That
> is why updates to interdependent packages should *always* be grouped
> together. Please remember this, package maintainers. Thanks!
> 
> (note: this issue was caught by openQA, which tests individual
> updates
> from updates-testing, rather than enabling the repository wholesale,
> so
> it catches things like this.)
> -- 
> Adam Williamson
> Fedora QA Community Monkey
> IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin .
> net
> http://www.happyassassin.net
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org

- -- 
- -Igor Gnatenko
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEhLFO09aHZVqO+CM6aVcUvRu8X0wFAlngWlkACgkQaVcUvRu8
X0yx+RAAqecZPJyN1NrGnFwvT8WmRxTed4oP0dsfzz7mdvuuQKDcJClx7y4BxfP7
rQYy4xQwa7rbLRPMd86mnS69VQ+fm1cQp0VzunAqnCAI4+4Ra1BrTmDo+lp8rq9x
W0qxQuK+rbUxPv8P45w8HxZQNLT/xUtgEnPTG5eZBHzBmB05iIxS9Um8gvcoSkgQ
x7hm5f6qGIGsQO7QoG8YguLl9Me/6CWnza3ucBkUSVAQlgkJn3J3lKHP5cMSsfEz
Y1toLL5zsCHrngiJNq38DBzTTarpryzsWYpen2Z95FOnQ3/8LqxaEukSe2PTp5Ka
IYuAUnayRlR2l3JXFmSYNm7s+nKKRt+Uls37YvrZQEfoxDFoGZOl36WT8vEHwBQd
BByeG1n61V0Xu5DlgdVPIFRvFcw/tP8D8BY46nfvCLMBeYozDew9WOWr8ZGFhk/L
yfVufslG7w/d37e10ORWezyxVJDc6GtoXzkwcPJVIYCk8+ShfRZxsbtWnFbOPNy7
mmqqRpPEJLoNPN6YWhmFjdgXZPVNd2viIGf4ww5XRlO0LX6h7bRCHpj2h22fEM7o
fKAR6lu5uVJUcgRxOfGKHH67qcZby9mgpEtrbqaOTc+4pMHIcvrIZ4MdUQxsU8Hu
lR/4KoFGwb+QQF1CE62Jzl4759nGaoWMKXLepHK8VwRZZAufOOE=
=SZdk
-END PGP SIGNATURE-
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org