xbps icon indicating copy to clipboard operation
xbps copied to clipboard
verified publisher icon void-linux

Packages that `replace` another circumvent dependency checks on installation

Open ahesford opened this issue 2 years ago • 1 comments

The package python3-Cython0.29 was created to provide a pre-3.0 version of Cython because half the dependants of python3-Cython will not build with 3.0 or later. The packages python3-Cython0.29 and python3-Cython conflict. This is usually not an issue because Cython is generally only a build-time dependency, so a package can hostmakedepend on one or the other as needed.

However, both urh and sagemath have run-time dependencies on python3-Cython0.29 (now; before the update to 3.0, they depended on python3-Cython). To smooth update paths for users, python3-Cython0.29 was marked replaces="python3-Cython>=0" while python3-Cython was marked replaces="python3-Cython0.29>=0" so that installing one will remove the other. Neither package provides the other because Cython 3 introduces breaking changes.

Installing or updating sagemath will cause python3-Cython0.29 to be installed as a dependency. Subsequently installing python3-Cython will succeed (removing python3-Cython0.29 in the process), although sagemath will now be broken because it is missing python3-Cython0.29

Steps to reproduce:

  1. [Optional] Install sagemath<=10.1_1, which depends on python3-Cython. Both packages are installed.
  2. Install (or update to) sagemath>=10.1_2, which depends on python3-Cython0.29. Both packages will be installed, removing an existing python3-Cython package if previously installed.
  3. Try removing python3-Cython0.29: 
    python3-Cython0.29-0.29.36_2 in transaction breaks installed pkg `sagemath-10.1_2'
Transaction aborted due to unresolved dependencies.
  4. Install python3-Cython>=3.0.2_1. This will succeed, removing python3-Cython0.29.
  5. Running xbps-pkgdb -a reports an unsatisfied dependency for sagemath: 
    ERROR: sagemath: dependency not satisfied: python3-Cython0.29>=0
  6. Updating (or force-reinstalling) sagemath will install python3-Cython0.29 and remove python3-Cython.

Expected behavior: Step 4 should detect the unresolved dependency in the transaction, preventing the installation of python3-Cython.

ahesford avatar Sep 01 '23 19:09 ahesford

It seems that the revdep check explicitly ignores removed packages that are being replaced. This seems like the wrong check. If a package is being removed but replaced by another, the replacement should probably be required to provide a virtual matching the removed dependency before the removal is ignored. I don't yet have enough of this logic in my head to consider this more sophisticated test and any possible complications resulting from it.

ahesford avatar Sep 03 '23 02:09 ahesford