Thursday 21 June 2018

Re: broken packages in xenial-updates

I've added a merge proposal for sru-release

I believe it will improve the situation by insisting on order and that some
packages will go in together.

Also, I did dig a bit more, and it looks like the core of the issue in my
original post can be seen at

linux-meta-hwe went into security 11 minutes before linux-hwe.



let
On Wed, Jun 13, 2018 at 12:39 PM, Scott Moser <smoser@ubuntu.com> wrote:
We have a curtin test that runs (simplified)
  apt-get update
  apt-get install linux-image-generic-hwe-16.04
The jenkins run [1] failed on Monday (06-11), console log at [2] with
the following:

|  Some packages could not be installed. This may mean that you have
|  requested an impossible situation or if you are using the unstable
|  distribution that some required packages have not yet been created
|  or been moved out of Incoming.
|  The following information may help to resolve the situation:
|  The following packages have unmet dependencies:
|   linux-image-generic-hwe-16.04 :
|      Depends: linux-image-4.13.0-45-generic but it is not installable
|      Depends: linux-image-extra-4.13.0-45-generic but it is not installable
|      Recommends: thermald but it is not going to be installed
|  E: Unable to correct problems, you have held broken packages.

So it would appear that we hit an unfortunate race when
linux-meta-hwe [3] was in xenial-updates but linux-hwe [4] was not.

Per the email time stamps in those messages there was a 4 second window
when this could have occurred.  We hit this issue around 15:36, around 20
minutes after the time stamp on the xenial-changes email (15:14).
I realize that you probably can't trust those timestamps 100%, that
the publisher runs on some cycle, and that archive sync is non-atomic.

If the email messages are to be believed, linux-meta-hwe [3]
was accepted before linux-hwe [4].  linux-meta-hwe depends on a specific
version of linux-hwe, but linux-hwe has no dependency on linux-meta-hwe.
It seems that at very least linux-hwe should be let in before
linux-meta-hwe.
We've seen similar issues with grub2 and grub2-signed.  I believe those
two are co-dependent making them trickier.

This is a stable release that had its canonical archive
in a broken state.  Can anything be done to stop this from occurring?

Scott

--
[1] https://jenkins.ubuntu.com/server/view/cloud-init,%20curtin,%20streams/job/curtin-vmtest-daily-x/120/
[2] http://paste.ubuntu.com/p/23JwPy76tY/
[3] https://lists.ubuntu.com/archives/xenial-changes/2018-June/021385.html
[4] https://lists.ubuntu.com/archives/xenial-changes/2018-June/021386.html