Sunday, September 8, 2019

Why would a new repository automatically install packages?


Is there a situation where a newly-added repository would need to install "dependency" packages before being asked to install anything new?


I just came across the following situation:


While my system was up-to-date, I added the Certbot repository (http://ppa.launchpad.net/certbot/certbot/ubuntu), and after running an update, nine packages were reported to be upgradable. I tried to do an upgrade and got the following:


$ sudo aptitude safe-upgrade
Resolving dependencies...
The following NEW packages will be installed:
  python3-certifi{a} python3-idna{a}
The following packages will be upgraded:
  python-chardet python-pkg-resources python-six python3-chardet python3-configobj python3-pkg-resources python3-requests python3-six python3-urllib3
9 packages upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 906 kB of archives. After unpacking 1,183 kB will be used.

I can understand packages being upgraded: the new repository has newer versions of packages already installed on my system, so they're marked for upgrade. But why is it trying to install new packages? The packages in question certainly seem relevant to the software on the repository, but why would they be installed automatically?


If they are a dependency for something on my system, how was it working before? How can I investigate exactly what's going on?


UPDATE


I checked the reverse dependencies with apt-cache; e.g.,


$ sudo apt-cache rdepends python3-certifi
python3-certifi
Reverse Depends:
python3-requests

With the Certbot repository disabled, I get


$ apt-cache depends python3-requests
python3-requests
Depends: python3-urllib3
Depends: 
    python3:i386
    python3
Depends: ca-certificates
Depends: python3-chardet
Depends: python3-urllib3

and when I enable it, I get


$ apt-cache depends python3-requests
python3-requests
Depends: python3-certifi
Depends: python3-chardet
Depends: python3-idna
Depends: python3-urllib3
Depends: 
    python3:i386
    python3
Depends: ca-certificates
Depends: python3-urllib3

So, I guess, the real question becomes: are package dependencies a function of available packages/repositories? I thought dependencies should be fixed: a package either requires another package to work (whether it is available to you or not) or it doesn't (in which case, it's not really a dependency).


System:



  • Kubuntu 16.04

  • Kernel 4.13.0-45-generic #50~16.04.1-Ubuntu 64-bit



Using the commands suggested by N0rbert and with some help from the good people at the OFTC #debian IRC channel, I traced it back through the packages and figured out why this happened, which is probably the most likely scenario when seeing unexplained new packages automatically installed:


The newly-added repository contained a newer version of an existing package, which was marked for upgrade. The new version of the upgraded package had a new dependency (that the older version didn't have), so the new dependency was marked for automatic installation.


For example, the upgraded version of the existing package python3-requests has python3-certifi as a new dependency, so the latter was marked for installation.


It was my fault that I originally missed the fact that the reverse dependency of python3-certifi (python3-requests) was one of the packages being upgraded.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

11.10 - Can't boot from USB after installing Ubuntu

I bought a Samsung series 5 notebook and a very strange thing happened: I installed Ubuntu 11.10 from a usb pen drive but when I restarted (...